From a0f9d20e6361f02824df6e3e574c4fd38094de5e Mon Sep 17 00:00:00 2001
From: Robert Yokota <rayokota@gmail.com>
Date: Tue, 24 Jun 2025 11:03:46 -0700
Subject: [PATCH 01/12] Update CHANGELOG for 2.10.1 SR changes (#1999)

* Update CHANGELOG for 2.10.1 SR changes

* Minor cleanup

* Move to 2.10.1
---
 CHANGELOG.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 634b1f7a9..86f135093 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,12 +6,16 @@ v2.10.1 is a maintenance release with the following fixes
 
 - Handled `None` value for optional `ctx` parameter in  `ProtobufDeserializer` (#1939)
 - Handled `None` value for optional `ctx` parameter in  `AvroDeserializer` (#1973)
+- Handled ctx=None for AvroDeserializer and ProtobufDeserializer in __call__ (#1974)
+- Fix possible NPE in CSFLE executor (#1980)
+- Support for schema id in header (#1978)
+- Raise an error if Protobuf deprecated format is specified (#1986)
+- Implement Async Schema Registry client (#1965)
 
 confluent-kafka-python v2.10.1 is based on librdkafka v2.10.1, see the
 [librdkafka release notes](https://github.com/confluentinc/librdkafka/releases/tag/v2.10.1)
 for a complete list of changes, enhancements, fixes and upgrade considerations.
 
-
 ## v2.10.0
 
 v2.10.0 is a feature release with the following fixes and enhancements:

From 46f4fab5c2cbc3856103b40730076d1f63cf7812 Mon Sep 17 00:00:00 2001
From: Robert Yokota <rayokota@gmail.com>
Date: Tue, 1 Jul 2025 11:13:06 -0700
Subject: [PATCH 02/12] Add JSON Schema validation test; fix typo (#2003)

* Add JSON Schema validation test; fix typo

* Fix test

* Fix flake8
---
 .../schema_registry/_async/json_schema.py     |  2 +-
 .../schema_registry/_sync/json_schema.py      |  2 +-
 .../_async/test_json_serdes.py                | 36 ++++++++++++++++++-
 .../schema_registry/_sync/test_json_serdes.py | 36 ++++++++++++++++++-
 4 files changed, 72 insertions(+), 4 deletions(-)

diff --git a/src/confluent_kafka/schema_registry/_async/json_schema.py b/src/confluent_kafka/schema_registry/_async/json_schema.py
index 39dd2389f..8aa7bc17d 100644
--- a/src/confluent_kafka/schema_registry/_async/json_schema.py
+++ b/src/confluent_kafka/schema_registry/_async/json_schema.py
@@ -272,7 +272,7 @@ async def __init_impl(
             raise ValueError("schema.id.serializer must be callable")
 
         self._validate = conf_copy.pop('validate')
-        if not isinstance(self._normalize_schemas, bool):
+        if not isinstance(self._validate, bool):
             raise ValueError("validate must be a boolean value")
 
         if len(conf_copy) > 0:
diff --git a/src/confluent_kafka/schema_registry/_sync/json_schema.py b/src/confluent_kafka/schema_registry/_sync/json_schema.py
index ffd0b9e03..78ea5efd9 100644
--- a/src/confluent_kafka/schema_registry/_sync/json_schema.py
+++ b/src/confluent_kafka/schema_registry/_sync/json_schema.py
@@ -272,7 +272,7 @@ def __init_impl(
             raise ValueError("schema.id.serializer must be callable")
 
         self._validate = conf_copy.pop('validate')
-        if not isinstance(self._normalize_schemas, bool):
+        if not isinstance(self._validate, bool):
             raise ValueError("validate must be a boolean value")
 
         if len(conf_copy) > 0:
diff --git a/tests/schema_registry/_async/test_json_serdes.py b/tests/schema_registry/_async/test_json_serdes.py
index 50457deb2..69e984bb8 100644
--- a/tests/schema_registry/_async/test_json_serdes.py
+++ b/tests/schema_registry/_async/test_json_serdes.py
@@ -87,7 +87,7 @@ async def run_before_and_after_tests(tmpdir):
 async def test_json_basic_serialization():
     conf = {'url': _BASE_URL}
     client = AsyncSchemaRegistryClient.new_client(conf)
-    ser_conf = {'auto.register.schemas': True}
+    ser_conf = {'auto.register.schemas': True, 'validate': True}
     obj = {
         'intField': 123,
         'doubleField': 45.67,
@@ -121,6 +121,40 @@ async def test_json_basic_serialization():
     assert obj == obj2
 
 
+async def test_json_basic_failing_validation():
+    conf = {'url': _BASE_URL}
+    client = AsyncSchemaRegistryClient.new_client(conf)
+    ser_conf = {'auto.register.schemas': True, 'validate': True}
+    obj = {
+        'intField': '123',
+        'doubleField': 45.67,
+        'stringField': 'hi',
+        'booleanField': True,
+        'bytesField': base64.b64encode(b'foobar').decode('utf-8'),
+    }
+    schema = {
+        "type": "object",
+        "properties": {
+            "intField": {"type": "integer"},
+            "doubleField": {"type": "number"},
+            "stringField": {
+                "type": "string",
+                "confluent:tags": ["PII"]
+            },
+            "booleanField": {"type": "boolean"},
+            "bytesField": {
+                "type": "string",
+                "contentEncoding": "base64",
+                "confluent:tags": ["PII"]
+            }
+        }
+    }
+    ser = await AsyncJSONSerializer(json.dumps(schema), client, conf=ser_conf)
+    ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
+    with pytest.raises(SerializationError):
+        await ser(obj, ser_ctx)
+
+
 async def test_json_guid_in_header():
     conf = {'url': _BASE_URL}
     client = AsyncSchemaRegistryClient.new_client(conf)
diff --git a/tests/schema_registry/_sync/test_json_serdes.py b/tests/schema_registry/_sync/test_json_serdes.py
index bcaa3fe46..56b3714a2 100644
--- a/tests/schema_registry/_sync/test_json_serdes.py
+++ b/tests/schema_registry/_sync/test_json_serdes.py
@@ -87,7 +87,7 @@ def run_before_and_after_tests(tmpdir):
 def test_json_basic_serialization():
     conf = {'url': _BASE_URL}
     client = SchemaRegistryClient.new_client(conf)
-    ser_conf = {'auto.register.schemas': True}
+    ser_conf = {'auto.register.schemas': True, 'validate': True}
     obj = {
         'intField': 123,
         'doubleField': 45.67,
@@ -121,6 +121,40 @@ def test_json_basic_serialization():
     assert obj == obj2
 
 
+def test_json_basic_failing_validation():
+    conf = {'url': _BASE_URL}
+    client = SchemaRegistryClient.new_client(conf)
+    ser_conf = {'auto.register.schemas': True, 'validate': True}
+    obj = {
+        'intField': '123',
+        'doubleField': 45.67,
+        'stringField': 'hi',
+        'booleanField': True,
+        'bytesField': base64.b64encode(b'foobar').decode('utf-8'),
+    }
+    schema = {
+        "type": "object",
+        "properties": {
+            "intField": {"type": "integer"},
+            "doubleField": {"type": "number"},
+            "stringField": {
+                "type": "string",
+                "confluent:tags": ["PII"]
+            },
+            "booleanField": {"type": "boolean"},
+            "bytesField": {
+                "type": "string",
+                "contentEncoding": "base64",
+                "confluent:tags": ["PII"]
+            }
+        }
+    }
+    ser = JSONSerializer(json.dumps(schema), client, conf=ser_conf)
+    ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
+    with pytest.raises(SerializationError):
+        ser(obj, ser_ctx)
+
+
 def test_json_guid_in_header():
     conf = {'url': _BASE_URL}
     client = SchemaRegistryClient.new_client(conf)

From 492e63badcebb54b79b0687baa1dddea9d1ff8bb Mon Sep 17 00:00:00 2001
From: Emanuele Sabellico <esabellico@confluent.io>
Date: Thu, 3 Jul 2025 10:31:14 +0200
Subject: [PATCH 03/12] v2.11.0rc3 (#2005)

---
 .semaphore/semaphore.yml                    |   2 +-
 docs/conf.py                                |   2 +-
 examples/docker/Dockerfile.alpine           |   2 +-
 pyproject.toml                              |   2 +-
 requirements/requirements-tests-install.txt |   2 +-
 src/confluent_kafka/src/confluent_kafka.h   |  14 +++++++-------
 tests/trivup/trivup-0.12.10.tar.gz          | Bin 34170 -> 0 bytes
 tests/trivup/trivup-0.13.0.tar.gz           | Bin 0 -> 36268 bytes
 8 files changed, 12 insertions(+), 12 deletions(-)
 delete mode 100644 tests/trivup/trivup-0.12.10.tar.gz
 create mode 100644 tests/trivup/trivup-0.13.0.tar.gz

diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
index 3a6b27126..9d802ccb3 100644
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@@ -8,7 +8,7 @@ execution_time_limit:
 global_job_config:
   env_vars:
     - name: LIBRDKAFKA_VERSION
-      value: v2.10.1
+      value: v2.11.0-RC3
   prologue:
     commands:
       - checkout
diff --git a/docs/conf.py b/docs/conf.py
index d5e0f3ccc..4c383885e 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -27,7 +27,7 @@
 # built documents.
 #
 # The short X.Y version.
-version = '2.10.1'
+version = '2.11.0rc3'
 # The full version, including alpha/beta/rc tags.
 release = version
 ######################################################################
diff --git a/examples/docker/Dockerfile.alpine b/examples/docker/Dockerfile.alpine
index a6bce3907..f5848f4b9 100644
--- a/examples/docker/Dockerfile.alpine
+++ b/examples/docker/Dockerfile.alpine
@@ -30,7 +30,7 @@ FROM alpine:3.12
 
 COPY . /usr/src/confluent-kafka-python
 
-ENV LIBRDKAFKA_VERSION="v2.10.1"
+ENV LIBRDKAFKA_VERSION="v2.11.0-RC3"
 ENV KCAT_VERSION="master"
 ENV CKP_VERSION="master"
 
diff --git a/pyproject.toml b/pyproject.toml
index cd6106ff3..704b4021a 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "confluent-kafka"
-version = "2.10.1"
+version = "2.11.0rc3"
 description = "Confluent's Python client for Apache Kafka"
 classifiers = [
     "Development Status :: 5 - Production/Stable",
diff --git a/requirements/requirements-tests-install.txt b/requirements/requirements-tests-install.txt
index 622eaac3d..4a4e628f4 100644
--- a/requirements/requirements-tests-install.txt
+++ b/requirements/requirements-tests-install.txt
@@ -4,4 +4,4 @@
 -r requirements-avro.txt
 -r requirements-protobuf.txt  
 -r requirements-json.txt
-tests/trivup/trivup-0.12.10.tar.gz
\ No newline at end of file
+tests/trivup/trivup-0.13.0.tar.gz
\ No newline at end of file
diff --git a/src/confluent_kafka/src/confluent_kafka.h b/src/confluent_kafka/src/confluent_kafka.h
index 213bba7dc..f0a817e3b 100644
--- a/src/confluent_kafka/src/confluent_kafka.h
+++ b/src/confluent_kafka/src/confluent_kafka.h
@@ -42,8 +42,8 @@
  *  0xMMmmRRPP
  *  MM=major, mm=minor, RR=revision, PP=patchlevel (not used)
  */
-#define CFL_VERSION     0x020a0100
-#define CFL_VERSION_STR "2.10.1"
+#define CFL_VERSION     0x020b0000
+#define CFL_VERSION_STR "2.11.0rc3"
 
 /**
  * Minimum required librdkafka version. This is checked both during
@@ -51,19 +51,19 @@
  * Make sure to keep the MIN_RD_KAFKA_VERSION, MIN_VER_ERRSTR and #error
  * defines and strings in sync.
  */
-#define MIN_RD_KAFKA_VERSION 0x020a01ff
+#define MIN_RD_KAFKA_VERSION 0x020b00ff
 
 #ifdef __APPLE__
-#define MIN_VER_ERRSTR "confluent-kafka-python requires librdkafka v2.10.1 or later. Install the latest version of librdkafka from Homebrew by running `brew install librdkafka` or `brew upgrade librdkafka`"
+#define MIN_VER_ERRSTR "confluent-kafka-python requires librdkafka v2.11.0 or later. Install the latest version of librdkafka from Homebrew by running `brew install librdkafka` or `brew upgrade librdkafka`"
 #else
-#define MIN_VER_ERRSTR "confluent-kafka-python requires librdkafka v2.10.1 or later. Install the latest version of librdkafka from the Confluent repositories, see http://docs.confluent.io/current/installation.html"
+#define MIN_VER_ERRSTR "confluent-kafka-python requires librdkafka v2.11.0 or later. Install the latest version of librdkafka from the Confluent repositories, see http://docs.confluent.io/current/installation.html"
 #endif
 
 #if RD_KAFKA_VERSION < MIN_RD_KAFKA_VERSION
 #ifdef __APPLE__
-#error "confluent-kafka-python requires librdkafka v2.10.1 or later. Install the latest version of librdkafka from Homebrew by running `brew install librdkafka` or `brew upgrade librdkafka`"
+#error "confluent-kafka-python requires librdkafka v2.11.0 or later. Install the latest version of librdkafka from Homebrew by running `brew install librdkafka` or `brew upgrade librdkafka`"
 #else
-#error "confluent-kafka-python requires librdkafka v2.10.1 or later. Install the latest version of librdkafka from the Confluent repositories, see http://docs.confluent.io/current/installation.html"
+#error "confluent-kafka-python requires librdkafka v2.11.0 or later. Install the latest version of librdkafka from the Confluent repositories, see http://docs.confluent.io/current/installation.html"
 #endif
 #endif
 
diff --git a/tests/trivup/trivup-0.12.10.tar.gz b/tests/trivup/trivup-0.12.10.tar.gz
deleted file mode 100644
index 845a39b4b24da439195ab7d82f71e38f2260427e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 34170
zcmZ6yQ*<R<w5=Q4wr$%^Dz=@9ZQHiZif!9g#i?M$w$}OgY5TT&+kKehZNAMp&`1A>
zV_{&#pN}lTfNn0<9_~(zEKICyOsp(SZYC}uSN^uX|9G130t^DeGu(*9k$Ffr96Yiu
zt;9Up^A#V!vS)s~@IcA`iyk7_K4$CV9r&)JlWq3{Pnmz2y~)YH4q{9%Q~jf^L8oz^
z`*G@7Ilc?Mf|Gkw_(NOB_%rp<)7I94A20!EtGnKMDcsyG>>su~e2;*i1D*>%wtVL(
z_}kiW*+BPfJMP&L+Yz2QdKlgI@A(+Ksr|fn0N?7}Te7q|p0?Tzx3|73>wuwsf?s<4
zo7<{DDBJ#aUyw4-#=Z{7-lF!t0fSHU?a!Rcz#F`u^mGG<wa>t%#2@Jc;P$8N&p_%U
zuwfY3f%yacK&)LM^rr`W0snjft5$4?U$+(peqKF2Ti$>#H!q+7V9zIij~=HskpFYL
zC(u;S$n_f-`2fsdAMmW3p)X9AvS{zq*lrjWcBH#Xb>`Lcsukq2)XK2O&S{^kDw@z=
zVc*4ft;L2jaJBOm5g!S6<YoUoJ8pNFJ)6V2pwmg7T7XcOeYn>WeWch2*VFbzf7<!9
zq4O60hrOL@eNqGj^LHmzZtl(MgTL$SX}zmi{9$aM#oJvXtccxqSKIGQyW`n$EX{|i
z<<+Ol@L_ta>*R^N=&R{TTyfScN1Px>5p2`~RyT*c^wHtj`?_SEV9yLK<5?(e7%_W0
zu7qa@Jc7SaEGk+`m!Pd>#v(5u5nP5M4H<4=TN4ff?db9d_E&LOYObf~zd^B9|3dWg
z-_2X7jc^;xH1?rPaImVYoD0QO0gG46`cgf=iF0?kLT@W~Q;GQ^uf<<pEZ2dHzw1(0
z3VZTji9fDJrj|^4w$0{_#JzlWZawx2o|O(noBoF8jDhuA5dmkng!4VN`-u3@o98Q6
zN|8Xo&vs9p2Uc!0v;m#&ZXTPw0Y)YuL4<`*e^mf#mB?cs)R=ayNwwpOdreB$4wv9x
zcKz1`?jOQx(tGY76PxS&R<%=#xw`?C?jEaG%_}W8=dulR#@gW{iVg0oSAI6c7mIwY
zlUu^AiJ!Hv#olgdd~#R5=5dbOi&LlDr5?e$Au2>3-PfALk>~-opr=KF(wOV~_8ok0
z<=<-fP%BqI`lu|v*FaCG@B@p(#`iz(MB|#e!Dv~j>pC6Zu%8HCXZd~C&-~vl0l9s`
zyu1<;*gn@c$b);nffmx#g2U@N4F)EWa{;M%P$)rkUWohq1<!n8t@F+UyVnKzFZ|RK
z7C7&TK^YFkYhl%qVY{hjcyz{RWuNR|k_0FZ^j8ze_Fj9EVQ3XOQ6WUewQE{2m_>pj
z#zwg0{0;-c7rl<e9b22Z=wT0Ll^aYW`tCm3MI*W2O|bR_OG(ZNMOu&_)yj6^zf;`z
znobXq39s5|5M1{!VfaYX+JsmV9KMC6L8ecD`acW*6R;nEm8Z@CgPx6zy1!bfK$ETw
z(+42a*W3xP;of;}Y52Jozr|)w>IIC#ToE;Q-0!AIYwq3eQG=AheD6>AW({ygN3tIn
zc>hya2>c583=H^5y#*fr1b*E6x4C}Z9NTUIZMNI`Hs2TKK?SB?fem-><{#smckvg<
zR9AQNwe#)IyTeVaoR_Al%n*(c$rwJd=c`V)m$k@{3?uEgfB)v;B1nKQa2s%F%ozZd
zITv>Tj8a;&cL&eXW-f#nbbd}1zug`5#rU=Qg<mgnb2Bpn+i)((ExWDZT8=8t#9a@K
zcpU_-)5`!Ft~S~p`3mRPp3TiS+2I-XUIm;@@>PD*{G5`mf0J2z^hGXfkrr-2ClLm&
z1)9G+%D$30*(`}LdC%Q(CKdntqY3w~+k3@+gnwMvxP$8(gZBiBET%7;=k4s~72YgQ
zu_f9r_-CN>VZr^2ZGUcuT@)I8th@vAyY5z={Fr~fHnx*}g<tdE9(fT>?k?+$czO$Q
z)oj%*p$^%8a*w$D_~3kqg?dt4afO;C8>kmA@BYyH22+jSHBG?M?K`=ADmehBu7%$L
zo~gj@>(j%^b|Jz*$#=&Nk4E$kpdH~A;9-B`%}z#5(LI{Oau(3eQ~V4UK5R5^Z+n)|
zAY1ULa@9#wmvP8taOB}?Lo%x%2*E-E^5N&9!_-UnEdL5sPU`6F4ZBc0^iU%v>b4|C
z>tdSgxxUCnZ|5LR8rr|*WvAQ6d5_%7qE9Tv%Fcj;0)nft331HxxbEBlk3LaO`k0Jl
zV1<aU&w$HT5Nvo@+<qd?C~#1pfFN-4l6C8Z(%WyT0BFa>bh}^7%#N@WwdGN#(O16f
zAaFJ5VgrwMwNs#~h!s0rbgu_}LByVGioBH{G3q3-FFC9?q-oS53BoI_@$!7T|0IBh
zGJD_Tq!Ob4-gOqrA#v{3*na9|D+(0y)Heb}OB=LgwB%~SUPPWV6ZGQetTuQ=Q;NU6
zf0kY$%&9+W5`4LDl!WoxzvNWn&mF=~V=V3;WYOfaE_fF1wdd~fYTgRA*$2KQiw4`S
zSROlwFuwXo*RJj4F-NfQ=elM|k8uB;bo0LvH*WsrDn-UA!iZtmchRP2X&`X;+4NWN
zhF~D@S?+=}2-eM7dv?<lDx}*n!Ou1B2G*?QBIpj$?U<+D--vL?s_xe)W5HylzZZ~<
zBXq_6mf^0*-_2q!N&h^L(0VM(VlX(9gus`jj(q<x&1}xk^Dx;K!WiKcPU%P1q=gXq
zRFH7-5S9?db0Oj0@8#)=u?q33a~F7D_SpnIs=B!uBnwgO%T>R%$p3o}SEl=};+DnH
zVU9<%GD(r;^*&oVCv*Y6SnsOwLfu#w8$=-gpbetaMk9%Nd&%|#>+5Al>=0uW{zZ80
zBHelc7^%$SuCJ!dfaZf<<*NOB&^K4<WW{!T*zab-B1JAi#-O16PZVHcFqe<}gzu)>
z*1;^qweN3-q?r4SoGWhIE?ZM~!S8B&e7=YIbiob1j+Y|jd;gjkdU{Ce&Gbd4Y*d$^
zj}F@~O}|7INjw=A)-ulY<u(_@RgE56;VJzTq#LGH%V*BK=b<E20xkIrBXvOvJG7&{
z^GZp;{R3wiegvXD43;lFKF{bmiksUGD+4PP<8-{5m`;0}O~p^m)Ef;%T9sV}ykeJM
zd0OO<g!Zh%1cmg54M!u<5IK_<bAt1CK`AWNv;ed923IUuJXwOO>C?rli$6VofW~#V
z@%W+s`}Rk#W-HJfhaH}abd4c=BjFd`?S5Eh?Cu`dNUzl!N2v6m*~~Y_8e6ZJ3C-C@
z>^rDV<$QYvI>;asXLy9xL4TK*arhFDk>h!db}UE6W{vEKa>Qq{SQBgRf{EjC7I|=7
zAw?ipSUKzGPz>Egi_UhTTzB9qjTT^8Fc88|GrHA{psM+FHrult%@28&gf2b#h4b=}
zx~ZwZ$AQuLxE}20_mpna-67wQ-neK5_6E5YR}-6gB&kK2km<gLxZI71A4H@nzNB5F
zJvV<c)q`P{J>pnjS4!F!-5IplT)u^cfl~{C4-3RHz*l+VleVc7tyN%$O<U-H`TOR^
zfpG&kFb?peLkePoGh4y$!kYRE&avGB1wShqKHTN)&D;1J9Z+(BpBZ{M+&rNi5)h~I
zW8YZkr?l`2-1z}E*a9QJ0|Nv3JAlB-Tj1lTr4exEOBl)KbLeLvwio1E*z@5VXzNE+
z&t48M48Pwj=pWY3Wg9bYB-N^11opJ%NwA&DOucR=kmP}Ac(&{j@xU3tjG<f)(q(KH
z|E1bxJPWuJKf<V7nsN2=07br!Ku_B=z6D|6Q}i-FqA>f$xn(EqO{wUta44~@);z^Z
zLRsZT^a$__s5E<(!@~>{!#1zzh6n8n`@r*^8b84RujVxI1gzn$e!#oE0$XFng2#<=
za0jU^faQ$Zn=JS_+G0cSl6f{(MhCQ|8jEBcu0I=9EiZeT3PFH9TtvoGRCJDoedI~s
z(qc+Mvyc#Y?7aq|e%NXF1tc`ozVR+90o7J`9T8PYaxwC9mn%WJcqwpTGILnDElHmQ
z9$@;)YI#gjt?n+z%_&+4aaWJyp6ATqYyd6XNPmRCO50mM{Mst~`75-<U6UUM@`QO>
zX|u!if9iznW}wI7&m&bP81V5}IAHZrNgJ3L3v70697vrAoO%Z40RuI@g<pX)?}6(o
zK;dNI?ajo|00F_($xoosNy~laTsR;F5X;+x+RqPJzsUT&hZ@uWfq)U<I*c}|Mh9OA
z{pXoW`-wA<-?J{;XxZm%TKwK1>_boU^5Xa$z2>3RL<Ld(q05ZG8yJLU%ciVf3gS?F
zH<%4i%sRq!Z6{eg1qxSKBJnxjtN!z9lJx#lcnkc$Vd{GT@OQxtrO_1FaD6rQ3iMwD
zdHe<<Hv@m&`t~2r^cgY+dw39@mGdIU+#5kkQUp;`nlvCog3^Lp`O_@JA?)P{=Z_RN
z@#^byecTLV=siL429X=P^t{-C4C&FqW|fc-@ekVOf1V=M&-re48nl!t+;)YLw7WL}
z9!<@tX4d}xLSBHDlPYH*=~jt4b4gf~Y7Y;%(^;e-@x;YgXr(T2=VhM=1tCdH<;KB{
z_l&sCHi96g%f4A9(0h}y9vUFaJPiIYH2(CKN?me_SmBFBddK~s4sTDk$7>lINZ)yJ
zqy(P40QZ%CX0Cx<UzL-AUt!<x8^EJ0U{71$_0CV>C6E`m@C^KVe0~QS2W93%hXPnZ
zYGZ)?o{jh$z>e3)x7&fzp8*w`1I8sz@e#+y)q^|yaKsmc`$O(cSE;B8MM1};H^i4P
zmizNvFP}26tI@}?7-=h|IIKi)-}#_>{Hu4damPjgJYFJU=n$>R5$abaRKmXT0uEn5
zsG!;1e|O^!kAgb{Y(d@;UwTQ8xi?!Nl9>^p&gS`y5j_<9C$0XbRsPu;BNm&Uz83EK
zrtSb9KLo1(RK}tYlzv+_MBE$w_YUWQu0KHjJD|Xi_&l&r!DZR^SLI0-)IZw?U?})3
zF!}Mnq)_<Z$YupxxCH{fgj0cub6wXvmwRijkHGJ`-Tbp};PuvzCJ_)|`xm(MBFxcC
z-~3U!mPD14KI(qe+?kN@`*;Alm}MlX>FjBOnOtpAtyL@&b{_fKp~2N<R>0N9xJs)b
zA;Q9T*l>~?M`Xibww~UNW-zy_b@DXc8QH>aegr88A=_HKcqyH?TZ)9Ox(Ll>vA0EF
zztk3_Il9PDc_&-G7B%7?Gs6SUeDr#qP{_Dj;O<}J?&V{~`G;_gsgpWr+kJ^9O!vB1
zlR;8AKC=fLwJ=e~;S6BcXRT<n3psp!s!}OG;Ao5}h)38m&}402o7Jj#l8I?k_-9D&
z^laK>j6E^Mw09E@Wir=izj!$`^`_|iycPIZv~k;vGH&FZx2W5t%){pmtan{?=%rC;
z@OR~7#^yOjg!uS}$?o@362_W4E&0OeOBw?mK0Fk*IG{0&NfrAyD#6tY#F7Z^g57%u
z76*S*J-@G<TYx7lZ{0~Tc1IQ&MeNLquq}5Yw8JvLRD5_c@Eco=i1YWql=0ynJbDo_
zLG%N4<=Q3VS1^K?;Ij#xx2t8&@pf-|;Dz|0oOv1<h6Ia&A6l_(;Fwt=OPHhEBx6{j
zCBx?UWVT|lf(~aD+PMtt175T{;iC9PR(w4e-$D>!Z7WX(l_t+1M;IvYaN~qL;0zQZ
zMg_>bRe58|HNtdnDtTD8?NZ^2KoYT}2_Lx5O<5nv$#TIAg=)6Ok4p2J@VfqZYyXH&
z)G1l;B#G;I^ENV8PAxZC_{3*xhcDuUzVTEqaVv44F11%=XQjxp9&L;EZmND`@ivJU
z2yY^KQo<*{C!*P*ngL^))JZIDjA7!;<7z3SsA_{@;~31E#0tV->C`VqgB%TsK*5gl
zcYaphVDvV*=z!7VA@d)+sp9~K_ZplKYSJMtwH%xQ{6Z+_$FJnXOI49!?WvG}&@D*>
zAcDeXg<m>aN*MRNIL9SSU6l(uPF9wX>~lQO4CrrI)8ECj9};NzU9z(8c)X8&*c#!A
zY%Z*l)q;keBmG{#+{c0v8Uv>SvXb@*kCu(_7oIZmuHz1H&UvL;%cs>9aJbMbYRcq?
zW4TL?N#{Z5wL~KqhI4Z^-OcLW-*cAW+ZAou*qfQlEEKyWd<PAlbm>ujsJ1)s6)#A*
z`tlfDJthJwWgP$2wf~Jfv29zWP5Y(eaB$k$1PN)97zv=Dn1l-qADc_YqBQ2^lo<rI
zUaWWu38m7y54UZ(K&|m%!RJ73BuyMICJ4fZnWgUev>&dPsU@LXs4-E$m#T}?cRdcO
zV%N*ECOoWBW%wmZe#&!|O6L*fKwDZbxpNv>Z>>+R`MZLm4BN!STvty;4$k9M8AY|x
z1f+-Pk*f<w)D_iECJ+e%MrWk47~ISqhX?Z<Ec75?XdO$(Y6uL;HL=Q;WW2blpUeY8
z(>_PP3S*wIxT*>UMc<~DedG~qB?!ILPA;z{tJ!FI9Y=LsQlA1QgFi|qBi5vJHQXrS
zT9uJVc+a?<v*$DnHwY?4L<rDBMO=i~Q;039$2zR0`o@h7FbR3<RQ(g5-up?*d0T^~
z+oc`ka4PpOaQ|PbJ9!z{0djW$>)L^T=TB}LK6b`7Vf!t7_;Rr9HoMk!fq#Dn+Uj<7
zXMvu+ug3HXz#sRkK(?y`oQ{Ae00wNK&;00sWXE66c~dT`0cA~_m%Vh{uhGTyqVecs
zfpA1L-ziuOqG*uh*-nT*;g+r@2&uCqPe-W%m21B-j0EloFmK90BK@>!>ES6ea9xQt
zM}AvzI92xI*Lz!cn%x}I6Pk!ta~j-E=adpt{k{yTpDyqsU}%F4{ramD#Y!`Rsa?gA
ze4TN~ItfK@f{NSOr2RvGBAJc%nkEPppFwK==wLqYj}fXu+sLSFI_IP<3Lg|(2#H`R
zLo^PB2!7&Rj>GQPEISO%$)Mcm;OMAvB9~yVHo9M{8d*I47s1sle9AK7m5p@`#m5@I
zgU6nOo8x3LSTFNmrMigxsVkE5Y8PxWB|o&8CVY}*hudEZ$J{<e<b1Zkt0&<i%km5R
zUy9X{gip|v#Hvq&Uz@x_wJa-ST4s+9ioA^kaI9u}$Ff98iB}*N&Le3uuC8JIhb&B}
zL66Izl=*R(#}qf-%g}g5o9n9&k^%LjMNeYEEj$~}U*v#?WjFlD>ki9XQ05;T!KE?Z
zK`N=eQEisDPS6%o>IiHrP`?ST+!B2s&Rwn>HQPeGeq?f<l8s-Nrs8B@wN<M;fxP|3
z%z&$tv~<ISX=cl4#ncCio(#Kh6po?Kdb3bAr)b>B7ARCu@HRg+57Cu2-#2w(|LTN^
zHDuz9jZrQ<W+B&9q_iiu#VjJOt~y9!hK3&sii%(_G$xbFySa7Dq=NSo90kx9n%;`F
zg<&SFx`Zk_yo41I!DRgw5JA{|GKjm(BR;4z6|aPixk1(r+?Zi&nS>E<w2+lx0oX3{
zHY$}{_+)(WCz|8&%iko}{Th->9INBS0<dl8A_Wn;X$c_C3n9A@wG*T~I)dO6CR6Gd
z)Q19yGdfNMVOB&>J0I7)DEVQ}G!m8SM$@#z57uXj!7mhUmcu&8yCk~IJGfK6?Q<;P
zWZ`GU2;DTrv8Q$^1#dz%v6r@s?ViH;=aHwQ+M5BNP#B@eBpH8;voQZ=u87=&u=&LP
z<e3bIwAF;L@OZ16e5*fwVgwXjfd2b}f3FP;U%%x%IJ|Oe=j-QP4(!3&1%7f8gESN@
z2bBINAW<N3)fKX@NE^uBJ{W*-Z)IB#SQ*!E!^K`BreMfab~k-}Vv11Vgh5yM$@T;x
z2`oD8KpD>2Q0L0mFi7+y`nhFvlsJ?OM1S;_(lXNKGQ&M44$IZni%8)qKq1H@QA{m2
z<EdQy<^~aVQ<m2C<40>n-Og*qi&|5#4U^yyOoL<|2`-ayoQhb!__ciK-jyJ4EfK7>
zm>e<HaDhi22-@A(1Y(77;ZiPa9%g+O^)TgRn3~53Pb&*kGSKxc+yMl<{7;v&4P3bb
zn(q4#gAP`I8MW<xXMG1YcqDxS11LWSU~X~q?Wq7*<=N5hvQ#%<$oYTt%oa_9Bx>))
zK|}qAnZF*DVN3&~Le!3s;BRlQudlFK*utZwd}xUL0%>rL@F}Q~ZT?UWPk@)ROtTlU
zlR^MoK=y|%4UZ4)Sl0kJGI?=*cW^`q!_bRY!=4g5a=V_V>ys;UxVn=~_Fmj5tc>qH
zk;9v<3Oec;PrKpK_X;Y7pux#@R~V3HrbU^sBC144ZzGW*?AcyazdNawZM7a}mxd)t
zBT7u<5JqgC@{`TDedhL-4xXx_L9qiaumwh1p8rIfW}hfvin7;=h95z$1jm-ZYrlOA
zkHGSU240SP+04N~NntLrT7UJiv%A}tED-GC{QZDHPT)y#5z3tj?E1=_348|_Y5shM
zC_BxZ418~CGGYP!eQhf<J_G#--*1!e_uFl~zd8hd^oW3riNK7BKs{Wb!c;Qpqv@T|
z)D<qVf~Qq?!mG1@YO|F@VSTnMxyl6u<DNLWSCQ{BuN^ICilaoOv+Pke5%W6scu>e&
z{6(2JV0&Fz$XVch&Q)rof;q6*N{0r6=G<jxR2j`b?3RpKrb!#41EUivCc$>7JZ9uB
z!PyBhdyt`XWP75X_1?LGWd<gS8j71*e!Q8{#55*m7FKkEBXyj$sumMO)<}X`LMh~S
ze-3dY3rhCa-HL7}lhdzv1{DmE8EMAmLI$sHR=IFPlLG7J;%FP!UMdV&p@~k+r4!VB
zlN+!^19;K*J<|jjC@J}PlYc4QKB8yo^78Z5VC4_oAbLfmM~rs6UoY%;K5kZd8kUXF
zo$EC8!jWMj7{knmv!XQBcMAX3AKr*4V-JfHo$K^tqy3A>#d}}GDr-oDv)ZjeqPFR6
z-6(x5>9C8M2N&xUohKv{OGp|CK+$yjh(qR7ge-r)cjEpre!wEor5oN>g>YegSb_{J
z>*4A1dYPo-auF4e<c&BGwo2XJ4X4R&G&JXqEihz#r~EOxz^v$7o?eo|#K#S(7}mh@
zJ3(h8uuhd~Kbd<}lGW}wdsB4%jpt6kj>tiZ2!^gouo1;v(F-ZE<ELq~7W~?0_}Hpe
z%v<%OyL(zmXIH(Zb5iEL4!mnewCn1DgK8s62`-~Eiz7qWdS5K}GT(gZ>xWa%6Q^ft
zk22lU6NKb6XZ<w-7jKs;6|vB$Z<Y{;cEEU!_+W<)PKQILM8=2i)f7=|@M9V@R_s2#
zGD3)Q7Jbk-oENC1W`G=lQP~<Mi9ynCjfeYPfu=zxn(!|mshm0pwQW%BJD`><>iL0_
zr46!iV_6X)!Uo4*I$}wkM~-#;y0TV1HdyS27l&-*Pcu0n<5{orDQ=0qNVOXf8^Dwx
z!qL>10{=ChT>%2lqp;29^%V``)2ctoQT#;v6C5#`Af1Q9{LzHw&246kPy~C#mM}S$
z^_2xGmKoMLbPsFTVoq75k%#9w=F;eJNz%1HR=pAcN-#~RD^!ga?Mi6<5Lt`^I^+^O
zxN`JpvZ=OXGP;F=3<2nZWK(d0P9qd)co+?l-F2Q?){lvS@3h@YZ6>k<EX5N5i{p2)
z(?<+k#7Q#Alo;-)L~bL^4or$Jf@J<N?>Gh2!g2;xJWO>_y|7$^IWF6%g+8Q6@@o26
zS1gTMn-Ev!ZR$X~INGtynqj8h?|xz&m>jy!y18pnEq8}9n$tGOU1r@3#oYbMsZVE~
zzvRb0wATr+J%k=H%(CBb-$@Ig;8%j}&hU6s2tN$OW)=AIKxDSit&ir!M-~~Sx2_hc
zymE0-EW&Ek!&oZm1CO^I&LRHW5pVy^*#kMYnU!1yq01N@s(}GrP8t0DZC2JE#^n3W
z?a^;w(m-!_N!G>P1r@_>Ka7Qu;DI}bDauU&AAhsn`^OgBVs-QQ==#LRLnpx&lRD=B
z1aDVNR4*p)ULG!;GfFI&n&t@?(*Vze@p~B}Cc4)!rH3&TiWemfPnl|I`b13bw#43;
zm|Q94l9x_BvX&mRlLv#M^NV+X^1uXk-$x~8r38PCJc*zt>iQakEebc73RV~NW&0VV
ze|9#R*yF3iHbD`^=q@2nlN9BI#+d>cnV2;!ZF<v(kr%Qv+WXH=>MQHcg*o>I-pl5b
zUlxu<^H~$vHCfFC%4T%cxffr?TA+Ka4lN>I)QYk|zl8Gyv6t2_kV&p}J!oB<gCy-5
zKP$h5=Yp1JZDtAhC8V;u0u)%>U8A*6b6>h=4wV}xl{=c^Y1(guX|anW+noP&N7NxK
zc!Y>{c6m11FDUZ}{nE0=EF;8`RL(d4|7Na23Vv3z9Fy?n_>vIWYT^#jd;-F@9?ah#
z<bsgegPkxUT>RzwAi+L=(odiamZoJhMD;}7a=^@C_HR<S0P~&QmzxzE2mkyj1>O=>
z44V5dZkhT1kT1O89X6VYl!PLZlxHZZ>Ndj<ObKdW*EZb0i>|znEvTA|5tXvcy6}>L
zr!=29hst(}%XDE-pMNo-)crFyd!SdupVb@(lX$U?n@t&)=yK9@X0vyVP~GVuF_F;b
zS`wWs4=ote{Cy`Ng42Mr+h0;Z0=jypzqXM*fm24KxS}lg?uEWg$o)&IoR22E3m+sA
zC-G0P)xi3N%PoymDcCjX0}N0W)DahnXZ0Ab5YP44bI1kO&#ep)heU~o_ZjhxX3ebs
z_8b-dhpA4Ubp4XHt&|chR$cJSc2ff-3fio7vO5KHEZjQ_DuqQQBECJ8ZvxKXpWkK3
z;-7i@O>;k8VbE?QC0*iegYX5u;^cVQFV^URCtB&&Kya@HCu35iwl-}`G{wor3)UQF
z47RRxI4M#j4qo4?@0nN1QUZJ8x*b6doY5CJ)iyzDfhmOUp#^4YlF^T;y8V{l|D2NG
z!m7fv4ZOa<c%~<y24s!sE>R8iNM;tT17DT3=>FiV#n735c)?oHKafrBrI(=IH%&3p
zS-n%Xz_J;x;2220?iGP$kYX8h*G#I#|5ydUB|=h6V4Bmh1zoZ~GPN5xtpvukKy%?S
zKBr^o&78QTY)AG$;vN=*2hj56pTOar;G?S27?sh|tm4Skaj0vn0@~mu)K&D;>6T-M
zeQXhQDz)$a>#V2+*`BpYD3WAx!*c)AW;nY~DGLtvGLJmM5kafy<hiWIMpI#O7|OU&
z_GK(7!b!R*A9BER4#v$Y;^PFYi^4pr`<^bCC(?2a95`6az{{0kSsFNun92_IZIrQ9
zl2F@PQu4~0={O=xdLRnG<r1!9il1>;MEXXxy-h+rS#~iscb3ls$KZNGr;x7&@+g?p
zsVK}_gDPZvL}Q}YMd?Hj%m-8<n$@*Ua}q3qIE6%9gmH3a-LZspe5MMhN2ANB;qWQg
z!INzuKt=$+)sszlJfAkK2~$%OAk0#oi%_;V)L2rQho~oVRFNCo*2#XoFsGuaz2+--
zMxlm|zp^umq0rG*uDDdGqHt<))N?~6mi{xDE?y$P0=I56tM)Ozgq3BS%jWOG)1+%N
zZL7UV(3YSdvS7#>FlWpv_v`TI_7qTa(eAz;?`j+tKup}tX(v2Mv+jh2k$~ZeA}>P;
zZ=cSF!Z4&lWT;G3ZcQ@|lr568mf7ucB!K_!IAekENGoP72?|aIpNC^OPZm`)>>ro(
zn-anB&(5D~qGIs%hldNP4e13_KGXS<kIsVf<}e5)3Z_Omj0%Cm^y<*UlI$2l_p$M^
zF<vE`=xbm(BpKva3`sfb-6D-+NkwzXFsj2+kq5wU@6}%4-rQEqWRJd(ah*8+eOIhj
z@IG&)e>fx0kZzPWMW{xz3_O?G<ai-Cp|SQi1f`SmqtDfo4$ulJb8@z!mR+ijAbudx
ze?%SP4)GSC|JyB-NsI<vvUCs2Z{NInB=3pZhP<HOhSNVWGLzy#F`;JZCtB%<WUY~V
zSP~;n%fPQKSJ?OV1EFsvaK{pt$_wMTn*pXlXLF(Zry_DUffp0v2+3BO4$5QDI6QfB
zi+qIYv-aZUJc72Ha%2~4{Lmh^Avw5evUO^$)UBRiTfmC|qW;#|mE4>Ej4#nSe4e0V
z+@G}Ho3zmaiac1$PkbF`5Px`Wx^qIq_8bYv)z{hj5VhbmUf-<x_0EV<WwjO39F3)m
z&<1m`3lYCKAO=_g`oyL$7LqhAyT<L-U{$tteMZPVR&GMYFmkU}hOZEBn*Gf<CxKC^
zR-J94D0fbljn_JiSMJ4qW>nWGh0L<$>VpkK+wQ7EXYHlX@A}n`WZJ(~z|jNGosmgo
zYzvvVJloU7E4I(>X00NqMc0kA`m8$Z{f?TNr(Hs+5N$^`LMdN4&(PXzZTp~#!k$QQ
zwm@y!+c>vqANdcJgGbN6GjI-1hcDM83=iWMeqMXb)`tdaaYq8bp$euY;`c90I^IYR
zfZejbI!+F=C@Xe3zHa*>f;u&}iybBN>(TV^)Is?MP5)C&*_*M_^j~}Q1{GZ`+?5qw
z06W+mz07I8_s&aiH9)MD0-3pgXE7<VgmD%pQ~D^<qQ-z<MD7LpE6ag{5L(sD+G3;a
zR`{EPNAUawe~gU5ZFcy8rytNWu21lAxUyCwSED&KfC@4Q#r)B)*k@!+$u-YtghSpp
zezTtYEyn`M+!t%q`n)9#<OcS~WN-y<9^k$Unf@BE8jY2+Rj~dda24dWFQ4rp!r74y
zP7+b0&4izMAMtMU5cM53Y7^UusBzAuvrm^#BHh=Ar)DysX>$9RkR))f$Q>r`9MLj;
zEuRPu6oX?wd{*uA38BSJ1RK0(FRx<%-PLI7;^nC<23=(9$?n^sJ7Alb`8r~_w2yEj
zR<9Hxa#VLXB~z6Z1-fR<<$lI+ur-RoqEEg6;$|xr`w$fb=4~RQixaGMa?pnw)n9*d
zh6}QIYS-9hJ14ci(<u5}upqv$dKZqpb1oN&?!^QzT040+Pbg_UcGvu5$Ib$Y)q)aw
z>L4{1#cBTBoj4BZ3=@s&YjS6PJnE|u-JT|TrXzN-%!#?W;V(_y+1)c3`f>ADr6<7f
zDD#|I?xUu;<9+|5Mqv;9z<6;j`*A=jzwNc%M)n3|7X1xLrOc&7S5_tX{0cT~Ad8&c
zV8xO$=VBZX>7qi^>H6?X*n``WyJ{zxY|X!i8>H^t03fJbt8W0<YUAG__oz0gg%CZb
zQdImDOk1sq9Khq2qB$ld3F%5`erCA#jn%33)=-v*rUH1Q%(_y({M+h%jW0eBsltY)
z3~xwl-)hFCj#&GLgwjrgi(Gy9kp^M%O&-Unz_L!XkHpZLc<R58gO-s6;Aav#7#N>#
zIx6gL9QUKO7smSGgl3`~=UC0y0BLa}OC1ZPEr|f;*zwXRD>{r%Glr-0H=D&vFIt@z
zr1Vy%cmI)N$*#v_tw80};F{Fb5!bT_$7~{$MJ<R+nKuA>JmLAkCpEQon$m^0Y3U=9
z6{(?f1>bkuar}!dLr0VS9E7*(M*kOXICT(2Zhg@A50%QjJ7`_|kBZd6p}1>pA;;lg
zJ)f6Q6FqZv2iP~VpcA=}fP~^d$N_zQ<6fLcUEt-<;kNLs3MfGbq}nzh%v$UTfSW>Y
zFlVt!{&D@7C#lDV5DNVfzRZ8b+}qO(m0NIF?4rm|?b02jx;*{C9U%R!S;aMwjZqEp
z*48mgtWhPr_}PeN4r|=pV~|Pd-%}aRBO3G*^ZmE^1fiWg5U7`1c^0sm0^PKaBFilk
zUOzQiSv16AKAeoKT&#%_@`$|Xf?t?1X7LDCxZ~_g;zXHjaA*s81jh<A-Kz82@==Gn
zIHV~z`W7JU_v>N(6&e6uYZpe{Uu{7WR_~KJSzZbqmZq~H4Jtc-_qTlF@@>YJy;^ta
zgRmR7>-kjTP0jaWlq5!sjx>Sh$&mv;Y%6TYx_<;BB!B5M3`SD^7)mVv`<YS__yEPg
zK}75>5k>_e6owd~uZ*M7z+z%x9UKjFOQEyR3+S@ag1J2RVyN6(NM1&Pb$n)4rRw~G
z&h=c*)-dz|H-KSQYe_l3EGnzJZI5YFzLI3-JZpRt3IZkx+`Uj%BI(qZIselZuhW@9
zkOY0#<n=Za4rz4wE-h$Rg!I0nr1#N&tf+9*dfUeX_Fysa`sB-dBEEc2>>XX)UuL;Y
z#mxvj%#{|&<dTb;&{GFhFbn90T;q};qC{yLw(MG^0-vzN@%$Jn(sN+-BX5ad&o7Y-
z`vAR$p-n9#XV=!p6o(b~hXntSo?Z(B;F$B}Z~HfIokROBzn=aWSney`ek7QM!r8m@
zi+43mq9SjVQIwnatMoc`E<}RKB`gi$r@+sao-qF&jK1<cFR?5aG1jW6@w%!)&_hUi
z5qvLAnol^12FK&}>!A20o%}|GA3uSo@cNQve%lG&TPT?H8f}br^qNzQTmu;{-D1$~
z^)*(+^NeIwa|<m#C|JmKyJ%KY8>)Qro-q&vCJH^B{aXyON1FQ9a{$maEq8V=SQs01
zB_bIzM%}PiVb{IXlio8>FHCul5mG$`-~VqA&kffkTPCx8e`RqURnH5VOluBrbLHdX
zA%^d?bL7_|;~5IoVmf%9;gP?PNnlJ<(oKl;kC^c0FKjLLdQ51T5dBxZep@ZQ@Uq<;
zQ%7gU#Q7jg#q>x~(Hc(!_jq(sW)@bw3ZGEUgdp!jGz0k*e!uDlHK$dYzVfl($|+iq
z^tiFDc}R2F(1Xe`WZ`khY*Bwp_q0gnwUzD-Yz(qXZTT9b)Rnn-pC0O2hT{I19)H+5
z3D(rFl70r_9KdY0h5}kCi8f>afyWJ}J)(fl-N364>^5KOy2Mb!fo+F?5Xd-7o~3Xq
z2PLluuARYN`t-M~I|n4ovYk(I2}0gkM1d+k;)6X~{TyeEWk`$wsJT$8XqRMPQWi;`
z?LvzHJQb<edapsELJj|y_h1cahRc+_>D(IB`+%m#@pQ_B09<v+GLez0qanV0<DtRh
zBqzR08)Osx7=*)z?RKK5@YA%tKLm@C(toln706J6L`cc>k5wAjT^J8mplh<&s@05#
z))MkIBjH>rV__^gSV|DYDy5n2e~--6PLg`vrqLZ{1lZ-6DM^^*JW_BA#Pb6fM&*p7
zjo>B%XW!5frw*IwkEnM3L{{(~y&qWiTNEk8z{p|RC@+fe$OUTCBC=Robyx%>4}uom
zn3jEzMJCI3VsSQ(?-y^XPG}TY?og6MJ}wS$c<i$Ob^=7LL4!BrBSW3c;)6_c#vMm*
z@3L{P1-%!Q(h^-Z*qBbOL53&iH$XwKP#vbnd;n_OiCPh4iYp%gk+*4W?i1;Ya=N9_
zGw>I~8Y0rzwr{-zW=n(j<eo>ENTC0^i&4en4a~F7I)T~AJ@ddGr=2nN0cXEB+n;w(
zi~3spiC|{SGNTjq)1H{~i&|_v857tdAR!b^%C^f>hT$1}{t(QxwPa~e(6Z8!Ol>R~
zpO_B_Sd&;71-b#z9U|gJqoU?b*iwt)R>H~Hax;;B;hsdgZBi7L7=`O3FM1T|!|??r
zB&45gFN1i(5#hLEMLPr0zcox1nFBIKcXfm?XgDnXBr!sdsDE@MbN7XfTDhe@I|bo*
zd83S1a7BcfY5z`Y8`&ok_C={};v$U`Xyp@~On!?V&Ej{h?^xn}o}w;CN#VM5tweU3
zl{`^{$-Lzi>)I+P5CWqOoZv=)WeWAiD!HuW5R?uPbW`+y&Q9p6OH=J*2AXT><?<a3
zC}P6=Q^HNZSieCibQJnvl61w8?s~$~En=3s3%G`hT%>N<KR*b>F~~?@zx2zZe^LWH
zWy;TD!VIQ56_OAz$*~RZ>V_-3$edK>JJCos!LY!xO`<0|#IE$nKFVVPOLoiA3dz<O
zF9p=qwejjFo!d2a<t)smm(4Z0%#ReqaSuI4Uo8<EQf(HMx>i!#ozqR%xHn<rR@=ra
zqUNYib6iiy{OpuPoUXLjanPz6Acd3=T}PU4#>*F^L~3i&GR{T|qYa@6;a?i#95U5z
zd>?<rFM04{sur&Tqa@I9m=={lgZa7MNhXT2A}o`67u(H5)y+H*!w_OuMQ=m#XCUjP
zF=P^FuJ9|?GH--Yhhde+t;@;cjEBK6;OKEXq9l0s2iY`@05_XZpQ5#mg#P#qL?sa6
zOKTQi2aUnyP5;7LW<7iwJHs^iFv)XLqLLtJZ|IW42ao^WuRbBR;#A`z`U>s&x=qX-
zBxjIhClmHturGs!T6ti$!j@(YJ33*J3BA$5-BmLfn@}eh;W{~A?0^hCTWysvJ{T{G
z{Nd*Jn&8z8TqBh4hqvqJ-Q-3#%<a+hJ?abP?%^NdZrH~u-Q9p537xvh)xDl`vTe4N
z_uw91H&^BCkSdk6@8tGr8Q|X|y0*JUc#Z$&9=|-iJp38*YPP&WrWPOZv&Zpm+nw6G
zth=Azo44|WNHogj|D>NMSf*C3px2m}kt~K0y8GhW-Re@DENjbMSF0fV>sEk5xd426
zeiXjGqIwjz2fP>d%l%Yt{CBt=+mYLmp16A&JdGUt=Cg+ay?!bu1%v09^?=a6zB=#1
z)^ln<m7$^6eT)Z?ZK0ukyTVO<0zkC_ATt2y{WI|O2z>w?nwxT85o*W=CTjXJ0QVK`
zg%^Nd8bScK8KtnSk=c>E%V5q;K*+^^J~XuRDCoW3Hvys&RDh^+OO|fST?jr^X_Xli
z;Lchbi|`%fXb%&297g|5jh2fD(fn9C+d$VJka(JX`ycEu*iHr0+wMNrUST&A+v_%$
z?H!B6+`KuIRgN+G$mAk`fs|&pvi-+UAzo#zht0;O8LlAO+IU`y?V`oRXWRF4E%`Q_
zv)b|HlD*&(#&DzE$g;m8LrVNdpz0`rYJT_xv*JkbULR2)reEYRzjbJoi>Zlyf7V3z
z1TrF0>~P0}iMj6YiR9tJa&Xm<&-aK&hu)-4U_B7<V8jGGDb)XooeF#)`zeJS)Oawu
zHl}9++7lnY7Y-zRS?Y;rAK#XcSis<}Ny3FedJ2fknu>Kr9ef&_&*tI&o^J_YAGr#(
zf!%hl$9@DwPEYY-&^utJO7OMqH0%Bqyg`NaJ2;F3Z81qOy1y!s2(CZep>>I^$r3p&
zRCni)aF3nBRG_{3ye%|@o4bB47$pJf%vW$iG{@`;e$vsmjhlo)7L=Ec;L)V-jiGc`
zXce3_4ZfeONYy7BI!FptlZQwEV_FKTe03;dbOU;Jn2{-@>R$US#wJ|0@u7k-qGf`<
z#%u4FP;$=XL<RQz#QbWI;*wI*bGndov|+v{PDp=A5SbX9Jj^|-kk>m8spV-NcP7x~
zojDWuurLtyRk?6GVE%166WG?5ANJMJ*3$RiTFL0>{~Fw+6U=f?uOjAdzv(SCH$|pO
zPiAioE+3{X%T==N9oJrJ?iO<4KF#&#v50I#gPbh>dIY<4v(Uw$LEHbB5e5}qagHC8
ztviXnMlI<j62!7N!*wgKpj#0<4i$G)Xrb<XJD|`zfV+0<p(m#|ilK4<D)`4@?aXE|
z+{{ea0D~L$|BUO=V}t>-<7C?`nmIWE`FziG>x_wLI}bleD^wQ!P6~0`N+j{cuAvPS
zLcfusvb~mo(+_a?WNqMJDte>*ZOJzxsTiox;>+cp;5lkeq&=(vBAXc>vHT*d_rxn%
zr`-u$#>JjIC;7#qb*fpgau4XGWo`p_@;Au03hR>UX_U9Y4`M#Sb$;&+VAEfF_P2m7
z!S`a<O(Ao~z=%xybw1wju5E8%@q$nuK`_te{~#U(1`UrdwSi#BF>^$#3}p60HK+Fr
zwcjh&9lMuJsZ5uCe1aDsJVE>RM6dkUhT-lBdeWAW`A4sqP$Zl8vV|%h<}~ZVe~eo|
z=yj6wd(8^BcGscb{`zh6UOWX>VD0}8;IYMTRsa77JdlGA50Lo#)>T>_|M*vtznNKO
zwgp-dzv|qIKc3OJxAKHcYVWrf*UWWD!=!D6F8wdyf%zZcfmEFN{{=iER{sa^Q2t-Q
zgA#<_F2JTgk~Kq<1p2hnece8AH~?J8$I{XFTM<~h|NB-+5efAKq;})xXVJRte-V%E
z{}7L0t`7wpf*_FP15Up{-}OtB50({)4quP0+dP6ylP_T~7ZmLp*mPvr73v8N<H1$g
zS4)W4&Z6k5Mq=UCLvL)<UpTg8WIjP%nntuxcSQ;!7Dl+V|1aV3_5yMEwRzq)!{V4v
zgmrco5ojk?W69x^SI3^C_ff3u9R54~{~<iOX^>hMFJZb#SKEYOS}()F49*Vq=vpe=
z{9}Q1QAP<`G#H)2<_vUZvZF|Y%8onGD9k93-tEFf?TZGQg6Oah&x@D>-O9&zV~F@W
z<>#sWRlk&rJ?myG8NaM8H0_t4BwXx?RF<=sGSBiW4n93yM>s2*g#>LF^|8rCqb=`C
z^s`S2nf#^w*+EfO(qol4u5UN--WO|l2VU^+b(zRKV%-Ctu^o9HV4#=Ss=<&fVxQ{P
zLDbjJuuQ^<?2bb1eU!~LG?0z(5-N$0%}Vi1diC;>uu<LlwrZ-9OQSM%6|gq<l2m*d
zCU56$^z889r48e<MV3V&P+rVXAhtjUh5$IP63raO9}Qy&hD^V<iQ)r4(^{|pB>SFk
zr-Y5z%(p)c4qNkX5aE}Qk7#hSw`t36sZ1MwQw}r>CV0J81|LAzn#hEc_yzIAtg$uM
zhe6j*btiY=azCE%+BLU7Fi{HE;VJ8s@3mEuYsM>UZTBx{aAJ}_wr$63l#Y9}S0pox
z{j2yrdLgxBN4J^UbY3i~()GKxF(vJ4bb4FDa8p8zy`1GF<3Ot@y^>8<gW;u5H;gHo
zsv!@y$8=n;7fsNm?(eARA7#i)ml071<eiU+8pav&psALyIW2}0%qgK1#_`Bk#5fRU
zx&I29(Qh`Y*I&p36SYZCcZZoe$@QkR1^{3^9LawMrdo}UiprpcsDdvV?dD1_%@;~0
z3vN=MgydK@*885|3wO$N`6Fd0R71>$Dd;hJT5$c0-+nr;rL_SX+?@9L0oGg9N#cfh
zYU=-F8c+|YHqG0nA0@Hru-9Sx^7jDhQi(_$m&mf6{{HV#>-Z=#?cl1E30qAnkbMbZ
z3#isSC+m}HjfW1Hh~${Z!sE7o;DuNQ(X8sYY6`&U%{4OnFjyA^H3?h(&7kc^&JguJ
zQN5AuK;4s0;PuAZomqUZ2aRQnsjnl_KO~4n7mZTp4E?Z4f@zbhBWHUEbpL~)2u5hG
z9+mjc5%s?KBKY+eN5Uz$pB|mxVuDg+u9BWyWhVKqld`z}$f#@n--8?;gS;7(Z`*(S
z=O+Jgy*NVU{I3g23(E2fh}Ib8bNFi_Hu4y{15=3Z#+D_L8-4$feKl}bqz4`va@Rl8
z9Bzz3p;|m6$FON1NxD*U{b_zN@D9$j1{~5`QZQmdjF@8`3V(BNqxxfEt&RE<K~oY}
zT5E6LAVR26GhS(4Y$e??>i=b^N%x}?ws!M`)SE+XA#5LMc^UcaM+d3HUTLYSM?a((
z&_eNnawBfBVTq@Wt_V71gw!4fvi6N;<$zUyw;-IE)-)rho3fQFqfVzcE?7)?6V2Jy
z`(Mz&caI(6Sf8tWn3hcjK6H{^{038!OaAP~V~!?k6tU|1>dZ#gm)F>(Se9DMPJ)`A
zq54umi4{|&%_!u$j5=klF?^&}Ds<i}x6Jq6YiqT>brGs#IOl<9rsZWer-Pz<%#VCI
zMooMrHpz`a;J#z_Z-D6Ch;{ZmMydW;3*1jUF&vVUVSvgGF&>^^fj&MxggPyQ>tVfu
zTvERhpdU^GTSGKa&C-U<uEK%+oQo^Bme6-ip<Goj1!FqJ9Xmhx!Iqta);md{!v1x3
z_9!0W8)cxv*VK6N#U*1Mk&8>>nQF>`8ES=Nqi4N}sbQ=s!yY&aD$!OE2YO6B&;^vf
z0VaP29{&(${}4}=i7P#U>f8XE`UVF22p@q}_SeU+13y+j#M^B<&*YxplLo>r8;Lv5
zNAUW>XNXc=Xj2!*mmLw70cWpDOUu?i{W6SNCU3RUl#r`Nj?y>ZJD%oaMve{T!myV6
zp+=7WaT0KWUWjq5(%cjhtnaxK@C3Q-j!{TP!OI*}kBrRT$8q)WXdewkEHL-GPRxLa
z%j}1a8Q*J6IAM-NzQ|CbB%vgu(0p4VfeACEFTHYe!?)N<+8X=YE6w;rtKL5|aTeIY
zzh)CplaTcfO41U@Ot@uuT1Kx|yxtgRx0|pZ#}?bA(z2=XD02o1Lb!aPnNe_UFm{JP
zz)vCT*&9Hp8>9Pt-2G$s+2Z;YkkOx9R%oxBG1D=go<O18K?T>-EN>cr59Tp$x>@ge
ziFiZG#6=C)Y<clD_d1<bt5gI95nZ8#zFzm6qKMMmp<sy+gJZrDa5(McSZx*i2lI!}
zC=xrbLL`m)r;`kGJMgEDj%uM;m@ikJ9V(M^xXG3t#)I~(E^@s`Bwp*f@mkA|<NUWO
zl*L1gmvO|_cW_eJ?qy}sXbRSvE{1-4`Xv5@unk)RgbbdMm1>E)KRN$qA#WWVM#IQ=
z3DznLx*1_ib?LS*5vV&j*vgyQU84-es%>CPgzd`G+H9O1hi|QA5B1*6ge3CnJcWR$
zuQ}TZDUur60yV;!A+R@-dCnJSqR=5a^*scKi(D+7W$B0l$wH0;pR`0340u~6Aps>~
ztzqke!I4w6wm9xUY7YU>zd8Nht5&Y1bs~t3;#meqGwJ-3)O`@1HrgesLW)MI0Ez}t
zOP<#%11l5@lDg5~*IWdsuve(Vor{u_aGiLpEw<465!3{4`t9&mN}u2?%2`XnQ?^Ar
zr$#<E(>`NoWy*!D;zbi9RYkxDg>LT6f_h=f;y_?apvwFL5=`+&VANnE&p5`8Iw}uF
zQhFon$_$K+7`dpk3%dF{_nMpk*H?Q6<3`ZQJx$Fh?TR<Uz1%KNvQ9(VorCP1UcrAx
zSUB`vs!$gkr5s`rnzdiF&KeqLZ1Q9``rX$!W(^qq3bEt#FEDT1?)sB7L1*N}tGupp
zq~fC=72N_`+ze9YVCDa)JZiNSog?p9AW>@1c^9K~w)VE@EYrHk%nW30O>$DQjjs1+
z1l=9rEv(TaYs)J>QlI;9UMea8Chd_>^#6z`5=ou^qHlayXv#At8Zun-gO~nNHJM)!
ziTqDas`l`g6|`@4y4H@{y-=djc|KCA(Pop^4U#SAlEnYrdj-8nD&;k<V(FZQp*CG@
z6}R45v$waWsX{(-I)_^wb;N<fRzamvQ_28+b#pecJ5w0=^|PV$J?}{UQn??ncmBoY
z&?Z~~IX5o;{cYeJf=BQflLx}MsGsl|I&Wg&ciE=5>oJgbHkF0RY;bUd(OgEVnia2)
za?e5;d9C5aw5E(kU-34-QxX_DnMQId2M}i-8?jmeRh~sRfyE3&g=8)^^eJzyX!hZg
z{n3!rb$_Oa^`bFHD(D>dV$JvUf{UsTWS1~E>!>{-H--T9CHuf;D}G`tGo!KH5%G-V
zS&+YdBWQ&*^*B{$6JZE}4HVsrkh)Wl%?RO!=s_bWaGD5(;F;eSu~-}c-j^!&3(*n0
z)#v@p#rvA)Bs+;<#NhB1uYq%l8NHQeyXp;tEC!3I;Nia-n!zv3dK>CQ$7m<OAeskr
zXy2<ghOX<N{xHaQ;P}G&GW3TD59E*w|Ez1r9oAvZ#S&n^0t#0&OdH2+ZR2hZtID%d
zXG&DrsfI}nznyYJh$(}IVqyYG9vvKg9Rmpyt5Ndl|Ff$);4|{L^l`lHyZ9xN4aeO`
z`SDC{)Zz9qjYsee_MCQBBN(?7Ovv`rJP`H$9{`>}VZY>M9^&W3LCuskqipG7CskLl
zLb0+&>Ds?<03Ms@BnD!BV|#1&bp_Oe%f`Cc1u?dvdDbOBfGKVS6Ra+Ppj%uhkgJbB
zFO`!=;Ze~=VGo4I0Z5uYW%-l-Lh^T1b_gCX@n$AIO39~7yIWh!N2@K}6}VPNNw8Oh
zyPsI5J?0u#kQp5m0qm)kwly${<z7$)Z85G!_#HHVVy4A~KdHVhM*Yi`8jTg3TQN0z
zTIgV=(0tf7DOo}?TMGTZ_|};%xUD-CB6}L@891ykO}f&&wj4xe@95tFc|5E&ALKGI
z7@C*pElmW_ATfPSRD}DOs2kw*JOR0W5%J}x3OE%&KB~p&OR?MG42w5V5$%LHM%PBb
z{OXjjYM<7@WU4!3z~1=c=L`_$UnG}J@pBBmOM!ZU;#XKCCNC#t<#pxcb!Fr)l#jnu
zHh!X9Tv%Ho{;z~YoH`xy`ia;}xyy;f%aJ*|q}(;DE}+CHnZ+P*_KNkxY{N_C?WMgE
zBK4E|g!LcYqY<w>u=#)*l&Dhe<9Qrwia(~hJMctXB#fg;x)cRmUV(!M$vp)L5dhCK
zFMPEHo%suFXNiTkR@VrQ=u^nqlE7AXGB8oZg_AU~<d3BANqIYJ7vhT7Zh0+@jtZ}<
z(hZF<-?mrs@UM-LwNSDHbR)9rJUePYBE}W*uZfsy?fEbw4@8odz*H-s+>=uU%2k3x
zIVCSoRs)*>@h)#_35`FhIZhDE+sY)G@~SIi5q7u>RB_flk`CislU37a@f!&8JTd0b
z^uhP%{Ftev93i@k*#Ir+;`U&mr@6i|qAPwb1yq$dqf`k>Tt5s?a7(2y@2V!CRwT4|
zO@1hd*fFV(Fb)e39eJuv)Q7aefWo>B#8pr_k;N9}>8###FUh&%l-^*<Ey@y!Y0tGj
zKb=;v!VoR%raX&$6oau?mb@=IdV3q96D6%$6}PlW8UxvYXZdT0%iEa^%YB#IxH5}f
znfAP)oznTVFOGbYUTiA|7;dUVOvf$;geM`W;_z|N9~@c0YZRh^VoPW(URsZn975HJ
zHnK=JJ3<5%r1M1-)GKsd-=Nl5>_XGB;1ACj^+A7JK!-$71@bNspOrHko4IB4T#{Fs
z$~tSZ65hjcre)A8Op~{HYuPp>=Y_>;&I+r{Y`2zY>W_?~pf5R&OOEa_p%k7e<UxY}
za-KCnt*o&m{z7U8_+AEjBEOu7G+E!=3{};a<6sj>W?oDTB&~&T3tOv|aA(wFt-V~Y
zJ-Lmo*BUSV#G(Cqd+jZ62hR_*b$jj^o;`3v5*zT7cMcutO<Sv$(5J1j4B4>rsCu3W
znm8v)%@~f>tIIuzs1A7+tyKw#*_>h8LVg)MIssZ+zP)waYqZyQ$UNZRH^wk=c57$%
zb*~Z>5=*3EUyo?O0XGe9-^OJ?VH_%Q_pBXOm9AlUKJDo#jErxT>}BGxF@rdteo6Nw
zU7=E{1vJES%La>9S=7FJUr*%Il^$SJZv_B(MGeib{sMyq0B;0=1~h_{l)H*)ZRuq;
z6&TOE8)-n1EvZge6`keMgiS&gAZUd661U@|e3?GP3Ny>A%!Sz(o#}pYe*Y)G|C8VU
z$v?mQ{huDNy{XYPFVV~Y{tH6Du89A-UEAAD-2d6j<G<$dU-L^q`6ZzI5>S2#=->1b
zkg5ZI#Ek84$$uX8KT$gRG`NVfSXkr4#T)V4TMS{1qE}X6JWOol8MZ^T#@P$B-SHYs
zRzXu@XsbFj(Wlx&<5skPs!zIz)-=YuCN7V)QBbqgSyS$6tc_%&)@-ynnpZt)y6TFi
zwMeZS(?ty&>tS><)c(JwE%ULlX)*5V&_pl%$A(u8Z$`-Mg1j*_@<bHXS4`rhs?6Uh
zV28F4`4S*6RQn{=3`}`Y_sF?r{njZrebO@wM1=+oymEsULfklrY^AL<3XD%^Rm`~f
z$(xN9q;XVPY@Va_L{vWR_2ID+GAv{m<s}Bw1eHH2^lUQDDD{Yk?W8joEi;fIFG-fE
z&kyy_4?)C|LTV_y$Wo{jGQ;HwBLkmF851wIBFgFU;LvLVgc#EeOmuwV4?K4uj>&wt
zgzQAee|Agd^7&T%AT$|X;{wO1j>4Famx>0!4NB3KA8{(>byA%z5+<7%+f)22f_g*8
z@u8Q7JRYGaJy=Z*{zAkvFvjrShbG1Yl!NfJ(Tl~aO+tINjs~#^W!r_w8OE0y-c!u&
zw0J|CdzcDTpo5=SDe*Be3agmOxnvPY)3!BR+{FlcgB_VZ3n)m&&}L|F4js(0)&dM7
zIB>u(nQLaYq+Dzq)#}Xj(L~#z^V34~R62EFW5WfBH!-r489V9y6pn%h$F&6E9_m>`
z8~q0{8XtuMHew)XPDS1_U{d;XBI5Pd>)KL8%-PFvotrpIX>F|^t23<!5t{C!Rw3e+
zOTuO%#x>qc17$#J5d7AopqDgu6fR2j6k|)L|B3O$xv%I{dEG97%9z=wiUMTe;f98=
ztKlrBb$Z#MOYFQQz<(rw8tmwxW#KVCrkI;47ca9TcZ!~)H1N`6K=>#g;5U=?S|8e<
znuBipeFr4rp9deC?>;trApN!nZ%<D8@T_?{Kw%y9ss>a^tMlQc*B=}=KeZd-5=bq0
z1b^DcOCTM#-=4j1V8%Xa7he)7Od;b+VaZ+>*|uUA9TE(DDI{eZSXz#6-Q@`7_k3p_
zgcapoUl}`9P8>cI2wCk;v2^tRyrZ2*9qOQCRVh}NhYx@S*Qn`RD-L(QrNbSvMMPix
zjqUtP9{N1PagWr2(rGbea!(hwP4*i_R+e3(A4;V_4b*8M6sn-4mDH*p1>?gjJKNuG
zj?J6R8Ng@%V3)2r$5;QYm)Sr5AzPc{OMwP1vWhlgm%K7<o8N8ASpC1l$yWZ!&;RoC
zzx@0!|2*~l&$GWQ@8f#se>?j-Teax<Uu}PXKR^G=&;RoCzx@0!KmW_m|Ni~X|C9uf
z^4#tUbJ6fBxV~it{4M~QcmAzw1fa%ri8VasqwPB5Xip|@fMUHPHbN`;M1&^8kUhwg
zhxcN!(|M#4-;5jE&@O7AL25=}v7jYb^2~$2*!Pkvcyt4U(yyR5v8P713No3fjf4K|
zkD{l8|EA}7ADkI%Fu*s}CIM}8#D=M!>Ahl}XJZ730V>U`N;4LuUl5V;W%|ZC!w8Cd
z`v<SfDg>x9_<V9!IjI~~dX-+k(s}?uvXWP4$H$7PE9ESWXz9yxH|n10iv~-YIwU+x
zlf6#MM3|^}a)wpl-?a);*|mxuVbP<tiuU?g7XDqUFqK`aXbX!TAFovw!|p+Ghdiu7
zSSxA3tGW_Edaf4#)&X8iYtE~1DS(oaVjKi{!DRu$91x}y6L_E*1(;g)7Nsn_js|if
z@&UZ1hup!lE@wh0(BqbRJU_nmfX7g@M+~Jm#Xy!-=+|lclNU3G^WF?bMl7Ao$Qa-#
zL<G43@w~x653a*~^SE1U#Q|@q7{~l0+l`+8IWuHy7+{bMftk|yD6AjD(*_%FY1=k{
z^osb3GL)%j67z-c%aDI!RsczS#)P0o_fw-?79cSmk2W`_T0NHdlfTySRXGgG!^P~m
zjL9cTofCu$ps8D}j26;KGSdl^z+O<QljxKMwFN50@05fmVe0}KwCM5{=aclzkbHyG
zaX-Wg&hXdL9Qe;fv5;ftk>LIXaH;7yo<$6}GREaZTBk1XK!@C@YzCHLyz*~YHt_3M
zmY8_1A7}vv>yJTC8BE3vSej$=2Cb-1PRR4pgML`P6tKA^n<>_9-lnVGJf2=-<SRMo
zS!~P!FECgY%Q1N!QwG&gM~Jb$5W}UEWPRgv&a#eqp2u0@ddp_3@v=lk%HC$LFMjm;
z@astYID+pd;`<4FZyn1j$7Ko~HI5mOgF&V&$K+sx@8Tq0u)bu{GPzQ89SCm>d{umf
zJxYG{Tw8vX+b;cnNNo@R(*ooGA`1|@{E~7C;q*a|6Nj^+sgz3iBCAr$Qs<TMMOGy~
z)Rap2BD1A%__3pk$hKa7D5RWO2=YTh6SF}~<Rxjl;y7V6!>m2NU>EV*gTboSkYPZR
zcq+xJ7+1D>x3~3%RiO(Q0+uJ*3cq0lI#xp)6RTnmExdvSf9v!Xzfsxn5iO4*Pt3I<
z;gPsRO1;LZy--JxdHl|cNOT5u!Uu(AM}%UX!yF~tefZg*GeiFu#y3{ncR<_JR$`Om
z5Kuuz2MmE%MNCDInH?^vqzs!62T4htM8O{5PhvHrJDcyg=9<e{NEzQ7Hx$;GsuDFx
zp?a2*o=_I7hz!pBI}&0=0L1U<o@GHJv2@scJ<}`w*K1F#9OWogHk48^e3@327D%!Z
zK8_a+JD*Y^d>O9>S|n}X$vW^R=#L_m{D{#oSa^dHgGJ9w5m;MHiK5iu&1#jfV6m1{
zqz=)IY)L~z;m|}>$ENKcgT&Q1Jnq%Q7z(P>)3U8g1lcTomRndIM){y@&$FTJ3@Ime
zG2D;}Vxu|>zXsoqf^WUx8|-_9d(*>R7k080+)#$pe(BX!J}Bubn+u{Y=r}g9J;T0a
z-Ch$|7uF$#kuO|$7yZS_k^eMo3lJW<epKlOBSya#+!B;^>|PZniS?StQKYlK{jGiS
z?w1*6)rK!?^U9@r$8yg1=vv{T=QEqmFq>n_b)YQQlnDvnt}!J~n1)uf>o_n6!m3lH
z#YqJOo`ItNxQJGHYE<e^M|t~>TeTE^k%DvL$o~{<D@2ctkR%ac{0~mb0xKz4?Ex1~
z!D(X0SSA1vDnNAL*lIPA0r2k$X&@?EwVHf4_vnZqP1KTG&J%E)qEm8lD+^umjs2Nt
zLkuN-8ajLlqt3n#{{M5iMo81^@C<=gA!>XL>?&L$f#5$nLPL?ZoCr_4wlJJfyH%aL
zBE2F9*336uk<X(+K5zW|7S!~3sPhzYUSU|9GQc{w4T@9(Q^N-V9(0)sYBCje`mxp9
zsBJ4~hzS45Lks_YZlUAbJtJcp<>{r+BVIIt3j&sI!k&!P%_xd<n7X7wCepY`;nW~M
z=ya4I4(K8c@@E6<R=;Ix3H%)aH@d<@XUz9u8e=@j{S^;^c||O!CmNRcCiF*6S_~ql
zYKn*+!Vkcqm6y)YsRte#8l!8Oo~PB+Q%xv<ClI7lZ7C0Fq^iv+Q2S#lT#qpByQb@@
z(ZMv>w3fYAEEiZNYPyLyC(@}(WBKYUB&<C#48#<wD!yK3j#+A#k@Z8%%tMN4CW6pJ
z{l##d=CfLd+RGc~lM`1X=aaikQxc!Acny5IhVe;$eMmj(FlNz}#hIEVvH&T;TXoea
zo3?BdF;AuT$j<<RD28es5?kd`6o1oqv(+jfx2Pa#U94>qgHFv!Wdn`S0mb=h%Jo9N
z(}kj#V$fM{7n4ZO=+^Q9%G^m=gT#qn*WS051uqm@$vhYetdBSCg#!=1EjR0_m{G@9
zS!TUkiv**Bew1>!NhLw~0?%nVj+QC_fvlgZ3ACC*$S*#Lm_mD@Kn#6X`;M6vLL@Fb
z(o3ltnSjE|3l|`CqJ2HE!YVDt&=y*)5+yM%ZL0lBwPA%-GsjxyVXk8hCxFDn<wPaA
z2`AXkV`)f8HczFT<of*Q)6&Y78BmJ45+AQr{%%CGdcM6!^9n5SPncvBGsD^aI@6iS
zcw_UDeON-507=BBz2hex$I4Gmo?=8<d5ZFgW2Gp?sE_0c%Zg!fHRcP)<$6YJSW9T&
zS*45Ev&5j~$png_we9e%hKM|(!>OtdWywSpCzjw(X7(XqrMLuGi5`li9cg9Ag`v_c
zr9$P}9;g?i$z|Gk&ukK(pS87=n3599qm|e(1NC7I2b#Ewph8<;+lgx)&(bhLdSu}0
zG`%LdLq7sP%X_(=GWK}ntZX$?iHi<4RX2-3OI6eqZA|eg;*`DebdUS6mQ>@A{G3B$
z7m26nZ4S(BL77v@2dgno24_BJ;~Be1d5i~I$>&2%Nz<b2tiTw2uhDAO``xp41+ie8
zv-(yvBV4ig2-Pkko7b~a4~05WwoLnUE%0d@(E2@DOYd8I(2vmyMWmRbJZF$+)Hu=4
zsSO4M{ZzdpW0-4se8ksbAic%5L&v?QT*#mU6xH%Y?p6>+M_25Es-vgNjFG<}d#NxQ
z4(}5Nz$Ymf5&iTzv<>x0DLL`Khb|IO$of+3Bgi45fjmOPeY9TlNS!-f|9PZZlBAA*
z2OZ^+v->3mjg=GgB?=IWv!35Y8+yEzD6`tLs84aMBzy74QLYNlOmf-v5~xkpl%l#8
z*N~)=RsVux8D$>vgb`;^92qY2ImJ_qHN*{}W>$IUSrv2X;I68O71k{2G_jW9`jLhK
z>hWW&(aVdjvzU_B@bY@0X;KqorpH53v&*fMPXX_M<)I4x4dQ?7>?Y%XZ0GSmzDoR$
z*Gl}4H*dBNwhr_+yRUa&Z@tc!)_->VkH0(4wQ0^N;N|9*uK$C*y^Q!De9cq*kAs8l
zy)EDc@OHcQC$^Wz|H$J%<@`U7|CE1zcmDsI{Go?I3v}O{VzgcJi{d}Q^55H!<$u}R
zh1Yrfr?2qAB;SXY+j#LAzl|;Tp};+4F+?>yMP2uyuz}|;#?a<Lh+z7w)|}ba)WS#t
z^lY}64oz1?9-5gW9(oA$UJ6{q9q<fLaA#E>&WP?=bK`wsYTUJ`&DQL0<~6no#&~MY
zbaRF+@~o+i2?f;5*K5B2=lg%Y|L32ty#Ieu6v!3(|NhQ)JpUW$i?w|J{~Dh>{$n2h
zF^~V4$A8S@KmH5ke+z>~%Ak+x9-R^TF(|@#!VHSt_{4~d735C?^oo1l0E}ygQRLAX
zRo4>C++(@?LL_n|hXtmJDj#r_&JlI*3Rsm3nyCZ)wdBnCab-F6!1JA9+u;>Rng!92
zQvA2;0Zj+AjDKMJxxKPRS1Q5-hpQnbep%IOGf1t*Ca!7n6hkud-ssBl%o*p$x0XyU
zfgcR1;F%uNL<$^@l_)(8Rxi`RcUoM}WY9;ImL3!OF(oHTkjd!FQeFi)t{O210D<~2
z^;JqAggt}0p$7DWXQkj}YE6kpO6c;kGy{S}dMtbOmnA}KH1AK^WklhYh%RawdD$id
ze3|GSJ{%x-7)aw9j5fvgrYQ-*%2_efG7r$jqG>4EVE7}6(MZZPUN|*R+I7(VbrZzN
zBylpPY!YUqgV(9OD}-wh-rzK4E_y9FlxTAjgyZSR*z{i=YgXa~EBs~Bodv`62|p4l
zQOTIxFUj7c=Iu!Y(}K==_ki$esic)m;0?@kZ(Q~dHXEUvOPIqYSk$`A6v&pj$!kg`
z7_FQc^b1QejiV|gA-QhKx;M8icu?2MWlEa3waWDaH>yK=BMpUBXHLB9?;nK~(emjM
zFKh_3d2*(VM51!CJkLyS|I6)vx&1Hye7XHk%6?y*0cM5$Z+l<*e+2no4z_D~{+HbT
zm)rkx`(JMV%k6*v()K@H8uMO-YWlm~tsVTQ_Pa}3x&L?W|DF4P=kkA4{ukCfZ}ZvK
z|Kt3>_u;?X|2wz;<orLk|Ky+Fk^hsGy(P|eo@xhL&j0uJc6Scq{$B_Cx&PN6(*Co(
zo!ftM`%iBF$?ZS6{b!~92LPSQ%(#X)v6fy@!TM48)pYL6Fgkr5m*6Wry#E+_ch$=L
zY0On@NZ&kG;$H@%ncvtEMP*K4>338KqBnV-%_H;+n5H{4UB~-49>pqnhG*+jb980Q
zEN|L)-|IC`JDlMpBc1>Ruj-nHJ*9+)_=WnjE&DUNGN(q@yhNUHpVc*2?b(U3@UMm@
zFmU&zbJ$AOajfx3R)8wf5e0X%5~lAha~CQR-M=n-4n*|B+3BEra?+QN{{C^$JUk>O
z!%B;pZDRV}>a}Z3{IV?bwtMms7*_P>;Iwl%_#65OS>tcztB=ihADe^IX8!|)V&T4N
z*F*zzV{~m?n#{!%9)VL@&_=I2IO`sXh#w(V!uP$SL1|?CW4;*v1LJ&@2fD5l^lS{$
z;a^eaQOf*ETL8w#jDQH@s|3+SA|No7Nf7HJ7*zM|UaNK7`~)ikzYkg`?~Xg~#gC7N
ztpTxtqc#EK#KQPRt}&mVp2@wVD77-Cpj?dng&X8oj(A2!T_;=81ubwR1GXM>EK538
zMm!`1B=y-7T``ljqAN(&iabr$N-hXdG4Ud$E??ZT0{u#sN?AXmM)FM|nSOi>c%l^K
zDH+S}gRh2rIX7I-3|=jUASjGr0Tt9V=HmOW9=dc24^~yfC^?ksP51?Eq|yoT%^;C=
zP;iRUi#euXJQK^b$6V$^4>MVqCoI2mZh01C^fS6KEE{Q4m+nbea6rwfkyAC{JB4W^
zw)NNgmR1oCe@$4*z{5Ff7p1~#qxnFoxv$rFO-d9zu@~qNdukgz`jaTgO6c^|>xLd*
zTFBP{%1#)eM?=;;2v{>VLH*hg>kjsH5KWF@!)$e%pQ@N`L)SwGP%U83P_w3hy>^EK
z*PNNR1KXOIXdJ+Hw_+tg?z}dAwMcDyOHF3{u?u{Ym5vpM+_DZLFC}5{So0(MwgJdg
zp+W_K!}G`}kb2GD5g*GY4JC#F%!^G)LNK>9{%GJAo@rc-j);T<d@rmmd0lFo&}1ZI
zil>A`jHjAtHI*(wk0PP5Mn)QZ-kZoGk9W*Xt9NJ)7njnDT!|D5Pt%IGY}1&jB}e=L
zl*KJmnN!?G(;#4uJiglsNkh1iE54}0+jYU+6_vUH>B4(}O|FshZm>Qz?sRJmYj5f`
zFde*x<jG^RK4ki)zj}3ji#eNPu7e_>5N>ni_bH_<X}O5FG2#vsS?XM=qSV&tjc%gl
zLr-y#RzW5lq!lMo!9RFUlkUIpN^({1JgIgj;(1G@GyP;kpJ<Vugx8NYDA`IPhMHtd
zYSz;Glm<k(!E7-FAm>2Zr919ben)D&QbxLc>RS2YyuNdxq#VWk*6arZcwXCe9d~s*
zZz>G`yNC^kctmnAoOMKVv2&6TB19{8??Clg25@r!Np>rl@jV(M&GAsuv|JcH^+XXX
zfuJ>iI<Im^;jH}eQE;@78$-vj<LSfr60h(DT8>o{t2(u!T=5lJ@yXP|1AgCM?s~Z0
zmg2$iK$Z^PL|;Yspp;O3(LE|MMZj7ZN*>C^l!&u-%3z2~1xQFCBP;;DNXj<RD+h6R
zbX;L6<4HQErw>{?X`b~zylsP~*p0eZQ$miEO0Z^;rIaxze57`=NuDFVyO`lVOUtLE
z5!zh2mqv9orhu!g6%&1;5dwbEKBx5b;TKI?8QE2!og(t3-G`9dsfWlG`oOBW4z}mi
ziN=tO4I%YL=2pEJky<UjJ*UT)jPKzYu*Bj)a!ZG!6hMX`lTfWjDIZ`Qqo0g93uhWP
zJVY&~m@`KU7gPAczU(_A$BwO2@p>R%qkvl?8G!Qzke^V_8UQ$LozVTFE?<eVG6`w@
z_D}uwK!}WiLHp}AE$Rhrhs{2mubBg&6jEH2+}Fxm!0)Jp5MZj5ZMs~(h$MIlm<w%F
z(W%}DbDPgDZ4<9M;NFUcA-O%3#;{HMLa@0v{S-?44e#NoT5Sfm%OEwXPLvkynoz4v
zz!s=Zyc-~3mqEN5FQ(Ib<k%L7Tux|xm)0nt{}?cQ>*2LNs<g?iB{bNf1B-{N3rNs_
zf+@W8qEg$^yJL}Ug)8Y9LTRW>!H`jyi7i=0*@|B)Q-oPc{^yz??(kEI!Nfol4#>Du
zYgXE+D9x;(Ck^DC0f?PGH`W7$-4zu=jZ&4HR#b}8c#yR(`gk1}QrSw|=J~r-0~X3a
z2Hx>yg`Holf<lHgx`~>ErMwdt#v&O5d$f?GWrlq`Y|*YHj8!H1qKr#g5>a%wN)-ZN
zALk&nlodAcOn)&STnpHxlr^ki;GFB`;pIT_j-D0@+12p$2e;e-UI69y7lTx`T2eR;
zOvjlVMrp!J3WvCOQ56OeWp-(nwjy*N#llc58`OIAsQROfAR(6}RD*9pH`uPgB4Jw>
zNl|G-To6V>k&Cx?|BH!Lijc_6O45c<WI+aVKqg56Gco<qRTZsaRc@a*-Q*p`@VXzM
z`Wxt2D#;4c*0Dd0ZnO3A#b@Gx4;g!%<SV-Du}(TeBVCfy9QRT;$O@$s-Ro!z18qb?
z=|Zzj&_vBHf6x<9HD!+q86(V4)X*6dt%ez5l^~IGF;*HNk{|z_DiXr>>0`o`xe)*P
z*=11Du<d~)XC%FnR#7h;N;5w!_yH7+YHpe_rYP>7ISyf<^acNq-AgS8mlZ4V%fLYg
z2eN~(oMa~=?VaC+3URdGKx}t9tt$`3*;2YJR=!X+Fqmr$D{jl|Z;5V{aS?<It-^kZ
zW~cf5!2ZVIAM<VwGmRFjIHrp_Pp(`_kkpb^Ba1sl(~cUm9xdm)OVv6LDKlXcFQuzz
z0kwXPZ<dNy9GYg!4`~@DW;f>=KZpt0u;=p13)fCHHrUqC9bb!MK8xZVqzWPGmY`_g
zQ87kbhaD}kT<GF5Z8^EUrB)+CER|L3+Ss&(aV>Ehm)qPOw~oX;vWA!y#&_ls*)(D#
z<4rhoG+~cSaV8hG#m5VXO>3@af@nEMeBGEcz{to1^11Pn4ba4dXKTs@`V}|Or5VNZ
z>EeGzy!{p8df0{VurTbxZ`ZMl&?#LP2Z+kv9$#sh<NX2Zbxw}Ms__Gdu!3raN?-`H
ze;a^d5|K&?lZ*+QiQEoQyf^Ut5NCr6`X<mM{2rR@+OlDJGrTH)Gq%Q*I7p8O2gATb
z7@r+4Ha)<ci8@g;&O*6z*!q$}Fbu<u1~6C}qD^|F!;>W0smm;z{8lXBBsHpV&$VDG
zbupD|&vFco*hM)R=@VmW+4o$WyV=!}l4wG=N25}x6sO6fk@h42T>?;8UL1BIu1Y<^
z!aO81Un5piF&js=3M_oSbwTk1xStq3sa?SKR@+)RD1k)T$ONbp1G;Dzi4LrSWX!Dq
zjL2-pCxe2LYLShAQw^P1rStxD^<niCMNE9k{6xSMQsw6qO@)X<LpQr$3ac%gv}#Kl
z9lmK~vaHt9gzq!YWE0Ev$V%WM;~+%fk4=iqkT5(#2k?M@wnU#qu}u}y(la71Dr^oo
zS<Ge0hL#>=CkwaO7@Fh>wTnkp4N}x&)p=^wAqWW9g|#fhG(XEN!m=V+U6;mDS=MbQ
zw2=d4`Bx4f0NIwcCqwdKWnt{z@f^ftUq?|XAXe<J;0=atjRz!0t&#X<op$+K-4cVS
zZSQDb3JZ9jYl@|A3`b9g=Yg`z35(9CpAIO@b4SpA$+VG_w6-h?lzDAC#<+u-Hi45j
z#^#M_w{~`4_m-UwgaE|W-LS7mh}Gn>N?H|{jEO4+dSYmc8ErMD{_8DAIf{?ZMH|G4
zSD;LzS!zfFeGh+O60q6Gnj3b5Vp6B_`qivHY95Y7Py%_X5tNf*pzy2&kM6JqZEcIR
zf8{!h%d5!QMWghXthiZcB#(iSmas22K{!xDCxb3Z2p16y$OMOLK?z+nqTm3n(acus
zK!ZwYP}Edf>w<~w2^>uDq!2f=qtK1Y4zW!11Vt|<*%9(iN1aRNmmc$zv_gC%y{@pE
zU@H|UwtREymC70Cm|V&29l-<-K0j#EDsWxKPTv$(x3HKk(8jWULqUa=?M3UMRb^y&
z1DXSsTEvUY*$IcJoWrRQ)EDuIL9Ku$1_uu<DN}&nl%x*<Klex>LKz9?X{u-94GAL?
zQNS(y`?*=VA;U9TTGM$d0o(?N+X(U|8(=t&wtlIzBKdp*ErZVQHc<83^qtL6;|bDe
z7Yj?dLx9oG50Oc%K(F{jZa;R1P(Y>=g`&s>CiHAAE^68jLS05oHS`KmN!l(M)^(-S
zJCb6#C$o&eNS7VBs}9?g3Ua)r5~xjh*QK8`h0b>sR#Q0U25b?W58&)x88^rdrkK{=
z2l0^kw+@Hw#qEV*d*2FmDSYxbwiE3anljI|Zo7H(>GOlmjRgVb@7OocrO=`o821B!
z>iH(RxSQ4Bq>v2i!4W25S+yFt=EQWlbqDZHmrE2#;xfv$JKW=*QjvW%#PaocG~f+2
z*yp=?!V5UXk0*LwSfu02qB=-IOZ1$GQxm;uK$CUu$g23bPtp7^Q+&MW<sd+Du~OvL
z;`8F?hsNiJ`sasq)9YP@C9K+bKw5(Sf=*HiM|^&Fk?6H*J%)lA2Q|ViUsj4qA>_Uh
z^;TYGT_re4*@Oawe&!)S>q^I|cxHl0O+_8lQ-5aGiF>JLluKEDDL$^{%p*rF;p_Ui
zhT_%Baf|at$g*apIVQ(_%+k#bVkm^-dXj-?<#Br;n|d)|!rR|BhTI7{aC2tjkRE%1
zQiZsY!ef<+y)ClP1Zf0@<JfaKsVL%%N9hNXoa`Ec>dv<=;+AaMePgAnwTo0>oJ^_Z
zL>uXV<2BUwF5;F?b#3?G_dQjTSNUtq_z_(;Xto<D<U8;$eXoQ)NLX5hjgdqQoU|pU
z1>6iA+`dqax^kTQ^qLI1NOOCmQL6P>+}SvO*LnZ{+k4jLwv8me^H(79sQ|<zM9Grv
z@WMSiww%?)v0aw3xjRM0f(TGTL;?%|O6IwAzx}3r-h%-M*|ICy1uBsVU@*^~o_@Er
z3QEL61ymJ(R#%7O>d{mY+5JX60&4pVMlB!142p6fP6yVj$!?MHe4I82Xw97VCO_MM
zD%z#e9Dc{eO3z$hg<<e;o#k<H>CjE?JRTNg>(1c7M*M<%jga#}`yN2<Bls$y^#pl5
z&n}YG!oDuT58iISHGXpjq<g;et+P8E4vi?m%)XlSc04pGD^;mf6@&A0OH(jur)Vh6
z$W0xORV@Z;B44wjVqF9B#v(1f36pZ7#@J=WeRZ7KQiM3C_OjH54Xmbs^e)DyE}3fg
ztnW|_7PB*}pOkDV<^=aIR12eRm>@$v)_Q=v1{^3<vy3A-NY!YZj;)~zR>BkGHYN#b
zwoupaG4yaj1v597G3vS%r$x@EiW$jcUY#}}EQB$rnpMTQ)<w_|k-=EcSyZT(E5h@j
zsFXF~p5d)fV5>DL<Ey}l4)>4EHU5>9$3F5=kz@EGQ-d>WV^h_K+KSmg)28RHgAZv4
ze2B*Mq^2r;w#Dq&LHi#i5q3rIEYO*;Lx3Ee%|G7m)KR2Xz@fCL_6S@UQIFW){5jV<
z`UbpB=rPWgf}QC}WZP}bN|G^O>dXuK71bUEk)f#27TcVDWsPl4r~7r5U9FbX?0V~$
z^eWA6Qt?^jDDx*f?i;<L%j%nf*;@`9Fz;V>+=jsciWS3YnOw&l6)z%7E(rqV@pOeQ
zJ?b}3aTybwgXHfe=%w*SH(O=y7~l`+T!(oAgfC%2<5DMUIW|MHRH)T0ocKdh(g+aV
z5I23Xnt~IfALvp9z_N?TK6^khkOTOEbEI?|>{(R;h8Eg-Ku%;pFu>zC<Cx~nTC*c-
zcb_2Pr&Z*n^ipyAkZvx%`kH$lapF*?aIdq3@G>spwa;A##K{Q^1?EDn<J3JleE&02
zHx*|Zc+q#<>yl6`y2Z_}d9vBy1||{$@ynH;&Twi>iwI6Rv&sTyhMJ@kK5GU#rZfli
zL9;Ai)%*JR-oK>w8z+ayCrEtbU|CrkOuVp-1wlZpKX1vmeox)((EnQvH&C%pa2g@1
zY6IpQa-Ui9fo>o&M^Tt#IF`k-q^<F$lXR8^?e@;>1L(+3sX%J<@%Gur+cQT9rs~cj
zp4mW`yRPPQXo%Ez9uoR|FvzC>3(oi6lwgnl+X>)tKK*wG(<l7qzB}F>Z+*P|H}db+
zZ!RI06VWi~SCg7jnfd?DRxY|7-=Hm^fxK4d14K1_l=M0-;2YPm$y>L;qr)_|0umEZ
z6i-aE&Q>`^UcqnamO(7UC1SF%;*1?k!BmpXOdo)AO#biFD#p4)X!8{#dIr=wb}@Jm
zOs2X+s}f(iAmne|{86+|@Zm@WP4=mOA0yP63SP%IW0UAsI(3YP4$M4{dqYWB{PN@N
z$Y~;?SPOke4#K2_SrK_kZZKB*F$M=$^ovJVeL;6`uvlWv>DJdO{!;1W3T|U5dGKJ7
z+}z}Ro}JqcaEhR<eexvQ_5qAp5-3E>YJX`Ys3oE3X{%c|TRs?-%tp<cDYe`6>Jf&&
zJ+K^ew~O(1@mq=+U7#-Cub846V{W#)&?<lMTdMg{YqK$OeZTQ@qg{ZXUIM0@)PWRv
zpvhzrlEZ4^j_3+vFa{tBd0>X%d47Qbp5EabFN%w4o*)}Bc2B5}tm@v(gh#X<l*fdu
z0?!=`xG!orr4<lNmB*8k>@M;UEG);|U9}dSFhvSyvB?fwj@`qQ=9s4a!745YE@<uy
z_5J1T@;h7CHg-ny8CSisPg%WZ^>xq@P%owhl8|X8U9!~32Y(ww@PobJY4f;1C?tl(
zZs6D$6QKC4p%^Z?8^?q;T+%$r)1pco|NZ$OP1C-JIpI1F>rE^avnGGT=+(jF@B3a+
z;a<9N0vK3=d*Y@(4^+E}!8B~_A{$%9)%4!Sy1}o@(uGZP;<;e!SB-;#$as^_vCCBr
zgzYinY;a^)H^aFEiu{YgMBW}GG>?R4=wPh57=Yqw$Tl{a%g^e)Qsc$}ydg{(IU$4+
zi1)5>2;8EV4?*7F3u5BcZS1@)>P~adr%SW%iUY_!bziA*;|Mke07AeTaLDqlW|B2y
zO|yZF`9KGoW)u17lQxYJ7sfuSms$FoTS_rF$QcO{UQS7)GoUK!PX@^?7TD)JTMH-o
zx;0%y>eBIb#izX6n6z}`S}YbABQs-c4a6rUeF-Dj9u?`+25JONX^MO*DH8NXrBB+!
zS(}a@ejvaBNR;b^F@mW~a!LjS!B!hjWM!mLc9VjkXbh$!WC;n?*!-=aXar^;q}wXJ
z3Yw>g#qglBLvL!^xNiiH&9%kuN)Qnmr{q6>Jz*|%8z7U4k90gwpWOijTz6AHZJzF&
z35VE2punU(#DAcV1sCuMH+CL73SI_yqc<z!a$y0yF$zd0J1k=LNY`VbVLAE4C|ZeY
zhQ;BjQBVosMT=BQ*rRdr!saV$^||=KSTj8^8x~Q#GJEyz>U1JGS}^BH1n2_p5{pXg
zZIop(yRZ=auIV3jxYs&}VXsnM3<F{L0zd$TXO{KBQ{?oFnMYksxtlPLoAm9siufRp
z!RGC18mPj4y5bA&nI)tvpw(Go@KYfzG$h@mqL#|0hD)i$)IwcNHT6ufE&>qscscmN
z|I^2R@A5x%`5(Ic4_*F;n*0y<k^^*8{?CI)`)2-!-M#%T|HGd#|3jDmv&;X`<$vh%
zKXmyYHs^on=>LxX@96*T`s>mEEP=%55dE#`|AT|!?txDK?>-(Lbo75m|9A9%NB?*9
ze@FlSW%IvPb0#GhX*j28mSEeE&B)%I#Ea#eY%}_9wMruX27d3;$LC=YKi(HF@_7-?
z;>r2r{TPi=8`3wiH}g45zak5uvJs3)>ytMXmt=R(`5lmp{P*(eLVZR5nJ4D~IR+4+
z$~rRekK}j!HNOWh0<~VqEyXiLai=CdJCr3k3^fT?{2#!Do;vmM7|3URmSUsMo<a2t
zRE$Px0+{;TFPhyvwt!h)$iK!bp~?e0Xd^ifmViN!ckqubYHmnDg9ccD0M)!pi*OA-
z;}Bj2Y-GXBYX+v`Yv(zn0aNNaAxN9TSK<7C05zcC6FD9`be$zwou(IPo=cGb^ip%P
zdB7|Va&kyyi(goWNIApH6<Zls;nYKr_Wa;{UB-n^CJdjtt8zAY3c=pU&RFUp+^{~b
zx?}MkL4}Bpvhc_AegAZCWH>A%1T+M$#`hLKJbZqdo?%>k(zR4K8wVxfk{j-T0q#6W
zS0DClkrrh!R?6KJjbHgfZO3qbMi0p`p7)icEMf~#pBnf@<52LM@Vr2W7g5lsyT`9K
zl0*{-nL%pW?Nu`aM3vYZjvi7Qt0|{T5wAndA_IGPo?Wo*yC^P{9mo8rPPdCQXS*0V
zG>eYM5k(+=q}h$<_vPlH6)7!5=k^wOcrM(gBh$42EamYvbPzt26=Doi49~&v4*7|*
zH|p6cKv+VDCSH&`<cS(ZypIOA+YsB)4CE1v;bEdSRX-F4)#UG)Y#WVNmfSO%{8G^#
zhcx&Tr;!J*jfv2{MU34iSO?7pY<>ZBIAA&&LMlSOqY=r#amXuiJa#?;rduy#Uw7X-
zn(;<3HCv3%PNC!B^j<@vDT2FJ%Q;f%m~(>XYH;;%87%q*%VxHATnqw9Y46MMnv&gE
zA&}KB{&E9#NZNAHLCJ|5^=vVo_#iRV6B(y98WbsHNf-sLD*SVM91_TMN)Sz4jW!7u
zB}u{O9C{%a&Eg>;Dl*5Q%zV8I1RH^fNx(ij9iB1phmr7yyJvS83j=9L7iDfZnJ!0#
z&!PgLNjd>1^0*#CVZ(7|N`=(I2C5W5HDF-)`Sk2=;Bj9|#0RLZ5psgCCiKlWV^OMY
z#dcJnuSua`UK*a<g4CX!=LspmVw{5;FZK9OtuZDx&m4?O4~AYB*`m7O;x~1*wsc06
zV4g}mQp0SXh2;){zatH*ix`-14B~TBjULd(a>?}BM~`e^<lB5K;sZG3zgd{fA*kl3
z<13iia8+h3uc87$7=huNu?*Z@g(6l|j|rlLx-fxL#7<}#Gr^3A;BsEU9{m7Dx*Z`Q
z(HI^?iT+^=LU0Fg&0{ceWbrg;EQ%`NDnTFcudjLn(oh|=UuvKd5P^YjGzKiusTwhh
zlH0J+1fSgBO8k(qEs{vSN(s?dl#}TqvPJ6?zu&Kb99WaK!Pq^{L8=Ge(I5%%wTQnM
zYOKsLVO8c40rNSsKH&Np!|jxXCsBQ8FEX-$zy))y0>r283z!9cd}fFdHI9lzK96d{
ziwKzFj=yS$$_YWZ<S<c~9p@phRJu!Ef_t-C=6m|3-gg2WymxRunGsl6<P|l_$~S71
z6%#)|z!jxR48k%T+1y~^d;qq(%JBe&?y7+hwj*sa81-+*exBKb+AwZpx3F-0z&)y2
zOqI{iOxI7G&|*#?+}rid^A2%D>*zAg%g@8Tanz!MF9w90W)QZmCi2X^!w57~2OzcQ
zkPbLw<!})A{X?LIn=oRw-U%?rZ2%KmtAk2bOu+8nY=s1v0w?IX0yb$t3-k%cS-oKZ
zywUxw65a#h+phy~4bV3Mc?)2#19U5BSA)p{x^BYH_Nb92w!Am|V42B{m;ynfzX>5g
zsn5a&JU10Tyw~WLL^w$5-9s4(%HY-TA%sXK94LecNBJ$E;=Ulaslq3)x%r=dK(<S1
z)^D?ufp?Jn#|N#K{+SxdM@=HrAh!TCCfNLnk3Z|ICZ*D4SbbggryR5_Y73p-Jf73i
zt2FszC1SU!AzW+(9U~YAH%UZ$H=^-=0aF1@0i+Ju;j3j}#`#ieHX=t@1aFN)5}j{K
z)Y+!iN;RaLbUJ|2hP`E}^C3Z^flJN`*aJ*3TY+qhRHFfQ1oC{EXs|9u1yd}7ixLXo
z3zRW}K<DTk18C$k!z7J!mxVtE4(d9IZ*+0b+thh`{9n!u3b?W2OLCs9vEG2TLETN@
zScHdE%tkn%*C2D%>LQg8SY9n+wS%G`K(`iDyEz!7aS7=Y#!w^EqptKVgHfn3NE9F=
zp=h8|&<e~L@?A3XQJCK(scV(lxwg@%;$v%#RLE?vP)P>atK*@zeo0wkL?Faj&035T
ztxb$aLB$|a2E0*K!^1I~8WvH-CLN2+-OhP*(G*5_76Km=v(l8c<4U+eCg-+?ZB*po
z4^=_9lzJqQn1+f(T#iba5WSau1egiv_iRVOYqpyRAf)je&H);2JH*eNl*%5?k+(@v
zH07MUc*k^ZI;l_sXEdE>1?nD47AYKu0WB!?={pej5rpQ55z<2l?!`WYnnZSAtRTD~
zd#O(&6@!Em88v+ql5G_PcK(ZiwU~{186!3{mL;2TCoMYcX)InMgPZU6AttIBkkOVD
zxy;v=90veTIM)IF$76TTUrmnQ9G>*~+vB${ewrMgygz*YbCm=tf^$f-<Uy87=&^-7
zV*^2L0#pfD&ht-q&n%U}8pj5u72__Ko86vTs6|R4YwhjVP8*N5qc#eE1<JCfy5bvF
zXq=D+f?r(d+}Nl3{#g5BZ}JrWg60qe)D|oZuj|pTxAg+08tDD0M%8ybi6XWO->Fa2
z;A|1VCh+WpWf?D)WwAwg3%M*3VT0zj0ZlyvMk|@p+)xseBjy4}@9Fr_V~fs9AtO#l
zSnjM>i}o7o!B9?0WB6Bg{tX7%X=4*mIc45pK(6Kk#-@h{*&069@+#ZX6@G}P6Bd1L
zqrO)yTojjtgK<DYi7ktxb-8SPsP-M9djkr{JWr%zmoz9-Cg=$gaBi#<LYJkYmfCbW
z>#YlUvP|=Y!uLXp99RiEUp1l7_{9g#p*8j=D*s|7z=JKiI@)UpTNn@6s%ilBNf<?*
z`})P?`RmufJ-%?&%pI>mUG&ifL8v=&f`AlY9^XN5OSO?`YDjZDMMzW^eWo9<n1bMY
zspGfWn8-}9s;$Wb=N*~g0nQ(0RmBJwhF0EW;%kfvSQ!+`46CoWyk@8g_|2n5sGpTC
zOEtO{Rn)#ojBjOvj0$;872@@QZ53_7n~bW@Wr740E}(*d?f@A$lv9F=wp<Up%@m^5
zW<_ZBsvSzrV0mF4sPE&|$hp?y+^M1MS}27`|E|@O@77#op6GJP^5;n;VJj!{Bnre}
zEyb)Il#=8LEw0X-h#x_fpGq#snyFDD1p&@ngcz|-4Ndxfm12$y;EgGl>*eeb-+T}Y
zv@kZ+q}Fi85?t4eC(t@3ftWN~3TfHnC^3^h)6{U}IUy0v1*9t7F$8o;lmvrPe1`P{
zrM_JVaSVrZwKwf;at6XI#~67lBOM80U*2E`Xh6FV&TgE7`;Xduz@}qbU;I|y(ptE_
zZI-RlD6mMj^u!FRG)_^Kai}sSDYeqEi7HDfb5G8uI+2)1!y+Pszi6_cj~-HzAn3uM
zXDiY)6}OzPg&xv(2p1F1gKCBYJgm5Fz(;=Yi6;4}$eX_Pt5Hzrx|GQ--s2UFU7&4U
zUEXI5h?jLnV{{oH<R<y15AdxGV6$uufcFbX*XXkGRWcT*Sq7(Ig9ZVpx_Onj*KBId
zPv}3ssY~Yb5<|SH0=sFj%8<1ryoyO@*z4xLgOp+d2)J2xYb^Drj76!WI<LSCF{+ji
zk&FO&>dHb}=7E3SFc+eT6g)s<GNi40bM98HXjq)x%3^PxGJ<eJM)}vz9;;qt<rS;(
z33EuM2HLD=tGUS=l&Uv(!#c+JPrz)1-LRM@iIHxW2gb$P<bW#Th^8$AL!E&5c~UZ)
z`^GtKajf%tkQZXpPch*{E=Y@diq&~hvZOTi%ZF+UN-bbOb1F$E3?lCaLE6kb%`NCz
z24rW&ev-C^gCuJwzZUAWLZm(<Pe9fi>oPpySOmQQTl8!RY!)HT&dK+Sz?K<Bn<^a+
zO12lZBFf(6o5^dTEwR?6l3OSFnmaEDX9S1w!cwPhI~agUhA5sjjPQnarX71o4h7yd
z1;Sw>*-l`6Lq-Q4c`o(Igdl<y<RrdpV0(_<(p(<y3lu197joF!g(P9n$l7enFn$NP
zG0CqqLc^W0@MH0Kr-XGs+s}T06(r?~Cyt=8!|E4PslBe!o^G+mcV0bO5_Q4>4S~NO
zYTrG?hjv;{!Nmr~VEC8Uy?M)95UV5#+45K@IMbLiS5&QF<3!OrNa<76^4X!XB(d(e
zZ!ILN#fv8h3p!#Qw_6G#UnL;OcXk}QVVoViVSvTLd54cviFvyFNXlfDN#ZgY)d2_z
zcaDHfM;=b+dKp1ec$PTS+KZI+t+`_=SPV8W=Tbp%#B3rfMl>R09(-|zfW~AC*u#xt
zLGk67ePE;ynl7wqx)?M#Jgn(FNn>hAg$A4w9IRFY3X?5baTWP3i;yal_W=J9Wvg;B
zi`dCW?&Cb?_cca;JiiYUO>v6`mXAkxprM*~u3&D)e2F%d=0;AOptmZTlX}!Sg49a`
zq7ni=bY@XYE*)TkJLq{OnwX@@Li5BjzIAL=mMbM5Lcse_OMM}Eb0zBq1rQ9BXelSb
zlb00CA7tNA@boO2CyS&MicXOkki8(deW;%y`~#Gzm<nXO+AEuteX>G%gqb@j27p#_
ztjZIQ-lMbW<PD~av}8LFeTBLj6;@#J64xXdr{-C&LO3GOGAJ$`t>qCW>u561aw+9h
ztP65Fb9u1qbH#V;H+6n!S+Q3y9ehoe3y)S-+B)+U<1_1|i%Bgu%yXY?0a|lkG;7rc
z{sWK;5(k@RSDD<xoLukYZU5t~4|D7`W|T8K)pueQa7z&H6Jow9_vW00*!y;NLU33L
zj&MVRj}Y&Grob~R%?wE@?+BM^%&a}3sAqFeXgPaN=({`hq{>gaJ5hYSlakXP6cf4X
zI$1_ZTH8QV<$#3s^g8dbEsFMK(jZbWMkF^&$AnfUuu&u}FfC-~F|v#Goo~Mt=xlQh
zbQ#B$(_k!TyiFZRI_8t4`-sla4wuc4vABZgtT3Hqt~4`vt99H;C(S70L1s-HaqRfj
z88=Dnf#QskyUq=G{8B9qiYRBu)FI0y>(OO);^|ljkQq&(t5ifeJ8w}jd{iXTa*NSj
zph#<6`WCQ?tMa;V?;E>>*Cw`!wKnp$eQg}Dx%w3;8a~n%B!VP)^r5!<lu<|exGJ&>
zRBe8~H$`C@>wcR51X=x7eiH~Osa3()hN9pH=WL6N0}YFoLXpX7MRLTD>Tb8HXE9lX
z<*GCif?dYbs|kJMwOidbc<S!8i0e)mt_nX&CbQb<bCJCVFp4ALI*nMHPK2EhP-g7~
z!ooXxcURhgz^c-wg=V4>iMWz1lJt2%KE8{ZT6goaD2te4tkzAfq7>eSw4#K^kJgUx
zUD&oN?RXP_;_b<NnNE(^Q!Sz@*A=e}IksgI)r}01SQAzrTA4feEI@n3Rt`%I-f-f#
zaAV<ITbW7s2#G76E9V`X94=s_c|^%kXEJ)&I3%u|kDOQdTeQI%K&}9?ix}RSjZT}r
z%5jQzD5NTy@^!YFs}1y#NvFr09rt~v`wjAzp0YmKeD3*tbsa?}*+#jHRVX<MSv3ZX
zDy|H};6SBg_|b^<0Cad3ZgdNsTR+|kL_>b}HCWQqBsL@(<sjL2nBA{A0^hRhY6dx~
zaUUs40JU(QT*q!Dw;w`T!*S$70W@=!FyUIxpCY&-tt>C#q#*3)@`CMNF+$LRV+f$&
z_~^%<j$Xg6LE^TVx66ujB+NGl_kR_;(B}GTtwu#!^Vsb*dI$CDKBYcc_0~cvu4|-w
z6t7$aEf^4EI_!8!$NTl}$;=1V!n2E%6y6dOUHf_hTCtQ04`tFacLW5;bF2u!>1q7-
zxbEDQ%gq|`(a#%>dVX?6<nMnt-gZG4a?(r&f-EjBGNl+|Udg%`%bLvOTfGktB+^&*
zM75jR*}_kiU2&=~f9DON&?;bAmJM?5Zi8zSGxTB5?#UYZ;<)AkgX&n8iat@N)$Okt
zQ=x~TV7`j2i4!~swBucKkhh%>Lc!6HqPP*IvmWJ^EVy>;B3&OxDvoC~AHY~{`pq>U
zE?m9OsConLQE4A6rP(29p1M`b8*ZKYE-MmD0T!(mi}i?kGyvt2ESB>aB(emrov(q0
zMt#P8_yjBDQZ*y|7xVp9VYA|8JL<Le7UlJ5-oB&z^$u0NF@xbIf6V%DBs>m@GUFKy
z4i;drM2H)S;SmpC>Pi!29^Pc-k%R)KW@S~PNuzw}epYM;YNED)5TM`+3MM9q6;S6U
zEE{RaH=FYPE<qs_%Rwj&=izDzj<-}D={rjJ2Xf3<oo=bevak+Aot*nO+jktsT~>5j
zS@n=PE6QYM=t|jfH%HBFsK#Yd<j{pMtE31?kXBqn!`!LM2y?B=s#VcR>eA8>&agFl
zBwbzNQgTQ{zGObj@h9w@_w)Mg`Q`cXd7txC-CD<+fBv0}Iq8=h!A|V<FX15L(S(@7
zhQ~Zq2d~kcPRzNlj!ianLT%XT-)T?rd9cKtoQ-E<t=J!H!38h8Jo+mm255flceM{3
z%-F`=F>^tg_Xua8=IPt>+z!34YolLyDh;F);SuNktyMAB6Lsmzg*Pk0_gZppe>f)L
zE{sRn3Oh|~S*e6a&--a=>S|x}v9!yui#)GZl?ivMq~0DI6aYV5A?y_u5r>t0c0x+c
zX$9SVHFpr^Hy_2X6$~0-?3Tk;r?*C%04IV%lf#OoU67$v(LACNU<|2Hs$j=i&*kjM
zTM82-%Ld%lK__IGC3_!T((*V#$d`gLDwQcud?vI4V`Zjfb@wby0_<``cG77vsjz_U
zH4r6ZalrgPlw2VASF-YMW2S2meHF~&Qj3MaO%62nffG^E!U1C2p2ijHj~E9pT-$wj
zCV84taw6M)tcg8$G4az92|cvXqq^6Vd)BNZ`xB(N3Nd~+`l&JRT=@W;sIi$&Ta;*<
zC>wF~*s3aW=Ud}cOq$!$kOc>0wZt3pdd*oRUY*f(wBlHfEB$_$9vm41wU?6eT@1&w
ztLlsE&WvQdbk(9g%j0WJSrkmY5@FkPFLOxxzroG_WL`6#wc5NOCndkyC!?Uhr)>N+
zE%v1{jcgo|pznzTV|%_QsN+>j9eSx6y<^5KbNf<j;JLrj@F?k<SZe50-Spx%1D=;i
zhml1qt|8tAaB7uzU{<@lI5@mK2a+E?j2nrptbyv*iM8@fq%^W;9{0=lp8oksas2tA
zih#D}!+jnC?F(VKr1Q<*kd5$<do6DJcsJ!vM}osqF9Rqrd}1RJ?7c<vS$0lZuVHId
z3?OZ+mI%tIp2dzwqMyR+8e|akkP)hQnz@xq`GzhONF3FdPx1)Y##VE$yy;zIhN{%`
zt5Qt8=K7U7Uv{lT(*v*$fd*|pL=)>G>DCYQNL7mvKK^bTvthbS(%Gl`ej)DwQ)6i=
zmN_(-C#JHK@alPxV%l%Q-e|MjYHkppX&?;SL)tufo}qbtfp}>he<Iyj)ATJ^*+ew;
z@flADBTsd{T(4{cWtd+b1_)Eu%a!*(+(=2g5&n%%Z7lqlrEcNquc8>nS+Gsd*85gG
zgN{QECh7QfG@`mjA;`@=E`>xmsS?;6<nJL8EWQf*OjN<!*<jI6wl`S2N5WQ+Al%BB
zr{KEgDdgb*Lh5M}%ORpw*JVgh4^B}jMq_GN<?>j&^dBcF(p>WKG6aIJG}&p_8hh9-
z{9L>%7jc0CJ(NW;x{OBY7gJ>8PQcKax6K8;gD1<mqMqHY|8+;^5dbz9Dhg5ZQdRm7
DlVajU

diff --git a/tests/trivup/trivup-0.13.0.tar.gz b/tests/trivup/trivup-0.13.0.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..28b94a9ad04a8e5f1dbb0b7d27fa5eee53d40827
GIT binary patch
literal 36268
zcmZ6yQ*b5T(={C1b~4FKG_h^lwr%Ugb|%(IGSN(ICv#%kwr!s8_y3-|_ol15cGbS=
z>fL+wT8lgm0fF4e&;|<Z;b!aQ>B7ju#LCXZ!sKD<25}Jx2CVVS-F*3d;PR~rMUwF(
z*D`u<9Mcvtu5*kcTXc3ikdZ-C-@-YN{g*$zeOz8o$TS=}i_AHAUoTw*5!IE>+Heph
zNR<!<%5T37SGvA0aZs1NZ`R&b-YPF`>p5C;e<V(yH($Ozd0#wrI^XE}_3Vn>Z-251
zuQRV~v>sVC2Gwc%x4*l!dI6n#d3Y+W$#8ncg~7Mv+s#6Z_=`D4+q3riy;~o`E9?Ee
zBbH~|CR5ALcI)u#{_xHD&{^Ql$G|MG|F+v#ZUHNsHM{-A?@ayYukD8tFxdh4DM;<>
z`rr<nI|6p313y2v7++mEUU$#fw;zDR#=s>`o$edgA4vBAfH$}Nm-Dp~d4Trz=2rDJ
z$->i9i|N<(;xl@Wd9yPw7!17Yy=1sDIKLaSE_KazTt0i(d^xs^=;mg+EFI><p6_X}
zY812QGS`?fuQ|=WqH!<AM-p^5^X(HaDRt)MV!uGt_oHrfIO3J}c9=^`u_V4C&E>n=
z_*+Lj-fNa956CYy&f>?mw@W~UQ8A6QZ-_XZV%+AYaoFW6tU?U9twkaKVuc)WINH#8
z`a#V9Gysw#)6B^YDpB#7Dkkuq$d=O>nu3Y_=OYdu0Iee7Gc@uVUi%%_VYqe33U*7^
zD5RdSPYlD({ONlnA_q?aA%%pYAS$$tY*Fw4L<g5Hl-AGW;3v$4cglYf%hXdoyxfk3
zw8(Y9DZH7@5O1bj;+|8zp$TML1!!?x+=n9Ru+~kX^TIB&0GmfXl%B#TrJxfsFSOOa
zNe(wH{cAMk<o=u7&hQtPqqC;v%huKV;y!)?C!WUns7gDc^@~wCgHSy-qyUS2a%KPg
zpu+qIo#)R}Rs3Mc2cvVJnahWtRsI`7eEb(=y_GBweTm9&7ZvY4{J~~nX-HgpGFs*|
zwX5$+wV!xFEk>S69brk~Bj;B;1nYjN3C%0Ef4NUurW5r9z5JH=1y8*RJpQ_@T(&0Z
zZ9eCVlj=p`=^jT--3C8yw<IR2`Ny<LzrFl{mT55}^+a00dbq1wKW~Cx$-mJjriFhY
z)zkqu&0p<hP9>3^DExh{r!;xu2VbKg{Tm0Fo(G<zK2$eFerKV+Y&1F++(Yp=DeOK&
z?+9xYjq2v*<&_Y_f6L!Or`Uc6SW43b7BA`cs+&eti^dVbVTjQCpl%!IKXytqUEKob
z&-3%qI%tM1PhR0E<ZEY~L>I-2uSQutacMo~-lIiQ;3Phf-fvo<r~PGAiZzgBXW(O-
z;pOU~n&4qbXag;V^SPxrx%2nE;OlusX~{c2l?aFatPevOZe2v-HTg;z4zWU2Aw6jB
zt{^3RKku=s?kDevZlOgn-@Zl?`j*<f&8Fn^nN$LC_y(u}AOA17e}V(g+ul3o$xkvq
zFCPF|SC4I90G0L8N3ip)>*Vd+W0kViV#9Fb51WxZs+RackomNJ+~Cr^n9fL-CUX5T
zI5RFb;1hiIC@c(qy<7r+e9#z!!yds8o4Iz+FOQ?#&EUn`IvT$(XgeDx@H=(kbD6UO
z%67$<2?*(W1+}I68ZR-SeH9}v;G0i>_U{?vspClhWfN#0XTru+Qht4wun?=A*Rr^b
zKN05!9dLT@U578Rgk)Vo)(W*@ViB!V8&yp4@-|0f&-g~>_UChVwHZ`_7Za@trk)#E
zv`rab>HA!%QnG$VoX3%z_I147pHWp+{#HeT>;ls{dej<1hcc71dR`VQnesOIoI9_i
z5cRj~Q-b5p(qrVh=JQV#BeK2YBA#yf%11DO-ZS#C<rI1v<ay2j2Ot36BKy9h%3gUQ
z0uj6tB&zYZr^QO-rzw#6VFGNZS97X~&N%JNf*+Jqa6MQE4q*4X#_Lh%>1s@9=X7ET
zqs0SH(h&%e!t+E<*BnGgBw0bV((T|0dHz7Nkwzi+&vU%f{ILvndslV>j|%sSf7UMB
zlJ;Dm+>f>{fW6M)`CZ?qubc#z!99b=F&u{)+7<3YW~|sWO-4m3FZZt#MD1zzY9|2;
z{7iD^>1~Y5ZL2xN2=4OekSK`3J$20E5yz!Hr$J(#Bl<>0Aa|R(k1iDqTD=M>CF`SV
z&YW!AmMqb4VLekfD@}gpd*nW*Z9)$qE`}2f2tw@@930;JA=g@D_2E*c`+`IR8&qP0
zniIBy5To6qmP2tyft{K}RDr{%tZNsHt{&@2e0KIfr+Y=r?5NYBOLc!$+JH08oQEJc
zOE~)DfgB}8{AN(fxdHTrvH_<wig9jauZQTSM89E)ipjJnH0O}EtH;ajI}|@$pzkt!
znb6PAdDpFMpj*dc_NlKW1=wu2tq1BmZOHUmqF_EFB>JRzpbtOyAHjPp<%H{-NB()z
z?3(?0!KbS_MHrv?>sF;s{eQ$7{6#%L7A-#8eAKO;vnD^EhP4R0ZGg`(u&?=)-HjWV
z@%~A*<mAYhK}C>X4I5vwo9p1vA@ux>Wwq2cO$k*6IpTQwJ^x7;UHL_*$!~abpL@D+
zJP=g{%8)37OMeYm`F^y*O><Jf!ul7@X1h;1aewOSkNHWpXH3%|_G=URFf)jq$H03E
z3w>=^J0syj?)YNlXJkGkyiw@Z#lO15z$o`b%lE4}s$~QqK|F53$9$yYkq^t&X)v1d
zNpPFDSNw5fxpl3{c3&cY7&=Y2cc4iID2;|C8kn@6c7{@CepDS&h3pK6c8`}aNyr!B
z8Csu|BydL(P|yH-ndGJ8$wXU?3{jwTvj%0*Ouv$OdE(g(*DKhn!V{4X|6XYKIF`rw
z6(z&sZJ_SLz~+bC=C1L$^BIr6J7PiGA9xBfi654c$jV_Egg!7eVk9BHiBznNy`1;1
zUcT1rpI_R!TpDR;wQ11|v^Gr;-0Xy^3UW26`F7q|4i4aUASFvZ1}TR=ES{}!rriGN
z!cug52@#XwvA+N*FQfRB@NwGsc*DRgP<ELuV*0=R@xDV7r2Qj3qmHhNFf_E+!))4n
ztIb272S<UGaU#Ix>eNOxHISDr@(WmwAdU7ZL3r0=+u)uG(to*DA^jfc>a98!q+JHd
z)@GjoLAxS<Au$U%NM-xIWs*Xv#uWRMa|O)6kbKG&PwD|Y8w;dbocYuT1L~HZhiJkA
zx6gN;&FA6Sc3YQc=%Yj7`eV*~*<Tr`t%xqxNG~;OY0R~txQw?zRe775JfjZ7)@_tK
z3Z7l-4P+3Bx14-)!F8pTtZpRaWJJh9?bA~7>&8x`IaK3y*~8B_A>;`sGv80#VMSp3
zS-EQ_F^oKAfhU{TM{T%My#?4Rv?oXjj71ANuz&arr>xAnRKxd0-W_Jnzg)cdF7oqG
za=<iNRyva^1DP{)=SWNVzbr?5*w5D(sK~J0W5q&^@HGDGkbqFjndj)_4dl@utDe$2
zYOrP_+2#sug?P;oHRi9>RNLU=W8v3V<*(Pz3$Wn4w5OxrE8{b`+3%CW>#NcDujBFi
zf75`sFb*0R2O4-7s*&`2!eD%>8in##DROZ#GD2hYKQq7y*mvX6(`!Wh1tiB_0OVF>
z)SkY+6|RH9ikD#c&i8lz$4q84w|6jkz^Czs;Ma%oA-KM`H|iYV2mqS^ya7=k!sqRu
z;M{<+8uoHzVfpPG-!}qB$0d@4-uSE{5!jQz*F5aXJ$ZUh7POZ{T{DLhgrmzZ-6|s8
zP!FLooKNzHq4hd_=n3w5Qq0r4tFQtC#7ZiAi2kT1v+f`&Vj9A88lOVM-E@vYPETY*
z^=7u#;BesAoW*hLaVuZ3_FM%8P6q}1q9eiy;llC?I~QF!fl4)9r(o?;(NZDgCU~9+
z3HA&y$|a&C_fg8Iv%-=~R4De(T{73s&UlxuM01A1f*)+pp<`XEg}>9jEu|jkI{-6z
z|15rYZeu4qodw*Pi+Da)b`HG*9fxs9)cV#SCgEI);Uz1~#@ESIlK3admCOzR4v<Yx
zh~&U2N9}ApIUcUF8dP1>qy`+fEPa#@CNUs7ryW?0s*PHZR};u8NMx4poHQi#4*zi2
zpuqiqqe6BK;C24EiQkU*5;YHgk)5t(1z+QXEuF3Xxs$-D*I@To@Z}S@9c;`5Zd85)
zD8BY~lE;Ce8Ug&<U_jb*ny@pYV5Wev!h71yCfyC{r`$DZ{j7H3zsT*p2AJnxW1wSE
zC;wcAx13(Xwv5ZnCZUcyl>q#DFymiO&%1{h%~um04QTGy4c5difC;`m+e*6><c7#@
zQ6q+s*-%xJdYo7qDUOh2%u~K(<wqeE#r>nOF&O$C{Lkys1Z>&!b$s3{EFg-!H^N~s
zFX_Fpw6}W<Wq$#F_kRp*0Fy5~d+p*@f!Ei4KU$sdF~?u#B5D#IB6j_(EN-Q-I|>e9
z+dlv-(t&P4LG~+YgcT5&J`rLe7j-dapM!>UUkYn?q7ejWv&%s|48BJWdZrue{yvUd
zoJpkXIIyF)e(fT#V(9eYlH%h+P_v55o*Um@E4c{8VtNX43!=OXZ<+cA*e^$u&yWl-
z#3Ew$aGy3@m<4f*B=lcs{xaTH18J4GID`#&Zcr8X`;~_#a+1r`u&NDQ?L;p*itmh|
zM-?+cBcpqKkVuf3(aCnEx+;=Aqb5RsBAVov>pqJBtt`3w*_NQ^`ZyX`p@>xRLS<)^
zvGho3Ml3TqX2#ro>`;Fb<uEi+y7VZ|7t^(sI5m-vX{0B;Fk9L03yrV|-Y{d|hSo9@
z=!gU6VWHOM3bl-F4&jrDq2Y*d-jm)=40*>_Ve-4vU3H|-4|qP|nv^K(S*x!VkCBMm
z#+xS`eTxX9(^IiE@LtbSYU`F~_M;}agZ^#4MZm==GGa$=-$6~^J=BA>!hX<T0B+VN
zl9`50+3WA`6NC@Ob;fY|)J|k-DaMHZ$=ei#dn*D?*X(U`#Fk$s=6b;_1b4*B{oDlo
zZagnOYcZRwb5JA@VmF_08x3&dh7tdS>E^ZZpNoL{qPp#YK~NWrA}WrAh#uxKJN-uM
zMys^xw3tDiW<~|}AE9V~a>MT{oLmSR7r8e}M)9pUbA5Ta`UTdjnXBqoh-nitw9X=u
z)83j1lEnr=1fK2jub-*h_GghKJ#@C&zMXXjgv(FFYV951_v5`<%6s(QZ(t!TL-PEx
z=NTNgcVj2;_%!%#8W8+hdp$`uj_EV`Y8+_ITmXjLI(h~KF&_ii-r!m<MjLy=Q!ogm
zSW)hb&yJ7_Myj=ZFleVCnjvv);mK-qgpK<OV|ew9xL%!%XlV%`pdiyYCvzbYw$x<%
za9~x{gO~YwbCcF$j`^9YUhnyX#Ap*A2eQeTxl9`j!UXSUgxf4M#-NIcBci|2U=VHp
zv=&PX-q2K;p+C{hY~dw@gYYeg-(9hxFAIYQMah-%bJO4nsp;L+(pvPX1a6}^(im^&
z#z(S;YSr0fl0ypn+VB@-M|OWC@wI*?&4Jy(+uKUu@lSyJC-VaM1vb~%^lN(_?2Y~m
zXa_s@fTs@u{{`V~oiBOsSZOwhs&R0ecOCII_}cmSOSpIU3;Z9bRNdoJKz$7_rH%?v
z^8t~46F$Ix$|9u1tQ=OvdJPw(P_*D9LZ8Nokr6PekqLk5b4XdKA66jv@5pFugy!Nl
zRf^JVhWCf#_fYWKK#KATRas&Hh>X?uziXmTsYF`@?4U+zE?m`RgiMoCB^p>r_5z>2
z**CbyN(N^r`sRvtz8Ko*wtv#Jf)8%NZlA)%VD*h(+jC!yy`8Ov>j1ac!f~*{*Ky&t
z)Ym-ernZMpqOM7A>Bn}>^}<>E$Mhw*{R8av1P<HGfBTACa}sO?AKwYnfoYD+jy6uW
z7E8v#pKDA<V5od^=T4*b{`X$~$NUZOwf-u2_DPtn>u1AT$zrlpPP&A^P(!qIjMV`E
zuF?hcOZDVoxCBRSj;cv46LAVX->BE$Z9>4^$>a}BZAhf0{aC>mcb3Sw;o34TAI{FC
zfu6<vP!|mw_p~X#V&p`gXwhvtZ;uoO+u!I^w}Gx^f$b6&iiQ}Vk;+E4QZ;MYEmnpX
zlEu{JlHryq64~8D-8}hC2HgkE-#tY($mZ83BLo$Dp-rX{&}2D(L>l@q>C2sOt12h0
z_fn?V`@!e?74X#qT_mrtQMmDpxr(4k#R4Dy!WeA!!#&`zZZBI}*R^m73hJ(G%cJt)
z<~R36moRAn$rHRF9_Z!gG`0paK9V$zvypca-(-2|YqRqd{vlM<2TX`i;1o)sAfxHT
zlUvGXz98;kn3$=x*a<*;47W_)UtyS6AcPnl7Mv|`1rtxRq7l|z%q_rEMY80g5Vs+V
zjv#hmL++_J+^=oDSt4FM0{FyNC*ySV-Jk5tp%tObLUf_0?ZR}Y>HCH@AUriUOx%=~
z?MnqdqXNqP&ZNX~U@-{5fNbvFtC!9K{aicb0u8g{IhbEe9M6<h5oyFwsKs|lS#82R
zjBsAuYW5uy)`ex`mCr38@n=b~m`I;Ig`egLh=|Od3ro75F**{f?hVF*WLqyM@Uui9
z8X0lFeml$RfgMbim=!4d{<Ko6E-?---CtWB`3tzj2@poJZGmp3$K{oOB@3T=YHb%l
z^eY<9cVex?49LcJiLQ?1nN^uDe}5XR3ix}HvIyn^g^o!!=XQlKG^v##s3rd<r!o0u
z;>v?;%_{3=hhqnb$*f?3#KCvz0nr*`VH4<B@f7g3Wb?&rQ;7f5m$)n6Q^#@^#`Rr9
z62eU0CA5~4GlZQE<9$<4c|KPY0U6ka0>aiL6~J(c6AG{NKd4!q^U7`JG4)i_sb^SO
z15(d(!NXtgT}FYvu0~;i0`Two?cR}I<$hDtVX~E=KM2-8Xh^2-v`gDmfbh7uWe`Pl
z%lH;-*$v2Yi961_%J=p<r8=HPa-X0=pRn%+KHO7&()1b<^ggo;a-jrQFJo^OX91qG
zq|a{1(<Zzb`pUv_TYz2k$aUbFW`B7H;1$`Qr{Z!LS~DpGDz=a0bsqSP`M&P_M}zJ|
zmTBkcw{BQy-B7=~8kR*wFX-S%B95(&gveqinA1kpZ%j1p@5@|%{Tb$8KNcbmv^t6;
znj*4bWQ2H{&QHs+KO<GZpUi(uwf<Rk$E&$t1phH-p5%~tslu68yNTvSbX8kK3(1%}
z_Zx5wI>;H~R2$^_K_!TaTr%@Vl9x_rQ(RJ}C=znd543(@2a_OKNAXFgLScbw4u_zy
z;IyOi`zMOn8?3y(MKLTkkAhIuR7h5M@muVgs!pqoTd5k4cle*;ViA|>6sBe7<B;!C
zo4>wWvs!llE@eH4k86{|Q1Di1WWetq`itF5qF=fu0QmjSDkE@`kR1Y*A;fLUTXE|j
zVO5Y(xWizyf^5pRL4FkE-lyClm)70Y(Lz_Poz0;c<je&3DEMFD##iS0|DN%Uuhyk6
zZg(bcz!E-Fq|zhf{QPVKOIU<`<7?q1Sikmi$^5H#{e8WYzy0$%cLi)AgcbiL`jtny
z>%X1-#(l!|zNWh-poaCc`K@*wCCKcGXk{qoU?YO&_fsl1tpFCGS(YoJ9`f|j1Oaun
z)X6YSm{VszZLi4=Fa3rrB-(48nwFIugW#@E)lhuVEQEQ{H=-I}+cxa0-JhhUqJKFJ
zugCO&<VO&lvj9fcTOJ)dY`)i7-B=;oO<awNI&ul6J4cK#WgW!0k$9%TJ7YTLyN$Mz
z6GodRlyAAM=I*;CMDe+y*|51f>=#-yP&0ca!MpJz{VPBxpim8td89IzZ2Uhceufp3
z&5ezU+@Gthj48q8atPuH?EaCb(_shmCH&c0K`=T~@x&xtM8rgHB0EE+FQd3BX|Gw(
zIGzq-X0ivsX*<ZfiwvgD3(ddVmnG^)QCB;Rep-LFS`L2utw;h??!HN)Pk3+c_am`0
zx^Z$j<1_7Dt3;n>OBNhJzRSQQ^V9x#1Cf+C^E}8~9JPCxq$v#{xnVsEoI<0jSS@Yr
zF-;jYsQVT5S>~Pde5JVi+ICF#PyKD=7QqLE7M$z}s$i?%nK0M{Y=qAyL-!*$LH4k-
z>lYjNaRyp#lr9Nz29W!?NYrXC4Ms}5(WzGYemS`PD_~q{<ozi~oLRVv_}ljWyQ+Lk
z5CZ?d&I0Jrsh$8wOK(ajIJ?&}3DNmx{uhny-dZK<#a3tS<pHi7WnuR;v|kS%E3AR5
zdo6eYbscYE(OGbNqD|qY{oL!?eSSyF>Kw2u-6uI(!f_osO?+hywj4^(k0M@^P!AM-
zaU>?j%I5??|5;um?y#W^D_W#-OkT8OQ5YroJBq#3#T<|B+V4&%Gu_d|wYj1OFIu>g
z^D@LycNBAF(7pt=s{BwOK_pM?x-01&i$@fqs2}RGdExgg^w$4;F^W(znI2gY^20ru
z#mY5|>F7Xrwg*ZfPZVy}pw;*dpq}}S`ogmn`w@d7S@AK}BICl0q&xdu!3*EtxO4lN
z7H{jMM{##M2J4_>YzGtx5s^wO$)!UM6@lRRtukTjtU8bVKR^_vYfT+tT%SS^`i5UH
zA6P?(*r4dqAKHh9Z&PoXd-#oc8R`>YbdPp(Mt8~GIb5r}XEJ}&q)7fO=a*Cq)i$$s
zbYY8)bG45YSB;vAYoq))dUw49k!^-SMsSCF3B`LO((jt<!}&MOfvvhh<#OwGOLr@$
z12F*mk++zRkuHvz{{FdGuBwJYibxp_O2O+p-CP5a>X{Wcgs{g-V$-YJcOR-29!pM)
zzqv~Yl{S7A$VQQ*va?&MsHKaURsH98f@}_)vRX4Kk)yR|MCJfQe}8kt8G?nw+%FZ3
zvJ@(MntoSBxfX`v@81vt+}{CC;Qyg4sKw_eue0Wjum6B~+7qDuLg)a(MDZiZFVGv@
z`F6GS&&d%0DDO#n0(WnAZ+w9rFTj*t)*fxyBnAssWlKM@+mHo3%A6EU@Sz3F6nk)3
zR%kvz!p2CV7wD=kP8(*sffzsEVdE7-LV5*h$pXM?EYyX`g#s0&83^R)>7a_~z5>K=
zJelGzctZD-=$D5i?(8oDFmPR=@clQC9GwrOn5}Bh`4OB?9`jPjye+8Lk(6aW0MDf?
ztkz`=^zv_4a|17BZH15#DGnDnu;zBaOhgeiGPKuzW>{;!M}=){AXm*%_I_!c9ExQB
zFPzBJ6Ml2+rHj@#>Hhf=JUD|FSCtzS=dx)<jd2F&8rmFFRC*HTEHne0K@0h}xqe8#
zFaYt8h0`i5bV=+9HOg|nd2R>iqN6nT5PM)OymX#Sd*0+@uL1Zy{~XW>-y9Zp*?nmM
z9)Ii&|9a*u+R-`(yg&Z;XWRl;FMD}=x9;*!1Thqx1GdG$oz@?%mwsem#w2jYFkpPY
z_waUmX$YY1W--!5@S)A-KlFc#%I@6wbOxf?a^j<n|456i1L6=4C0l{{{XsYo0Y&5c
zp4VL0BWr)H&z{d+?s0srqVbp5BHIWQ2|MdAn8X{y16Vq|xV;Rh?U3SqJ(tQomM(J=
z1955=`Kz0!8f%3>gP#*@P-Ak`413qJtdqa)5VavJ1nTQxf(ro*D9c&!vhp|cMjcEt
z@~;f4I3nZHjtzwjzAbzh8Roqpfq4s{LSGB75q2z0p}9fq$zAj{i+9X$O$0Ci&@KWM
zMo~7z;wmfNP4SQyGjE`U`#rrEas`W&)Y;_psI^dZsYJZQu-O#VrP@_12n{iWC)^mM
zOYo%`!HmV7F}zHxi-H~)Z-1z#Z~+}1f3t?1UlaOeGNk}5vSFaR|1%`N(ja&YO1zbC
zkQ84~F0{`LM#AP9fPg3cnrCV?MY~yC*auWQeNLjcF)so{-u&z?-Axa}*UDz?r}7|h
z*QpL$Iw3X6Vmp1)^lE&m51VDqek(OHU30G{anz_!`DR0JVEIp5Xa<zRWox0oDFFTz
z?irVO&7nXVZ8JC{f<4E=@@>#I;lXT7A7WtAI>8g6>-1T_d=n`_v~>Hbc}v?=wR$Z*
zZE1CfQ8}*z4X&B2A>@GGJd_?~?RBQq$6><C`;AY<6|uT)g))Y>#Sh7L#4JM!_iPpK
z5v9<y{Rj&7N1uKO>X^gCcpMU|UHgH;&LB~wmn4xf16s9u0ohfsh;n#1?$ZZ9(V5gt
zDNp$ihGK|%@&1t$?(_;ZL^qu0Fa|-$_zGCOGjuat(dx`v(F#V<t_&|T7LEQBd$#y8
zkZLTeldxr}9}14#^ezIdQaULwx5JE3sdan-WagZp@q@c7Op)wGx<NAclmIM2pY0?=
z*l-~NP<lK<3|p>nkK9J4%IAB`Z87=J6mNF8A&3GNrv30drI92;iU*k(VzR;=PI;|R
zy}@=@eFpgZ7Ra1;$11*Re2Sutl*4^3D%UzH#jhD$DifU=3?IJ$f%sJtZ30&A0qAeO
zPQi-UbC90!E84zhpx-rZ7Pd^1i?9Zq*7FTy49Bw(B;cZmjr#Fj`d0~zOiE>jTWS$-
zlzFmg-6CZAfN{s}i;lV-gyP}6yJD5;8tm5Z#Ur@GA8~S34|577A@gD+6?r<kQErY7
zYAy4?`0K4w2z2B^^RmC|Z1qcw4BviQY7&`sz_WvxZ9BAjc$_Z`!doq0t0TzcSLZHF
zrsi=3Qb*K7Ytj*Vt5`n3lu}W~HM^w><DAVGqZk@psb%yYWArq`Fm^F0e^oC`hB+;(
zy)UjO9Y0|^LlWvu)5>5v_0-`1R-nnrL%kn&$~Yn#ntgJ6^%$Bm(^q+=7~~p2FXp1D
zBBw=4t4O&^21_O9cISPcX^!KwbGW&Ea--^GC~ua-R+NEAa4G^aN+$YHM~x8;6j5N~
ze8vA^nykwRvV|I!FsdEd%=i~Zf?$VQkv3w{$$C-jNRgOAGx|!R`A2*<9m#+M3CrLs
zkJ;j;F5J1BcGz|{;*3lpQFGwQ3yE+dUL*~r8sh!X55d^M{URzF>^3=yc!s={GD{Cr
zOk$aMu)8bRk*r3jUrQ4OfzQgU>E}k$U#e8xuG&gdcHG}b8zz~AYlE+=DNUgyp*TEW
zU-i{!zFNw00#p*eeZd*T1)LaGLr|=*IFQ*?hKQS0-__i5F8fa`nd?O36(jr}DM&^j
zJgMy$S}hn8WL)4k&=8PoJNy*{XIbPq!mH>MaUX3K2OC+E%`S&T_W|b+saEnkI;#-1
zKaKN+9~K*yhE8c>WvWi>RLV6>R$tgDjE|S^?16sbVb~9;PQ(Q>*uhn<9U}CyR4W77
zL-Hq$Bpf5`tSM6Tw}4LhwNU>3vl@2xZffo8pS%A6@#m?JngBq^??kqB`^e2i$QUoK
z;9q(|qqed*K`Hism?Vtv@9`Cn@rC6hIPK#pS;h~e(PVNNlZX{SxMF9eJTk|vA$GX%
z#Pi0kD<(~B)D*GG<_;Mg)MF7Pv0=RIjthHVXhc#H7TDzBYJ7bRT<l@TkpFxJPwsFZ
zVGw~*!++{Wd4?z?ZF8j5#)fleuG)0j{w#`)PAo!L3|NSvO5Cm?9Db?BOT(^;?_qwX
zA#KqUxm1ku3UTAnUWcAyy`0EQ6Ozhta6aKbssHYF+2f|fD~oJmi_mcXy^xrJz@U}@
zv5cXq5*>xzG}57lGnnp605`{?8kNuz=AX#vA9KG3o1#v-UN`zu*8}fHTF|uZ=@*;l
zDMm${_F$eGbSj=`0Y;wb28Bd$EO24v%kmWU*$w#gsEqv5q9=&pojJJJy)y1$COoux
zw>i8j`A5;BHKVoe4oaJVKn)7wh5fOl%=B4c8P_jLkCBQe<#l?Cyi-9={6QU9Stb3n
z7OE4eblw@|Uz*y%QtA+)K+X)gNXeYKXGlk+O0K_A9GYRwmJ8hBOt{tbxJ0ElA;g+3
zU5^!5B#6f^ztItKGx%3V3Ek$D+gg7Zn)_v*Dp)sbQ(60aO^+!vZBEF5aRdP!;idG%
zCF7^fFJ~#8qJWeZ(V`(0`_dZFFTPr1ilW%PKN=}UI9$2rw0wi%+Q$UErzw@gP(MNx
z#(*2~wG-{L?98_?&ov~iKLs#@|9~vQv=jtlfd9mTpdS;S;+wujGsScrCBwD(7MfB~
zDHGAw^Dh?oCRk&SO)}vV5!4r{Rlxkx&SA!%vtja9!B<UAakT!yD`Tl?i_-6f$OoTC
zqKhkj&R!Pc7g>J?f^#-)`&p$kf7)vnu?gCV@*<nU!vBMT#i!TzUv(*lCC(`_DO?(i
z>5z2k8CVsD+4_jCDcZ^76^{7i3mLjCrm@ck#<2f`bnMV+b}$hA$5t9Craayc__oob
zqSBGsDXu^a{bhC9)P_Eq_Z&6!issqx@_U)1F_q^^6$S%YqWkCBc%}&H>GQt48)_Kb
z+8jO3C}h%${lCOZ{8!-T?1o#;LaJ#jnmMem4jgnkD{&hwN%_pMs$nx(O~3LuO|`~0
zr!GOa3UsEYEyS6i*c%Q3FY_rYRoQH*++fl0&@c`$G*zF!dA1_EmUDe>UkIA=h)?A(
zmA@hv(%;j}i@<oKk$tgjY(qFKEN*?eA#{RVBctQXZL!R-(GA8{*2q<e^G3CzqBEK*
zS`dhWafNg#GZaZ>_AAmmh!QI$KvCGO$#ltC$D8m1q5@)q<`LIxdIcT?mjPK-tdYM6
zrs3JYk{dtlnxoA+bf&EIA3rxgH$4Q?28;&EKD@np((KfYcrRjw{E|*F71FYT{|pQo
zcVKcU3P}HuBbu@o8O(Babk9AxMoPw^Q@Z@ltGBru#fESkAaR?ZLN+aDhkyDez9+)5
zCTv=+n9)&q%G7Y#&#uWRbv=60@SAk>i-VwW<}^-RZ&8b<a!&>6FIvW&G;@zo2u==)
zAj-Z4TEBj4smV`VPS5JivM8J3JfzT|sAei$Xnqrxei_TlG}E*|t>>rHNV<+6{hN5y
zyN-ml*`gIAb)%~#6xxZ5WCCbV+t;q{RKENtd`YemQzYC&hTnR8zSU{MQHg2?h%XTU
zi9w5FZ9|&pr)UImt9NrCDuGGj&LM;A{a(G|3SR7F*?$LK6`m0I>^caK>L1*wz|37N
ztZ)q_r$F)NSgSvqiCeDf21J%1wmc!pj@bo<jMeQq1qoN7(j3C0-#9p<3qV{h+QC^M
zpcw>5VA6E#ffG&3e%zojcaszF{GtfG5YQ}W>xJ*cFf9OFA|fo!Zbf#F@3B6aEB33=
z@E~nF&nCFP6NKYsm6XrHT9t^D&zdIXZ)&h59#d0cPa^3%?q=7WnwW8n+QZ~%*V*(4
zoIKO*$TF26(vZ*1YmHqy(o6wzC-Up6<4U7`$~&g#i+8$n*)#n_nar$X#V^g(Yneka
zprLVdpssz|A1fZc$zEm<x{qzT6;&8pbxf;L)zgNZ@7Ft~f|~p(aWt~w>}wR&uEIFl
zAE(UCaZqH3Of~d4`(nE4w~RKE`uR<`jCh(RWJyOauH)(Rojj_Xrdza8Cp;!mmw;sW
zIbc~QT3jfgBS_13k^Yq%3PNWG_9}Pb9ns3{e&a5Jb<X~3$>>Tu^qbF-;m2>sC84+8
zS8vUxCPWb2^vE-&{+le7uEv^;%>Hp!?y0T4=hkH34j)oH41c;?d!3$8p7uF@lhlXi
z&jH6aBJaw%rBfKfx5;Lgy}3c^3?*<|EY*~U`T?}}i(FOD1J8}J3?_A#(I0JPmhWk<
z5IjL;IG#fc_)92g((s%f5FM;JtA7`dDmIO`(d&zQ3FjgV3Q<Idi2Ku0R9G>goyu1?
ziW-CMvDN!-NPXde#MpYjq+xJIkj3Z3(7Wj2uM<QcJsG8^A%eNA!x#<5$@G!U;q<Qu
zDIXM2jeY***Ld)R95<*8#G<ft6w_7{7-bYV!j|=!;hD~COjZ!YL^4#t+ZbR(B@@)+
z^C?RybuIt0kv|PDDE(cNr!E?}>Fp8vw^LrA;yRzyljztpDEq7Uw=lE6KDb(VdygO(
z23o`M7?1#WezABadkO)<K0tH*?N+QOy9zbGicJe(mA2|Ao0j8Pn4C5qll0x0T4nxR
z*=!QtJwoGB>(=%cU*YV%>VZs5Z#*~X^pf`fuGAdYOhLOjFnS71%JF-=vEEO^r1wRL
zHgRfL_51bIT}o<iq=_>hGU`eOw{H;B-NtntVE+9(##LNcDo9&S-+48jz2DCho<Kk8
z0lszjEf2@^lk|a6k#*^68%?3f`)IR|05d)7KUPR+r<Z!Fe!sATWjLVHaU1`O6P}54
zh+{5;8=}#TB5g42TX7^f$AOntMTu!>j4`75XM?%o(2UJdPHI<qdPjvEOLh$|YY`@=
zCfBHzuC%^o1a3X)C}u%?>Xaea>w(V?Ik~>M&5AanS=#`W66lVN7ZOv@+^s~>j7(6<
ze`tlg9SxtR^t)UT*+_prKRM??E)s`CzVQY(NxpKvx%p@<umb7&H|)0Y>@#_Mwj}jQ
zOYl#SVT~ntazF!$@hmnLne;6OJMeTWyi(3B8iP%E+rVGkr_-pRN-HYJ+FS&^Xgi4$
z&v>2l5i*rz$fLmp$dNcfg)(8jcbp)Kxp3;mvkdOO-OI&5EUle-HbyUSt<)+gWqb+Q
zdO9VOCw}LC$fzr3aP&xp-2JMiV@$B&i|pmNtY788(=xZ0H`vsTQ-1P5Ijp|mfA0af
zp~QY6{MxslpHhqQHPAZ>NfgT68SOSB`K^F=y4WPKJ-~y-&Uq;FaI0M*!_5w~%o2o+
z6ezaA`Cfp>*Y;<pEUe+vj2?R#v{K-q&jg(n^KAG4V0K#KGT<+UOXGAGxo9aaO{}Vn
zS#Eu&9!kB*8O;CGQ>4R*UMS!rm^8C+P&-=8Ny}yie2y-$DYsS%3>C|79Q8&0_%aG-
z-dEa17jO<MAXG$EnI%UEo(c%PN>}&$)zN^jrPFQ3Po;Kf&7+YzzjTp2cdDb*jq^iO
zWiE@@xH)WJj=QQ;7TwHu9)k<$6PBN@K;DEG=x%IU72%KSfeI5o`26i7=^{kih}V0>
z?MDLpFr5Erf&%~t)-~T+a1V1}j+o@JS&@EZUP^biKd12Q%_{<2ecwy`FSUDl)M(9O
zyZ3y%maG?Ap8LJ6gK~QVIhNxA3#Y{k!sZ2ZFM!boVH+*dbQgIkmHV-%kK%jN^GnN)
z+J>~JljgVcy6>ags}<@HnnQ{9l4@!=Tuk%<2L5y}0Br6vZyof$I8~;+a(<O`&5!!@
z`Qf$0!_MWZz~oK)jnG$EEcX{-hJ#h?IktC`s>rAipAVyF%;@+>DQc>X7tJSSH4ehX
zm<KL5ou)|~+FS<>0B3HnUf@VHF7-OY;*=J1+oa?cqV|-DYyJY)J34bO>JAGZ#q5KP
zcjpEo!V<ftGJunIs#{#|3|<u9WwLyb-$R}597yfkbI4pI5-h^2-l$sP?{R1K>|a1p
z6YlgB7l9ClZtz_q;I7AgteCiarsMtoNE}OfqhgJ4_or8tEVqc3BhTED|JfR~9r7@R
zTW@Vl78lpD_JYuGcRW-R#J34O27aF2A^BgR6MXD%-9OM<Bd3NlnWn7rexk9!Y-ZZL
zUsbI!eMd*8-67lt&i?DX)bPC^6tJ_Y_=={SL$E68|L|iO#$;hOC|);li%|AtL7wt1
z{ckyoB6k;L^}{?hW4?$t4uZf=wJCEi9|h`1Wu}A-8<!f%(3<wqOO8?uCGIatG{f_s
z3JB(Z2-+J-He&2)Jx^wS#M8r?t^Mo2#X_epy%)aIK7Xw9-yq!Z{*My<Ond4y1<af`
zZS}(pg*Bc?U~6j$_`<r{Y-PxGDf@hjMOM3V!%j`?!igf&Fhp^^<Yb!UK|EbT7k)WT
z`6JOjVo5?kNpd;OMwd)m;;$_rmpc7N==~!?bC}`W>R|00g!vfM-b9^_yOmC8AXz1{
zX#?bjCM6adw#anhA*PR<VU~<?dBwFxUl4Owy4FBEDfZTz$fv^$6ivoJWJ+D;CU|wf
z*$vZGu)Uzm+4sBF9Vh}B&{2XgQ7_2*XXY2=iC1snSmh8B^VNPB%q1zh@5Rh$BNyl*
zBsoapNHNKo#2Ux0<7HXV5y20dYY&yXl#*qaDYBNLthb_Y&|r#J%AwK|AxQs=N}q#p
z5AjkzYUL(@IAa?A1MNeA7I|G9xpY8Y(Zb=PbwY>FGcqphah9-IpOEk70y^vemK_k)
z?{?ITe0U{)mv!%z?(9MlFw==2NVmjUzt<B@IWn~j4Mi}2LngoPuBC6>gd$Vq|8mR>
zRykT?+z!{8BU0QTP^GDX;^WipKR(QghKnIblmW^hs4Sx<z}Q_pjc5!%PRARtfVWHc
znU3FRhKEh=3VVT5>7JAPF2IBxO(oo(^YEIfw<1UEG6+6FGYy({2I*R<NVF5eP+*=G
zM+XwEPpp&~ZEP~msVeyZ3TBRihhHBzha^Zqw-ZYWJ<FCiqt$oZ&&4_rxz(UwA{x&u
zTbwCd1T}@meVP_)pFP!*(2qo#AVtAZS76{>tT-7cnRi}6K#Pu3<V~B-ClMX0OEG<0
zSf`b{FSSt+!OtVBuY+siZJ-vL*=Y7j!XJb$xXg+W!CSN<19HxTO<;Gv&_gb?y<mQx
zk>Ze(pAd8$7$k!&M4;F`iCWjQcRG7fzR=PoaHn&0iHKf{CHzLK&!r)|1ueB~rb;T9
ztDZMtX{dVE<&{E<wf7x)@WA|SRk9(+@13$a{9;EKODlsnQpR5gJ#36{#d`0Jzz~O?
zg6_khH0CQU$W;FDBsSb|v<;LJKTSnrbW;tAYNxbOoob8vHUNbOm2Vm`)+%+WU-VY`
z2T;73PE=UDSS?0IPfv+zeem61TTc$xd~Cr&lh<;;AdiqWao|}x!S<KkjB>k7dW%cC
z*<xWG_DQ9^q5>v{YCLD=#Q5L<koF>4M~fUwUpJPkkVrq;(ojZ$JRw+j*-@_;8bDo#
zhJn0Phtf1omwCbaHN*E53DRkTbEeuQmXh~i71^1JC+Rg;QRr_RA>qj#q+A}lAVMId
zt_(|rE@Z&}P3B4=$kf=&QeE%%8N;F^!Z!62*AxaD52&I$+Sc*Ij21qleux_Xsi5w^
z!mrP^-uBSgsSwN=!8xK4(^k2|tyR`tdRPO)HTlvhb5cK3aOkcMlO_8Oe*9`bCAMMJ
zn3s79>~c6$()&ln_>XO0_a$Ss2^mEUL2HIO-VUjkOF!BmKt(qAIV}W<-}P;bHq-qW
zo5i3ol5vePsSh>p%@&?HWB9DL^JPpsq&gG+{pcUEdut2#D!)&AC%fP4UMcHVpeqYs
z)>Ti{vT>r_yrFr=yM>uzxn?65neur__wD%S=IE18c?<g*_meRZvlO$`JAB${LA`KJ
zBFcS)>BXXVxj(aAT7Gx_?G*u8FN^onavtw*^xqShfAdme#W4MLDm^-y-P3q9iMgxG
zQ6w8qg#*6I^EWNN$}a`L^Z!w-50oR|rvJyaa-a+RT6ry`T!v}sar+{_xU@V3|K>H`
z{_9BYa80`4g~kG&R|>r5Z^=9cjNO9|@4&=|;PvhGp!Uwz?q|wraOODp_Xj$Yl2hK3
zZ~q5?W4-t9wbS*IH=3Ql|2hRY1pWR4uzldJ)cPS2%{w80(%Vx<{cfNlXv!)_na|ai
zTV6;*)kG7Zs`PQ3L2BgEZ-Ik4u|pz+I$o?ysIt*XNsJnT44@yR-Y<&(ply`@d;M`s
zdH=c5MhY4t3|Y3<uHv%hWWJl@bi9WPWVWaeLzJhBmS#SHrU`hZE^Afq&LQ6a<88UH
zXn`w$JwMYl%y!mj>bLIyzF2=9!TE>znV4(Z6Q=fjote#8U49=EK(^pItZsdJhjc$$
z;8O!fCfWMyMrqB3kDUoKyO+U4r<C|3Q*1Zj$iPVN=}>Z4c`mbb^ewDksaAVL5=?%c
zb`EI&%KTqwH3FwS-(1&1)Xam=;G5gNT6-J+JKdH5=ju{rA6yqxcp?xkO45hJdYhF{
zvz8i2+ywG)ISda?_%1P9Wd*7*vbyJ;ADWGbmwqQ3$9svZ+}|R&3g38}4FlNX$;eW{
zq7J6@Nd`WY?&zP)5;9`@KSj8y#C5ut@JAZN)6jZ$2dUiP4K?%PjLl+f2IH^Dx`(y}
zf3;`>5XVwAl1s)|ub1Yh+14&IrGSxcgW50}a?JOzK-F+uC3y7ohI&yt&$@57kH}WL
zc-~kGJ`5hS^`P%MzQ)-7tNVk}0)F401r!g==aG-Gt(_p$9<V(EVQFe+|L&t1&Mf1o
zXvl~n76}dUGn3OiOc>l9y&2bl58sTxUY}>c4}+W9lVFF>+Md?58SvTr4efuT|9{7$
zg{>K6uPlz)Pc$uU_q8OQH!z$@EsbsN)#E=4(}yfu4F6th?-pj_K5ex%Ws;o-hq_o!
zTEUK;f+}e3NSa=hJs?6mmSNK3bV`00+DZ<y-nsr8pgWnAR|dLHz(*y98A<Zwbc$BB
z(PYhU=EPQo<HiEpSvGmMDsxQAfXaB(?r0k|WoVJzMKA7&f|#q3^>Z5!#Ni9~1bSpY
z+74fm!4#G~E{gH%$`lDH_lU-_ek*7d**?b~V|Pf(5_a$~#Vygx{8T3*X*k-j;&Y`X
zkdt&x$u<majSKV&2#B#60A+>HT$(ALn8Yaw^H8|v784xWX8wwd|4d2*|CoW?sMwmC
z9ew;<KI@l_U!&*$qO@xJciwHU52CJ2kCVIK5SaO^0^Q!~mjmy;`nC#4Likqx=TRy!
ztbIRoaDhUPtrl8fpmhHCcj;Do>Gig0`Sf{JHpz3lkjxX3r0=>p5q?vt7t}F)S<={l
zb(@O>jdAf}(MQYAhC`gEQKuW6UNxd*)cBll^v?L<(0xYc2~S=*xV-s~wdIK@$G(1E
z%X!AJkhIzF;-SjhZ%*1|rM=&&H*n#s=bGdU;fr9+GM}7p7<vh?&c`Qr$@oMux2#Pn
z()@Ua5TfQkv)=DiJ5OfP3UYP?elzjaF#ViY>Wnky6ZQhiS8ol+2CrRz^s>{!Fhj2V
zpGB#@DUydp=>IHAs1N^-MJW}!E~xxjymj*woKBkm5aVS1sRX-5&{W|H0VNT(eDk@e
z+be(2uYldXwR#HlcQc6m0zm9h)OjJ(lVg=CCsy{0RHki7!^AZKLn`Xfo%wINqQZZ~
zHYZ~Q0uB6uIM6;b)X8qZhhL=LTO^*_9*OIu0sf&bLLTq=Z1MW7Nw6JVyXcHIkMVqo
zC7x2|^1?VwH8T|rSN2PMA4PE$aeIBppEWzgl!ous6rD!2Gn-gFWo-6J+%Ye;p)ZI3
zlkj#P4HmOy3~+j(JPvKn-Z050Tfc9b5({!KvZqiOqi@2MbTXn9Zq)S|<_KNldm_?%
zJp6iXim)%A_@l@#_#ee0{maAQ4XfJ-I{-Wka!F{fQchZvUmo-k+tcl$-JZBpPU_hY
zVu!?-PmfdPxV#=9dJkR<-4;pUnZZlx7=-JMh|Rowv3$27^n^yUjC-iwf>B#K71NI(
zbJ!1a^i#3W^d#?LW1FBD8J6M%`Lyy-C{wMU(rT$vNn>7X=P<DJ6ak-flDG30?H$OF
zrH$gVMdn0dFrLgYU{*u^>t=#wi3Sdnx7t!vX6;hPq@mtGnYE{dk?sdaNsuY0wZ5Op
zZd0E9a{^w<?tktay{hk*w3fBE@!Mnt5+sxJA~(=WH(mgjG((a>J3?J;5cIOe=E!=y
z{N5c2m#)5VW@@1pYDJaX^-w?NU#Z`JosDh(=ET;&4ml2<tD5sS`+k?NZ{r}S?@%>K
zM>1n$7383$=QhGsO-;?$@y#7U&Xut#!ztUq`rxX$)1a=59qiGLn+Y5|xTG=Fp74ol
zbsw&=R3=?O(sZGldUEsKSrRsK)FgvcDEQ&fV@6*q`;_9qy4Bq)f_^illot3kn!(y$
z==&mQ74bXDIH)1c<EM;hKDd)<?myvEz1C@N0hADx-(9zftO9J+#k<6qo!AG7IliUI
z-txjiE<1hhP!S4M1HDn2cdWJ=UmN}83;jb$aS&-vP79(@P7BjpLMAm%I?o*OfF2^A
zZuOl{h|^evqL_2}ejfeFY>3r86Jl>|?e(k`Db%EwjDAdsQk6F3Qi=={C2F|=kuMUL
zL3J@^Lg>e^kGR_?Kb%IW;d#8KvM5f&pYej2tYfmjN;<c?F}3}c=th3(0T@hSFUjht
zTatJW4MFC87UNj-xl(ODimHq%`&g3{JqoiBT+u}0Wu!??>yYxm;41nQ&R)xaEI8p|
zH9R;>Ys;On0i{*#1J~pEw3G@<WgmnDm)d>f_Nlu&IU)vy{>bLF1?I;UzI{d-G>80;
zvmcf}O3z@LVpUF&tI61?V*l)zu{2?<+F*G11cq+AL%XBhC6k!DA7<Dd=t00cV@Hl+
z(>{J{j?W9AJH*l6*wgE<N%SKAhVa^?fwSH6oeNCy#YEi{_$mY^Bc!x$`5A^zaq%5=
zM+S>mjbL%AWy9NitX!P0MI#+7XEiZgCm59bko}B~NlYjDDL1B7+-0U28=};w7}g>;
zfI)NXfo|{{Nc(E6z|2}yCUVk83*ElbaUousr9{_)a3~k;t}9pIKb~V>h+zq-C-6Hl
zgN%h~DE5N}-L!~_`sO!IyWgMN)Cwr%(2VhC;@7@Gjm=z%HH2hDUtpJA-!*JKEl0Z9
zt7%E1MM2#eC*bY|^O#ofY{Y$GF0y<0u!*g7pR()sL057mLB)iyKod=pZx=XvMZ=@5
z2yp8EBe~m1VXq`y<=HrlJ51*aw<>(XESU}gE&$40#EHzwMCnhR@{oh9051PbEW&S-
z^GFstvq~|A4FbgXgvmKCiGbtp@)ea*um%(CvHkx(nN#`69n$%8461fYrj4=Y#H(WG
zVj?v0xkcsJ4JLxy^l_Lf2w<#K*5&qVPT;H(xbFQgL_C&%&4zp&a6f}bK7}>F=>MtE
z&77Tu|Nj(kON;GzMm$hN>m6|6bbU=S^4{yu?@8O*-L3!k_=~)k9h`LOclDOi8FWxX
z-hM89^>&L}L;e5<%@p&?`tI>(Kl?TsT)E9DhoJFy+P^FTOXaC^_Arl}Xh+An_5Q6l
zq=@^+x#vh9`*BCLCdeG$%ozZI2l2JYSYy*<3f{MyF3k9m=h=6y<E}S2!nn7n3DfVL
zkkm&3qE=qF{-+=$UV5A$8&Xg7s6Z2d$v<lT<$&Nw>B5&*IoqNed}SZa?XA^nqLNz+
z`ONlOCaBgd^rL8RqnVOlN@Z?gxg<URa{=VV^>gz~MujDnlX4s}8g`mye>I81Dc6ef
zW)fxAn7;p#?10qx>*gr^(}I6k#V>Zy4aN_mpmeypQ$XzJ+I<_L;1gvP0do9=@wDl3
z05Y>n)?U43{~y;Gp9Z4gpNCb9P{G3gFv+3De_=f?inxfQsNg5>@YW$!Eld|0Z|}6C
zjC+muGYo79p&<K89(oG~!i06Od@bc!kJUNogfPr7MCbcLc*Dv#l!ZUf-Xhp|?#_^x
zDnPyn=)gre^Fc>kAi$D=7|2abc6!2o^{~zcNyd>sd#MWO@BK!kh>_<Nm2foBFGrlJ
zp%^{c2rc#$PjHDYwR}i}l)tsHa;t`0Z$5!r3TIF%W9>;*=WhDdt><<)!fAa(1AWg*
z?Bh(v(pS!6im*gb(hVCjA_-R=dNz5m!b0gWP0t`YOOfe=jzaBKfv<wq$hg5t%hAT=
zSSi+K(F|R$e#A<U8HYrizG@LO3_oE)w%0JAPP&{Is^yDIsy`z|$HO;+Y#vntiLu(@
zKf)<G-v2@0C2orU_ABNP4iREM#P#`wwpbtAIsgi522))+jXb>Q`;?Yn(7wq}pXhLO
z$9t&=v&m!NHYT<-3x#09x;P>%^TGH34|za_zb@{I3X>>l0gxeJ9^s%xO7Kwxn7sDQ
zl?9laGiz?yG$JY!Ega9YM%K*o@30!^ZVSU7UvY{Hu3;syaHvRWo*LO*wq0f;6SHTC
z!Xr^M!sUP%43Oo)K&X?!_~clVkb4mW1d`<Pkaj(Dih01DAW|U|9baQ|jVUO$JYeD0
z-iw#Dm)kFQRye1vny!J!<55jXOs5`nazU*dW3pYA5-vOmVb9Y=#EzPR*JL#Zp&S<o
zx;*?-K$TKrnyM|y5QVt7>odogcqK)ur&Z={!@sG0M4<r_AQHx$3(6Q_M4WB0uwbNZ
zn3yOKO2sWitXNK2lRQkn1M_<UJY$x&YqfGlnJcnRmb5me2!R!Qa3>Xr#Z2rDx3J4v
zYMMP+--}UiZh9VOT4=H&u1E6R6-59^u%GN=YI$_q>D(F^*^vr!*#?_N*8&MUYpkfJ
zjX_0<#kZ~gh^piu{<MlE!-N5t&}mDwVaCh8g-z2K4|N(WPLg6uS(S{@8n@M(o0}?b
zL9uz$#y#;Q4TOwmN!1#tyn^UE`mlTX@x%8&zaMmeIhnox<>OBGmr1+xE-hd+S0u%e
zad6Hp;_<g(s|Lzj_pl+p^*ileXHZUHGGRs1;V4E+Q|K{c*PNJ`4rAt3cnZ=`?JTA^
z3*Dd!E3y=bvC?_hOYsoabmA3ry;#A;U&X;IxR+k3Vydhj$C5)?k!D>ZDI&fUGCNOF
zW3rqtJUsS9Uq>4W+1xEF^jLAU7YHnx5haps($A6(;;cy%9X=FUU^_Q}EoRnHqG*>D
zkBd8$Vv&GE6qnb$U1$xe{g<$bXc1U{d6D>YSf?7S2!EEQTa3Mgl?-3PpP$XKAAf5s
zC-7E_Ch84}gp}nYmcY7rZB5YA95*}W^fCs$Xv{A0ZLhz*w_i+w3R@ITSxf<U<LjWi
zm3T`{{s(s`hBfz^f^4f@wxBt$d9G1&s#`?Rj6TQv@t$>Qo0D)z%Q2m<sZ{XDR0IlX
z30CBVG4}az$5#pBgy?#}VWDKTY<jKau%UNDyxxv{ZGfQjJl<eYWc_)@%Y2C+O$RkM
z;#zf?Z4}fQMV-6`g1-wE<<hl(*979V&`S+^+}y71zNjEkn}Vck9p*sAY-&JWfB=lq
z4A??Be~;|iFrg*zJ#4fEs-<%BEIz7MDC>66O$=!T8ip8AzO7p`OIOGn(Qvl%5;mg`
z(<Fj|Vz?vaSi!g9=njOpf{JKQ3`gntb4Aq&%PT;sks)ZmK4tnFBDeC5zVz9WuTr9!
zEA-FyD<=U@$)rnrwc6@o*VJ7C>;-rx5G`$)VHA^HS!^iTbu+|Q<joY;6f#9bIzZ(W
zXBxgS#;52)j!$8Kqnc_~_icA=-@1J2ik5$Zsrgf}B7TKQ#Ss(OfUM6DT9UX{B3PC;
zAr@>#Fx?@g+K3S>c$G%9u--=Fy`Cl^z^P>d0W2>}<_+XWw6yznDEO{=bNg=0?1PN1
z){;v`IlGiTF+&j^JS9oejLnBwz7<+`un~1Os*rh!)Sl9!OM7h&1=*CYLeS51dVN86
zAwo|sa$yQRnJ@>C`B>~5Al;BzA$+%FMx4G9LzE(E;^L*kt_&|orohu+#^fw8U{L(A
z7%<e2lN`7a=Y<%lQ)yz7LReh-)9Q<&s<D9#SEvA$xK)_j8->;Je_>x5h+Vb&3cAD+
z32@O30J2KF$hivR0!3XjEl*rx#Y(jurzeM`lnmMHN*tqzLtSL&BsE1<Dv&o>Vke_O
zpzbm3UR<$CFxYzLVOkWShw(^+ae>^ccV)#?s)nxMN{>Q@BTJz$DXfJ4UwqG(ZE@Ii
z=7^M=Xe`5Sg)5lSytW!dCU*4ikbDz2BQQEQ0)JiNy(Xaupp4v*6xm9|c>;3dBB@3E
z+RDOLXbBP3U;|2~UOWi2RX(fvz5&KxWF$|ykq~^BmY^lt4Z<QZLr>Dkv#Eh+Q{&E8
z8g{<csPjOBPGMtH&VMCLIjO@THFse&;VPe`%aLhcQo^%!S49&-G74csDOuPID`5+I
zFiwNb*Y-jrNh?x##yiAqFe;AcajGdM0(Eug*%`@-gvZULC}3sjODs-!E*oJvEyxWk
za9Be?J}m;${TbGs#0=SJ1td6vgrNvZ0$V@Ife}2e46afG%Z=Zql~LMvMAExd^TB=`
zj|_Vvm0n>`j0oY8G2v_PT0#7+NpmmS>;P|xylRh5BJ*~Ell<SCK-K!=QAQrsC(or)
z&!pr+o2n(Q(+0{Z8QQWM*b10=byF*N{$9;-##r4}Ci9fn-Pn$Z&RyV+v)++3F>$M|
znn;mf0F<sgF^A%}zQ5obu#!L)htXZyLp<XZm-mA`wCkt1-%$F}xDQUE)Fuuy1S#6z
zFyVE2Y3RJmlMiS4-DF`C{@^QSSy>`!E1Gf`oaUnwj*N(N5W0$$N@1>Xjnl7Ok>KMs
zxnmCUfk~s0HDcLuiKrkse4x@<p&&5^oz*kt8tvMcLys72NWWhkp+qbna%U5tQ*x2>
zg?mK`Q9_kr<SgyUs_jZi-lQ$-ti?)r{nMG3K}j}E-sX)pn^Agl7&_Bl1&aK0Z!FK$
z?-{&DU*RB;?A?7L_&l0(1E&i&=JVXQOa7?zLTLq9Q7$UMow25HQPfBKyJDG8fu-Td
z;~wCgj*AMlg^db9i|CLEvNf|f$(54yoYaqDXeI*_{U;6g?ln9rP0X3;n<6D^RKO6}
z_{REvuwq?$Ft7w`rT`D=p&qEEP+zS1XlPX=T*fJU#>mA%QZ%vn_3j9IqE+Qw&3A?i
zb6!#kl8N?#u`eW3a#2=ZiA&InIF9SP5mGs`LkaxX_b@;{ZJMp<O!^d9fpfHjUm2t;
zp|bGBZ-_#nxgug%YM>OZ{w>`Z52u0aSz~J}G}%0x1bSC8ZFQm}X)T0W-$t#3%A^)+
z?b&ASNzHGw)_Ca$cJ1ezYj1Tsc#^Dbin(Wav!N5NPD6f*&!OW|rEOG8s8QBL1{vGA
zS3S=h19f;^V>G^3-RL|L@!ft}FBBfyMmP~SXf0*dKD=*SMyzR37Q0t7Q58I`g_N~n
zqZarvIt?scR@kT#NF39~#N1vADq2Urg>GKsnP``6nf_gK0<&w@-r0T8uLOmJ9Ba<5
z$HbL^wj2cYiSKQNCA-Kk?d`Ctym5kFpq`$hs8*|_V?LX(xF=n)TIDpZatc;OP?F@q
z*)t_Fg`BWy>*GU)v-}m&hMrL@2&GyeT1eQ3vRsk%i8FJTqL1;*FH~<002yloPpAAP
zMm+;<yV+#hwOVp7sGdBmjLM+`dq&|RBMp@AeGE>-0s@VZULwqg+^MH`vBJ!?eiqpg
zn|PokOeZ5Zz&QBG{M?W<#3@$dyL$XO%qVrYkUKyi@|uE3b}dz;X-VTirkLcL4b%Q)
zxsH7vozEw&v%y<&LM)CkPJ7)ST7%B;UFYMlbKLHIJRNinl?7~tc>Ic%PFwx{hm)S#
zP|{kF*+n#5jI`9vKqE_9D-LiJA8wsaISkJO$}3dM737KO{$%;OF9$4UhGqL8q*rr5
za@^Mpz@~Knol!e<c8Xf}67okL&90+29bY%roYAhE-&~diJ~x4f>pG9ZwEcI5?bj+K
zV9V#4>L@BkEYm9`I1>%QepcN`8XLNcDAZT{%o_3Tec{6(Rzun2VBtYDLqw)Y<(a3E
z3O65>NVe8yc-9p2NcNhaqxStq)V`m3N}T4%Dv#b8Ddz)U$~w-uf()qUm(+fub<si-
zAa47HLz=V0A!Vl;ifKwif-AASma4bhOS+?eN^eRN(;K@MF>6yB@JqIew!_E}`O^dT
z?8-F|am>MS(J^S1A&@9(T#bUQBOO&k4=WfF*l&s*WoE<jXm*WF;mVvXn%Y{c<GK#U
ztdgrclu-U;?>yhl#+3Iuq0MbV0@5Sa(4eH9hTgIyrO`JkDnyvJh71~s=wJeRQhm!H
z1o;;TYD8OF(W~*5V}Y<~o@Xc^8`zIB7Osm`#HafQ++hA#1aH%2Sh~{}Mxj*bV0vsx
z9?R>f?(;~JpG3q!JlPkkD^fbV<0pp$@8F@Gh>r^Q62xcnOc8x^;isOxoFvxxG@X-R
zaK&>CxU`j0Ihg`nR~%@i)zIT-TX9@cj(GC;UwQnmJpWt%`3>TK^~YD{+~}E?806>f
zYf`|i$^W)p-`kDlf7{;O&hx+J`QP#&V0jR*JP24G1nfUF2$*_U^Uj!F8?Pv|4DRhk
z>FCoSbk}leO|n9DdCL*ZQM7yoZd{3#Jj06%-J)ho+@0|nOjbdsuFz@d(8LfU9(ox?
z@l(UKh-?iL48!E=5%(`j_F~O><PB{s8@255)_76%sOhRJn${w<VAtdc$8pR~g2!~<
z(y8pex#=+P8Ym6U&3!$zLU)M%a)HAN0+$-YBlC#a_&Jj_sVd`l3e=$`M7{*bOVv?~
zY6gxGQ1{5WVT1N53xd2+A__ct#AsCLZ-EO3v8{Akivr^VS`{NMe)49c1*soZ78~bi
zJ&~1%-zD)_2?Z7kjPeT4wFH+xDD_-2&lq9E({_=uQp-$a#7oi<^5-v&&tHOw<%QI<
z(a2P&6f)0G#n~JmNtqKTHY3XE`C#xa1}HJ68#p}hi9ht*VR*F_#fgsp?3T*q^IGE|
zJl?p*365EvgjXfT+Zuv2C`D&}<O(ORlX{OOancYId&=FFpx(%Fe8AF>W)q6ikJZ%R
z@5DSqWAX`&e0cW~^&mVi@M8JulF%Lv(I6L*Y`YL~CjDABrWEHTn!KS0Q+Nm<$iYo&
zN`5SIedZ&%kRk$kdS=<n+Zba%VMnIV0uGWnG#MU1gxA)x<^psgaNoi&nRCWoQ7+bx
zYSlJ<^rdK$TXP}m7N6R&iQ$6Ao9Nkz%})A1hP|N9@m+$rbn0278Qx07Y&?_-(1?Mc
zF@<(+3>QOe>W@i?7qu7lm4sNZXOjl^3@D|wwYk4y8U_)b9^kG*<Smtq%|wn%4A};o
z0l9<V0RaWSq=}<&QmQ^-HJ$zw{fSFofmC@@lwix4iBm-ZLRM@Vk!m=KX-KbfVT*aM
z1@w<3P=OU4c3J3Mf9c{ujJ`qUE`d2}1J67LjF0L8eluCW{kHSIHSBfXbU_pTIDFT7
z{jSvq?YA?0b#gL*XRXsAD(kSXYC@H?I&V+<gW+-OeWw{tfz*OW@TYUU0@7jU)!Cb-
z?=DU0PO>6Xh{DE|!iu#nvTVgpv=ah+B_w4TSXquQ-Q@`9_kCv(q!r_+ug#q%2M!+!
zf~-G>T-p0y&m-zyzEF66T#D7LP&iPSaLu}2TjLY;ck+oMTSWB5-`LK-rLWW@cuC1U
zP&zNB4DRW2HY59uqAN?(=!a4%*aqs<5sKnl(n@MokCO4Ali&8=w<hMNEgRsof3Zu~
zT;Qw!*30Z)|B|gO@TDLFS6M}yuu5K;vl)+Nk}><qAuPAH=lOr~^S|G1{-532-u8a&
zMV|jBKmViiKX3LmhkhHM|LyGW)au{WcMtXscK7N~^1Ir0ZF^@wKmW_m|MK&{{QNIJ
z|I5$+{^QR7l8JS^E6hdDtKj^W74W+NWZwEWt`UHmP-v|1l#kZyjH5l7ycvr1kJuQk
z<Wu3!i7vG$lSg-AveS8_lKO)i+t4m*ph3!}j1kZhOnK%3F0(r+6+H4HrS$7~H`7y-
zJ_MP})y84}?2q+t9vtE~ILCYI*s#EW+*F$cvMrDrrh2CLoO#|XxC+CnG-5&eWpQ_?
zB+h>t46`Tg?H?#%5dZ>I8Gb%FtDIDhD*Z}-P-%YwK(dn8V8_RbsVn6yjd<xn2WX)&
z!!v!+U`bQEglB0IYpuLN#gj9v0{?DQn96Qc^azU{ZB(>Bz_Re~Mun;DMn&6L^!RwA
zvY3$uiaT^M5tOx(2C}Lr0i@?@_ir4KwKV6v3fBTG7c~Ui3?hvzL74-_lxl)!qVAvo
zQ_J3<mW5GbKu<(DfbP*K9e9v<QVR6Ar5?|ZZ_sU=5+PxhnK|Zossdi8o%deM9L}*B
zj*VD4`LQv?UWh>ALy~#Jp&r~L`OE#TdlZMfp<<l!_iQ(M{^!^z)-d-D8-XyT{!zvo
zhNlfP3@JC80Z6ZiuUItx#uK(!`o7GDBSr;?#79ghYIM^pin0KS!SS_)IoBGIWcHeP
zt>dfmmz0ZZDv)!6Z~;7Z!|$w3lbOz;1Y$v{&Z9#X)E1-^zf%&Phph`}N;IWuqmX``
z1s6yi*F&t}jD9XHK>kb>3pr*U4=zfBl$uXsIpy&z22)lcuk&jmlmmzxmCe91jA3vM
zYX<T<mL*>DhD>n|EkI}e3G7pb(@7Ji=EVGjR#cgFTs?VpF+gE$%{lWk5Ad*jsbF(U
zHdCzIyiHdPeKx<wbQQAGcC62VEHGFV%Q1P|MTY8Bdx*DEk;37rV%UYrITu;SbkZ@l
z6Zg=!+RbMrDpK~g`UCN!KY(9H;>QtuKM~(g;CuU6Ryi(H9*0THfE;u(WjZE18+;ch
z@j~>4t2Rf~3ucP01LI9Vu8OaCc}aZr+?o6uL^QzPUs4+cz%&6lfXD;{l%IJzzJUG#
z#)-pO(Nsz$e34ZtWvcT^_#&$k?`ldVe398w*!|d1MPykA;gWJ@A=nQYO^gN!k!Q5q
z6~_r<*wzC9g}8{vVhLuoh5`ec#8W9&#guE++r8RLhS$|FI~pBjRKsr*<IZDsv@x+N
zVrXHk1o+#axA=|9hL31^U|qy2`xsM+=0#ZJ&|auL$UJ`MMS}PkmBfR>sv|-%&tZ%b
z?mqnN&#}?}h4F<I*B#hxYHO*<X$YhsqXR}GuOg))#LT|nTT;5syMwHx4x$hb@Fy{w
z(VfkATyw+eEVPX8jZc*EkE#+kNu}CO&h(Nj2<ndu>Z|yUj93u>@q4;wS<px`I%oKN
zrdRsU*PfU;%2BFpD5YZfGOa32kYpu%94{IopHd-w8LtMrNLs#=b>K~akD`@)z?f1j
z40VEe6m3%ksux3|Z0az?oyu4+S<5L}hd?7+(-5(&G?9v_HS;kdS@ZC?-v~n+s!mU<
zmM)RJru11ZVGZcz7iD?2M>A)Hnc#}Wa6u}Fh3YK)8hkqnzV(A|u<jM^Ob=IGSjpB%
zLz!*znb%O|pyaD;DTsSP$C;7XGiH~p*KdL7!aB5J<P#U(MSpR2<Ufs>1q2UWKdN-y
z9}`0gX$hNkM6U{i#QLq{DAC#9{?<8p{geI7`^knc8_UX-YsYHIckf!^q~{}>E-+gY
z%8sl|*OUPX-)=A@4;Y4atLHc{2EwXSrO8PJ1f7ASe!qlPWolIGPbYcjmRq$Hd67bM
zlE}XbwH2nvMo5zgDE>QVWkHn`s`fz&r_eO9VysdCh!mhYaB8(%C;<5Pgf<XWt=cWV
zn)A#-X{wf7avnhAlszR^x3b6;U)UdcG(=a@hoQ@-Fz(qmq5mIOYJ@z!iOdjW6{^O!
zpspe%5(NIe6Esw5lL@OfR)!PXZgtOHkzSEQ3{v5WRM#TF1gUtiO^>IxN>S$(fwd*`
zjdI(d$gDdzd{E$FFH^ytOog4kYxkejw-qu(l>g+Rg@3oO(DCh#kufdItmH*=n<HT9
zChVzUD=JD>?+Ten<0geugZ!Y=NrE(>i!>;o4Xj)JJ5x*G?+Cc@6&^ZcDs0o3;6d)s
zcnHiZVnIF8u%tJUKXTGy5HnR%RP+#j01mCZbcRkCcx+^huVv=?c1uq+p#YsgkxsRx
zd`V+fOn!LJ3fE&y)~e}xY77+(7OhpU70U&diJEQ-@c>y#SIp?_D<rHvF$%;sR8@Sv
z${e%OE+gxQmYFXprkMyq6ZMy)O`6YY9cr&`oDWWX8@ZU?W}1@tc*Ser(+!MI^6Qt>
zqYlH4&MYp}Flw9-2J+61t{P?2rfnh{i`+f(Gk_otnOcX`Ryh^L-}KdN{T7g0RFJhU
zHa3X?QVZI$!H&>@jq}x<?+f`#7ph{4L1(j7OcFf<t<@bA?&F!A#DU+`-nWqjFH~B|
zJQymh_c!f@9S^>(HtVUBQTta}Wxd;o1*3|7lykUACBgZE&N1)w^&5ad*H7IEv|B>S
zFFuHwLVKYg41HH|$KXdH5mz1QrBsa!Kw<5L3s5@Iz8+X%m6l^<3$0d(l9(VT)qbVg
zu)?aDeJzXdjpfxqV(N0D65WIo;^)3RBs80ca!zu7{`$PMc4h{gqRzzoZz_K?rddDU
z-o0f7miQG08P&{ibid7TW(wZexMUxe&?Uey;`NU@_LZNUJj95y_7vqF$4XI-Q6I?@
zmNnht+nBHHm+Kj^Zmr;fN7XK3&k~)MCljcK*0;m68e;Ou9!}l*;2w^)IMI#|MZOFU
ztQ6M(E73!dv?Hwyy)fJ~ORZ43wg=mb@$@q7yvLr#$7kbRN^Fx7jVzs9F@x>H1`agw
zErJSd^W9E-=kX{FBcyvqd`;WeBv<Hr&}TK4n{CGKPn@-_W^Ur5olV`FMWCf_)Rf(r
z;#0&qd+q5S_hBum#v%DRhsG`vPtn^Pgxk{cuFMJfU^OSnELrDlVzY~s$9SNXd_KZN
zw;(z3UNQ97YqndBLGP?nK`P8lyHShgN+=fZv9*in=9$5=!#z>9PW$j(;KLT6%`w?%
z-?wq6@3Siukz$JSoI##Z<3K;=ZZKfzhweKvy19|ZM|>Uz+FNWnblhu<e}J3HqFTPl
z-3r2h(28A9b@X(ZG4_{aFBL|^(Otp-_@E6&WPkb?yAAb7DLL@J#a<-fkj=H&d$2=f
z2Xc=c?!EUl_uO-*?|<&OElG06f5IN+o}>FU2931?^EDeF78gCg$!_TWR-(*mkFtG=
zQzePT?`LyWcx0B#u9qNf>P{)T*Wx=QxyfpL#j%Vsj(Ea|qbQCHSNWXcDaHoshS+9S
zIr6NENhoktRn!X0PC89&WVpVkVSq5ck2QLA(M={((i&dgEHsT8$Yo7D6gBVtCW+4|
zt!jRS|KC6U$Ifmt{>OG6|Kpp)|9BC^|9~ZK_vLQwK;M3Ga8Tbp$fwpHI{wE$9p~CK
z7ZmSu>#OJg!QNg*{0~0o>wC5BgYCV8+RnjuF#Bu!F#q@R_#b)vr(FJjqxesG{+C?-
zXUhLy<PSZJS)lvo9E0teUl;!grvKi4EdR?v4d;Iz|LNENV3x>3%WXdWjNc}f`=!7=
zWHCfFJf%dFg(rCKg6Z1G8VuuKwH9n<%`J>1K+o*ud}O*J@{nzgdFUb7_fp^@?to{&
z2G_3ga7J{`nj7y6bK|y6ZMN-O+iTVe#$;~Ux@lvJJfm83N&z+V`I@i)`TC!)|M}<J
zuK!;b1#->$zrV8`&;M56-Pz68|8Mch<3Hx{AM^N+dHlyb{^P$v{<kn_qzw9~F47sH
zAA=%6MsFzkz=(?#lutwSihJAuj2nkh<k1;b*AmR!W4Zi7BuXTQ1-6PR?{JmQ5q0kh
zM3oCWQwQX0$yxB@%5v&~=WEJ>F0Vk+D2RrX;=f!EX*i%|`~%C+&6PF2QVAY7T#YdC
z%eq!uL25NNbxo6}7?P3q##fGK+FTyrSTeZ;elVnhXL?K%DR4AaqVzOay-Ww+X>mQ1
zK_69Kx=-lGl$<C*CZn%Qc@^ZiYQ`J@1nI-nS1C9Mdj_GQ2K0kxrQl_1O-V;e=<=*&
z14AM|mc7Qa5)n0;_b2T#qHs$@7qyJMY||mWOkjr(hbSF}(z*t{O)<V{N<y%5R?M`_
z19UNIno2ep{zy_Zk}{1KPR)~c9iYEyf;gEZPR5i?!i*qzor+x{oP+QNhbeQ?Yss!e
zo0A|MPe;L~|Lj<Hi5IN!mq~XP4AUq4NT@_5V{pGFdyks8ClO2wkoE3>;PX;RE14i0
znCE_S*}s@QMmLu*hf6T2b(txUt#XssluR&MIWy=NmSh?yRmehe-jsE3F|*)7Lo1gl
zX<}`i>jy4WhxA4o3aie7WY<662`i%I(<NS55NPq_LK&Gvm1KFIncV)D+y8R=U;g=O
z`=3<(zCHuY8vEb&KKg$|?0>br{aSAS%k6);{V%uw<@Uea{`c=}|I?*0?|HaQf4y7V
z!GG$%xu%u-f9L++x&L>r|3~zHVa)Tk9&i5N%m2H6u(NlN`+w*5pIrWbJNwVU?*2jj
z<^E1BxBukwU&wzlvbV+2&V%hhtL6XR{?5TJ%KzFyeXqV>$NazB=n|IOe}0GdpY843
z{*&8(a{Eti|H<t?YwbS(=u~FLHN=Uv^ok1Rk1DU`3&+Oj^bMSX&++j7UFh9aFY~7{
zSFsU&^H_<08IEngxg(0ooWRoWs1ihP^1K<3&@W(`?#Of<@7-h^tKb>lOrM+ME5o+D
zdGk%b-#YDbfs>4Q0ua2aYZ|jTB|OA0gwM9bXMAPOjh=alGUF}_HCM&##8~=QBNGI;
zd(u5@C+j%YWGpK{73qkAt62%t_m;T}m5A=&keCA#{cv_V?46tp<fDJS8@3J)NyxC$
z(w>=^ez$t<8dJY4%e?BHyaRz1{W(1C9uEJ8enQsd@AB2V*6Vkz;c08|mO`;`-?VGu
zfrT-?HZD!(VhWGIDJ^KD-y5Fwjzq+dkSgK({?V{BHvY9(j{b#lKFUK~R|<MF4AS9W
zQRY#~{7Opz#>b3+2;!>*(M2L4FqBCU>m%q?@6}$recXBvGXlR4+b6G&yKlsgcZcmE
ziGiaI0prZV_(iS>AD_O-y`w0#GNzzhj{T(@<X4V(Mn+vH+tLLsa3ce;9&;>9I#xzJ
zBn2e(*#liMleMBVNY;uxP1Z_I2vITdBBd^$+_D1wN|s8QKcYtRO(B_nd;)Z$6yzxx
z%kP4(hI_d%T+a+%Ek~dzj9~&5)HLSe`_CS_bP5kvb&FAQDAk+r3wn~uCnPt6MAkvU
zIchKFgo5!*Eps;EIv;wN$-+Eg`IU3SvlyeF(I>;2A#du^JqZgAsaZ90swRA=Fpb2H
z{!*`L72)vLf~gELoQrl*Dy%kM43(M(vL+=8p3au&5PLc^c=RVxkd@Hssox7dzO+!T
z1C*UGLXU=`c^HUhY=ZE5BIX^e>!6w(!-CoFwcb}T+lH=(4xm~fo}p%40ekI^hOTLw
zH^Z4VHPJYL?bc!?K<~UZeYHq^yQU^He%AxJ$x6qHLvC3Im6wt*c&zn~{k^%Zzfhq<
z1%Siz$S9Edt^N`3%NBJdMgh!=O-Vv9w>17};uoH2T#b&1j018ntSx0-YManxBx8!F
zghY&|nrOEalmMehXsof32A^XSndEWA+_ZX!=4g2-y~veFvG6plczb3Vwpwz`A3#}L
zGL<pKWi$-}=E&o#t<W@t8@b|(D!g5n++9(r8?Y|C2iW8qDengBbK_RGCNTHrUK7*7
zYsj8FHtUy6-}L9tuWvACbIf&6BoxABj{H8Qwk1s$5jRF$fg)3#Z>lJ@HF~3)X!_7o
z9Hdo{2?uG#NmR%Wj%m{U7hXxJ%AF@wWFnroR65g7HuQ-W=}CC~XoFI$Bx0yZ!K7v_
zy-R68lpEU1IRH5a)-K(0uku^k#w%r{+o!ITFU}h~7fQ-e%x}$pFhJ&YT-R~exAU^X
z@c)ZgcSuGgJHtgsG#5K(386x?WA_eJpJf0i*PkR>$&ByO5NVEwnx^GK?+Ft{tptYF
z{Q08F9fh;<$49}@L~f28XBJN%#;16NPtbC#nwZt873GYt(2P%}4j%IR{&LmB<+c<L
zh6lQI@Fw~yx(20$>Wi*Xks$)n!cg;2E~Z4BwNpAnQYs)q3L9Yoz#^&JM6Vpg-O+J|
zrSvE1n4aEg?WA=!c>AgYJH=kqy_ynoq*Q`Aiz20rIpHI<lTGp*@x7&u>nu&5l15~6
z<ysouqcH_sWuutrQ;i7lllD0U(=R`1T3QHJ`_s9K_^^G{?Hmt4|L^|L8gz#5Iv?qB
z!%yiX#Bmb-^3<FY4wz&}5r9)fdi1Zfiw9vb>>RgyA5RCJ!_DwXCD=wtn)cYeTYwh&
zRp_3!`uz_ly<Z*MFzfibu)ShVQMkpl%Pvw^@^B`J&EC3+9Oz!Dvl!!THpP}EGI7;g
zFR9hyx>tJe(71w@0ZUK~>6i{jDS*;mW*F1fMndKtj8pWzv0&jeMr{U3i}?f1@zTZo
z%%F7n&e)m7gs^x$l&^93QX&P93w=<IQHdS`IBk=>45BU<v$8U2;DgSOgUvvQbdW*&
zn>H=#1#O4TemUPT!9ywJxTq}KC@BTMfD}T2p;C0Pa`_^Xy(?HbNC$}y^^-7hy?r?|
z@h%H0PH6R$x<_dOI+!oC);rTr;ly9?l9g(*$XLoUSdFR^r$tc{HWL%51^Z%-2JD{7
zpgT{N^Z6Yv#}??*PI$B;O^v|+F<|)C!#kT)X^We}sIwynCJ)~WB0~cS=J3*ss^lv#
z21axSZh^_zafCZ%=rU@mu_>$Uq~mu6m7NM@c63e9W%-fQaQgq-d)Dr@t>pTdzXB^)
z1rSrv%d%58+{SCmSv8LBV>!ER6&)Us1SPCUfD3?nR7d^ootgW-xBw~J$!S{PBr-|d
z_nkX;-V>vI4j7n4ngxe_t(!IQ<O4Aacovu>VtJs2XKN}bae+=0uc>6hxJ=1t{=7*W
zf|GX9aO~Z>33E=bVcqd%-#a^B*9u8V*(F+QOMAz?0gZH!r*x2n*v<R#^((rSxFj+V
zFG4)h0*K7p%1Pk?k;a<v9Vcv5Ce>;Qmnv&JaGYUn1<sh@MR|Vmcl2wo*IW%%dwAuJ
z(7Ts8r^-CVex37?dVxj^qjgc%DSte?DCYqBGrLHFJp=B|RT%SQgDh=i^0wLxYD9O9
z@B1S#eg}OxB;MY6oeqA&y}wZkSfFe6KY9F=VoM}LCu)OBDS*JvfhKV@GfS$;<qnEE
zcbM`eDe4ZW%9j(C`Y8;|O=+>-A{@`~<I7h+{^LDiz=wvrPT-YDj5s2OaOft}{k*t{
zViGY%1osgNI)T*`t$c)TU)}(P_mTZ@%3JldJ4zu&*dbGjZIM>v2C|BS$Qhq2O%TD4
zeRq<CaD7&oO=rn@JEoYHCFA*gB)}O#FYx=iH>uF!z=0n@QIjqA<0*ycFM-aMZ6Ngp
z|65MSq4Y%U+n(NXfFm(LI8I^^Mt^6wO4?zL8-VRLqH|RuIUBfXvG82Gz+kU2X8c^F
z_Nxse#6zGCTHoRTw(cLi?>zXE+%93KQ5<Qn^j5?&X9qQqYU$ND+zv5{DXDxkonN%_
z>?J~GP2mx^Ssw|l_x5F}i9D3tJ$z{5U740mq2aP%l~={wDM^~A<6?Tnb+{=7vv3k2
z`jw!GR!lO6`#Mir#8MIWln(3Ho3k1LVi4-0(`hp2lGB>2HB+eM#Q=eOl8!OuPn9nX
z+SHJMvM%x^>L(@%SGcOa*nDAOUEQ4~Kw2(wy{?lCR%DU@_*|Fu4rpVP;#7-{uqM2K
zkdc)YMRjOMrm%)wS3^*mU^RsQy0X079Yg2ZVeM|WPg>)A{{r<+-oH~-ZEcdOpvxF*
zD}<@tV_0D#k%F4MErH8KTn9+r$EX~}-C%@%0x${R$BB29&f$1_7zg2cnocPzRAdkb
zV=4c&cc-+r2aq#CCvwJ3ORj0sw<*5HSY0%*g25OS4wDFese_$<%$mV(%>k}Mqu%bB
zFSjz{Te<NrTkY^$lz~w+ix=tqj*)ZM&-^+iTI20eVyKv67d>k9CmM)E0~*S++wR${
z)FadfW0K(xt(uxnz_==~@Y&uu1&3fpfb`4$Ib3i1duu1f7g2OF1L(wPJ^p!Z0P9+c
zm#J)qr>$d~K@n$t<04>CL+VI3?su~f>$k{|-)j3~G}Cj^&kjz7fWt={%9{AlC5gsU
z8~CJI^+_JRv+p9le=ZYmmKG&R2?|6Uv=I1Zm%?t;q{=V=wBE>C_(>$&bRx~2?sC=l
zmarzPr6@V{-4T?U))qTMeG4t^>QPmdm=vlmomIy`AYAn}68qEsw2S*iMUuL<2FYm~
zwkG@q$f_=LHUUx`_@CWU1t$vwGf$U5CRY)XN)lK}Ce3g|JWr=1qN6s*YP3ne>}{0t
zN$ejS`d``>;JzZ^M?D@-KEJ&Zm|X@~WPtGb4XGrC4WfT3-t><}QGm>=c^*$sFpVl;
z^5HbOPUf!;pM87UrutD0@T+?`znb8x){j+Ps@O6o#uP-gsjV`)YLe)0H*Cp~eEeFl
zL6~^WlKHetLm{9)#c!D5Et{mvcs`_n<4#<^9@U%TVJkcq&{IQMPQ>^^T?y)Cu?K%+
ziF9>Y<g1HILw7L@9+UF8Nk{USHeA^ltqsD7#t{j0kwQ2(RzPI0+^7|0e`7WW%W9@A
z+oUz9<Z4CFleTFy#+|^LQOY!1%#K7iGCPDa(aaZ3)Wkr@^#FM;kvx3LG-*BiBE9N+
z*YYamOPp58q71?YB{gGmPv61@kM19QAr-g^anRSj^*yYz70OsP??_fy+n-qvr7DxS
z9MK-=(86Cd?v9$Grias8&|laagIob^3{D<;(zXCiWr-gGd|nbmgftTF(;{kIHw28v
zg#v6*-7S;gngq`%X?5dNYVZJBJisQen;TT~IF2qNZ;K3i0hWR1FNVna?N<4&;&^0^
z^sQbic91K2|6pulA4bJC^5C&Igw~`RC^SY+iqM<6I8(GQ<Cq$v8hV9GN!%_8)+4Rd
z8=_*FnYswCNuDgs4$IpW46<EQi^9iEC*67`Wm(zx_BD+81g;2%2XJ>U<7-3*i@d<@
z0m!PGoV8rq@<P?$A33|Ee)-NjG{=Ra%rpPv@yoYA-9JQ3SRhya)_V#=QW8xm+?NgN
z`c3p-NOq*AkOb;dg-NTdOAU%-mK0371M5znLt0DR)99)gA2BmH<6c#(d^MenSVu$e
z{&r9^@pc$#nfk&lQeSTAlcZ%a^+XJs=*<wi955?o&4FQo;)hH#;G>r#xx`!jEha5K
z+q!=k-aicPAKaqX+rC$mYNLWQfbjxP(pNJ+yFIUsT9+O}!3ISQ_qh<2EGmS|H%wFX
zb<$O8r%szt^w)b9-*uo3oQgMQ5B2q>gL?Yc#yYkMazi=C@pBk3hm9&nzh=n%xQ^`V
zp)GNKqEJ?rBvbOrz!dCEAcjOJo+lAySg6}2ZCYB5aaWEi9y1GfX~XVuB|VM;sS56H
z!~)UsyUjRg95kfh*!o>;Dv~(UiCZzrz;4K)?riVemSofIYn9sBKX*39z?6Ef_2F*V
zuA%pLZc9G(v;FCZPo+-D>-g0YewfDw#daeNd`HzqRR%bMnxvJ>7>UHdO>5B>Ffp)n
zt<i<LVxH0BiUhg{b4QbjQ~Jyua^Af;`N7!)BVw@uriwprYD4qmX=?~hztxU}+CGO-
zM`c_=Sq{bN$a=LIrE;E6&;}7}S<v3_ar3IOUnb2F--KA{dq31+7~Pj=MN(dR?2voU
z_ewarGrX_~ztC9&az5I81en+gYelS`s7U7dMVdL-*F}6A?DsduZ{7|JFZ90g_V@Po
ztPs%Lc%F}TxMx#Vx>Bhw1{e31p<ps@(OCHi*g77kS`5`hp<zYEhlb>hLt1(hr`1Rg
zpv;Sh`aJWcj9<@;p_vUET1_G8T@KHDSZe>g?=cM)w=-*Alzb`Igw8KEi?eN6AWJ>A
z@dQN+G*N73nM~Crb&mixx0WV&i9pWVS|n`QL0x~OxY8vP%-mcir0do^QU#wXSENWp
zbH;-3_|&Ls))nW*5K%(}lX2d&q)@L`!1Iu(ly~8u(^sj$)?3o%SA!E1?w{Lx{8uPX
zV-&N3YxpA9BX1jX)76K@j=4b7rRQ#f4`t<jOr8?ZQk_2A;!X;v{hy{&8j3ksq%#u_
zfSe);+&}C#QKU}5VYI066Z)r;9<jf^y3jj@7QBtvHO{w!-|6Ypb=tU<Bxk<#m6!G_
zx;+XZL)oA!a6PN#3|!Ba`)!_It(MHDe(UG#D$8#&S#9cR>!$`DTBBmy8ro6!H=H(N
z-rw!KErSCRE5?&5y-oxwUQ8W{LIBE>$%_27^g3R7nE=iq^7j(;()7hNTjjns=<MlT
z$3=>SFEF7=Ws<c5n~_;6w(6H&a+_8xyhpG{hrV1*&_gwhOeq3l*~QeodPp(A1^mQ2
z(T0uotU3Y13T-`s8yOJ{^7!pIrv0!soXE!0CrS889XV;E)O>oB4^ybW7H(yNI5a8T
z>pTTs#s^+|?0YCqPH`%@7J3_J{-@)QKM{3P^OV9Deb2wHfMPK%ZvI-N>kV#jAu-E>
z+WE<hmd3V-5R@}-EaGOUX*Lq8W}#z7bKn>Z%L3kfXwL8BYi7Uk>G<>$5#KafUe*N@
zuUvB>5Rm&XdJ3KOnGYp7_v^7FYW4|UD@4_8z(PyzGfQvT0fIG}#s$UNSu88oo9H^t
zW_h&P*_qv<j_iyHqz3m7-`_u+dr~mfbQg)V6{g&EHJ@Wg(B3!(`g~`nm>?{8-vtxE
z9{;@?;m^h7Up&f<@r(cAbbq*Y|L~9S@76Cq5X-6T7{=A6rqovcKk}7NKIJ!L3uqy)
z)p&<cO`jyao{#v(_gwPUE%fNHjjfQxBormG4&CLef+4Tymu$--7LtlE*--Pek0xj;
z$ycV2z&V8f`>ctf>FwM8B!r$3wGMrX426rSpU}F*S8WLVZCXEu_5mLbbkO8g!>=(z
zlc^AG{9$Ml-P)i|>C(ZK7eS2}2}?Ea9|m3<5ygAxdukFkCCrPcTXK!D(hmuGFH_J1
zio+o3?ll%mygSqSTE|~Hom|6hJl_&sEQ*^OjpzB;b%8Sk?Hp5}&~}Jm%rkruV%EpY
z!h9`(qG!Es-E4(uR5Ba1Yo_#JH>*cD{tnP`%-=4D+vP7ArR%}A!mwtFZq2#f?!svN
z$uF7VByX(7zz@UL>Q=u9KfM%9H<@=Z@j#=|B8JOq<PX>mQlt$e3Pse7=w)$1(Yrp-
zn_!xhlOiQHV(5Qj4$!*qIu{<Xc1Ru*^9BNcXGb_1#}n27V5%Y+RdBlCN3^gU3SZ<#
zbix%Wg2jdtwjBD$8A~9}#zRe904``B40G%j{fcj{p{*T^5fDIkxj*CWo;SC_X286d
z7DPg3xpK+U!&>}th><N0qHo*hg+d`YE&c_sjUfQV7fr?Tw_ZCZvf)zZNr4eE<n+%k
zcd{(&%YY)j_q5r>LNjX$*UVm@JbnJ!J1X5v*De4DOLR|MH|8DPZenK=w+@ldt>$X_
z)#tj#ugfunb!!s%XzN!Gaze;>okO`VR1LuPSV2?-GHhDmLIFkbtHDIEIY<~D3GL9q
zS#vo7&C`${Y*@=L8ok!y+6lY^rVMTfsRR<EYn_6y=oM2?-@giC63wk0yep(q`^YCt
zd+eG6$X6P^*5cY3tc~tOfVCqaD|DJkHq154cT_+RHrXs6sh>XU&{#o#+_QR}XTSKB
z5`&|h5s2_=0-er~s%X9$6t`H?n2Y>QI>|Tf>0+vHo!D3URScUl(yrZ$#exE$=A5m;
z;IlB6c#6lPCVg5%jgTo#Sxgi~Lf)wCm(Ag9lYt-K0&pM_6?$O`PpdN6!h|rAZtIP#
z&2*aIWN0Xwpy>!~AyAF&btOe3F$0iptL!RjUm_l$g{=<z(%8q>M)1_#rr2GJ5W|Ad
z{M%nYaTmHZkjcbHCZ1=%Jpu%Lf897;p6-GP$G}pkz+@w&e{hVY5b#Mib`cm1Uq<xB
z>{bR{qXP8BDxjR~sEE@e-3)X`<<u`$(OS?tDvrNe1-0mGtVpedJJgyeY`=0gU&sp9
zo|#eisEFp3*=u%JXA3FNg1t^M`WkYVR8(Pat1J)5MuqTm!}yrPy)i(FX_lE{7>v0X
zAp$4^yKIP_B4_8^JnCv9+=N9?tZ%;2#0N!!Hg8vxNEi0A9bX8~EGb<<t<I7n+e&Gn
zCFzESHdHpXJX#~R7V2tZsAtN%GD1;LP@o@t7yZA>|Iy|D=<>gI`9GTSe|()Bu<P=_
z9vwcj^1tpsd;X%!|M9;u|3{bqwafp}<^SmNe{}gj*607|=>LxX|9$2EJ2*TzI_l{E
z|L^oa&mZzdME}P0KT!NH4tV~*=X=keQ~uXyhx;A<-_ida{om359sS?Y|G(G#fAySM
z=|vXLS(+_8HgFjEn@`DNIfrA$-mO;YRJ_5@&)Co7xJ;fulP`*S8PAf@`1!Mh>{VOR
zckws#IZwZ%3Xnb$?M<7Lca@iLy655>l8fT=^6El=#r~P6;|Q(+La3^Z99<~IH}P70
zM@Iv_UCb>eGK2}gCo?;kBRLSW8rNJT(953r{fRKi=Y5`HrOD($cOKO2N?8J+=G;Gq
zX+8BoS$^PO>y^~@p{cZ$oQX={B;XzX;|i=BGtgi$7%+yl7}6rXL$`8_z=CG9=m|DM
zYw|nqC8mMX+WG`Yo55G<{fPi-hk?)33;3n$EzvMFyC4f*K>m|U!xQHTH%chrlE@c7
z^8rCQ%Mq4(v4YQY*AegMpHE(w?AD&=`4wDTR|(~D!|Q6EW{JnLJSq>;n@hCtmmYZ3
zIJ)tOFM23mf5#bVk`E}Tot%IUSrA6!y9!+<8+DDaxm4a?RkNLMF?JoC;w43-v!Fnz
zB6<8uREd(~Fa8O_Fg!aLSPs|(t}TJM>AhoC^!r(MPD>4A%S<zPRC+FjArcxC!|JYX
z4_uKWRWV-5Uzc4#tD*N}xpR}p=a7h#S_UC`UYU;&eqwPo#Fuznk^_${7_y@t);me3
zBMbooE$#Q}nGUA4SR$SoBAlA3CQBKAL{E8y2xp#Oa9pz}FEjw-eqm?Z<+-<A4m_6f
zDG*pKk{`1CCJ6iLq_c*!9;Rb=4<g(c;go^xDuI^&^cn|<6;*>2la<1aa3l#IY4rv@
zR|5n~<e()A3I{{kqKseC;zk@(KZe0SfieD=>RmNYg+n#`Jy(5`G0swWdc!9jM+->9
zKS?$X@U^uNMqRpI`hX(I48rB-z@~$yurcP%6epT6BHrDi5ij7EIilseWfGe1h$l1A
z3FQ$?$ayRF0$Sc{%!&qxcD0-nOF=m_MD7XS4FAESdGOSGcb-o{Eg7S58DBFVff_^}
zz^6}sq)*A%4mK&ZaD$#JW|f#Eg|32mI-^@bAxCyIbiEPP-EmbgEiWLNq#ivJ5q(;U
zHOEn?O>=mB$cF4WXe;0B(!pmSV=VAWXM5)y{Bb7Y$Nlq1%!PwA<~FkroJ#+r!)I9o
z&@>yNQ+(14p?Kf~=chwz=>k;-paw8-{Csx)IPmydTO=l^?-8-BxF_t*ABM8jrVYDM
zfw?E8hIv`Ibq7-Weq5wbfX8e{w`3N<AalmdSif>OD>JxzQ>2dihRe^)b=)x+S%Q0B
ziO3VPc^+501pb~f5HAyy6i`s2n|d^aO)RnO7zE^Dj#7tBD$95W9{e|p(>VqS{d|0d
zD;uw>oF@U*Ac!JL{9&j9k=LP!7d2y?XrVi7;FOf;hA|-Q2oJtsY~0ZtaHiW+A|zVF
zooLZaTtO8c0j@=YCYwAy2#c*z2V5<P1^o?m&qfw{gpErNyn^yN^!26yEGAVWS5dJ>
zE}G!8$6JesGIT{oDOMQ}ePuP8ET*pLgYxso6_NvY&^H?ICk2Wiu^tQhfVE{j$=Kk#
zPJyqQ1H+QdiBCgU)&##!c(@ha7x*HF1B5Q6cRE0P?zzBKFz087Owr@QDCBe47%oM^
zlyGF$2ULv!;lgF2F+1K<(Wu4D>1DoSHO;XDbcoU6{bWa!;gMwYs4;)gqsG|y0RzZr
zO;S*qy@AWE7w-p@0n|Ajq|kjmu*3G$SPV}6yRlzjkDxIu9h?>(UJ$uQJ>{-e{oHnC
zr3EeL0O7%YXy12)BQ}nf)4u&8e4RioI`~q6J7DFL#z;C}9Y(ODCID%?hfKg3YL|n=
z@3)Z=KEsMZ`zXL1ZUUItTN70BViI=$=qe<^6gk1bm$1nKbdZlbt?CU2;I;02wQwZ_
z-(eGg8-TtJ$TtA?CO~(Bc0D*QqU$#N?2dwIW6Q6G9~>*W7E=&N^w%K-EcHd$K;+sI
zm-ij{Spf&hyp<Ru!5F*-J_Lwl;6O3tISHG^689y!&9qaID{R5pEwNo%x8Wuy8F>fA
zf7}|Q4A1q*M0!%37P$qYG0EoFVixeh8d54#hSfJ^f7(UMqtLMBEs{Aay~@(RuVgGb
zJtU2bpyLGN&P_UHqZ_dJ#fYhpra)2$PWWmW*>TIXmaRw_4#8XNl;q&s5|3`uYONU<
zCR+}qwDD{?+I$K~H1grDz%#&Qwl&D6$U6pLPf_{65+^pr+~8VJbh#o;K}j-36zH6M
z-~dg0W}Ie8;q!3r$U$AF$&D%Qd7pXjPygM!A!$4{d<pl-9km;=KA8IqUW@o66SDya
z^cH2VMqAJb!18L5=mV7FK)SVLs@R>KEU7RZ#1LELO5c@vWGJc@1-(LKB()+;3R;61
zOTG&$KaGo<H1nM@JKr@sU3~0pkqMdI4Qk0Pdrdsl*3TJF^oWEwZ`p|1V)RMzHJBJg
z$$;1Dl|*=HTOA~uSf>yYgwas)=&~z{SS<xUHfCihc!#y{iCoU@4nwKQ!Jq1aa3%Ff
zr*au;5^*&vZ9&XY_6cA{sEl-71#kIj0zk-;Io<;-dU#CLyo|{n#>CrXB%1O*z52iv
zgeIv_A!jt1=OrmhD<1irrhz?Z?U^T#&Jl(hNeI$o(m1h-*pkdvObx^raF+Tk@-j*|
ziBU5TAsnkHa`RsR)^atPWsKC(P?c=Movi3y&tUOV6|8-~k1<|t^_DBib5-0qayB45
z(OO6BpMZaR`DS$T?)Xz*yghyY>c`RPr;o=kf2xx}Wi-aLQ2}P%#1T8lGd>a0CSa3@
z<$~~R|J>0S?r~yKS_z$Ub=cjhk~T<@<ZONOy)))xoT#<JUx~7usk_91l^Q3af$)<M
zI=7Cgc|6XsxVt>Vzo<Dx0ks1Q<LhSh8*IHIsRnto>RAH3K%t23GW43$PIy}Y*Z|L7
zTvf?pS(RJBTc~YO2piSREoka{WVF%=%XOtNIbkkzT%QaNpF4D38X0jmpmOKEMzq(`
z4uz)DI-|d8@b4&S&?W{9wOi&L1sH3;U|dE6C|jeSjXcq=^ozI2WW=NCt=0GHh0F31
zI2aEll+?4lT9?a>FV(&$b#F)k+4qT3>_Ues1%#RKf!4;kAZ%M|YN>U%v)Q|pC#$qo
zBz!N8NQkvC`gMB`gI|2&9Xn&0lJYOn0#>-9#glP~G~5Z0t*QrvAH~yY;J<w}dinM(
za*wZkJrl`WR2SX*C<yfjUKBwA?!g{K4@?_Lc9AS+)s%?pvd{Gc4!ae4uXOxQgBX?B
zRyT}!;(dSx-l6rQEU{z*Vrk`VCceR#fR`bm%wGMKkk{-P0)G2yk?Ln{$V!cFL`iiY
z605FC_)#OTnL@ldP_L#fc$YKvxk~sz!Ua+guoIvHp$bY+)0UfI#JNJW-mMHZU$;YP
zn5-x)0uSC_4ZLe3Zl4~iZv&+ejPF{%`5x>|7KuBTJRhJ!60UMG@1sNv&QjdkK`RNr
zu;Tj4$#@t{`Kjf$Y*-pC@)6?9MNAR+^iZoGR~hB(K;D>fxk15y5{D0Co0it08Z{cu
zID!S+@ewwTu^<=Cl@eQxc$(TttXZl%_#H?@djpwDcZdOMQY~Sk5}#4~NU3j^QXC`T
zTp!KmHaR=eEXSJpMn*ac!hU^&9i#!>LO8c^3Y|Y@^MQwsYkjG%`pQ}n`nFlV%BGP+
zvSlWk(4}#js!TwYElFvVj*WC#QdI<MHT8w0ydVw{8U7`c1#|Y8Vue5tCp}w1*GvJs
z3`FzXGQN{~$j}2WCZ0$2j16>I3EO~saq-D6#jPm1ehBMPUFW8h$t~U!4GevxZGBVT
zXH7_y^#()oZvb)=>hux5jR~xmts(IK3eq*UZDN<K&1sjxY1p7e0IDBeEsi%|TDuDS
zC$x3RVqFr9pH<Q@Emj$`u*6ph42HjMA3I7ZMu>phWw+K=f6iRAM(XQ|%n+w)#S~!%
z#8cNc+OZCzddphKB1-Upov9GL{>|90ThZ{i!L`j^zhr=LV@~-uuO4q+W*L^d@fm9f
zOM`tjv(>`n4NEnfyHOiM`X}P%!+u;&($q?yD+2veYidF@aYWmZ!Ksc={5-0-gFx$=
zZg8!Oc8C|^%g-?3NNval?Ubu=S@9%0&D%$63q~zafOaNH2L@3L1CTa1PxDK5mm%3%
zv!7(W(IjE-RBfqFD`hH2_yuLXi7CUAUQjp+G@Q?u$Yud?Hir6($d&2ESSk|^Dt;D?
zBHGy$hbh=VTjFd>C$~Nocf!*`dQNzp7gjoT*TsNTGDanBV1(D~GaJ}bxD>?DGziCq
z<R^iTjTjyLDe##GDF#KXAtza{h3z?c&vKLauSlS<U8-qsmx_cTBWt@a%lIAP#wNeA
zDH-kzrPECy1|`k=`FRc_Y9OsvA`u3Qh1R^8TI)@X_DqX4aq^ncl57(%Xbfcj)TsBA
zest4v8ZNdl2FJgm?e$0Afmjt$$hXHq!P&-?g{Epn8z+X|QA(fbmd_rOCCPoKbL${k
z9WF;vT(TLPxZP2Z_$moOp||U?1LN(w4Fen&&bwlsS`63yLnV{d7D>otbZ;dh+yw%*
zy^aK(8{~kd=q~Y?wHK5Pow;yoSPT!a;8Ia=#BCyLMl>=5Al5i1K;yCn8sS>8psYFM
z6|8hflZ7+w7>5S$mG1aMhE!z0sldT$HJ~xsvKL>I-|~pBDj5;-AJcqQjb>AR^TGF|
zD8%;$qd$?ah>NC#MFY<-B;Dmm%{$jHH)p<NpIUbVFG<O@mdr^5<{Sa-vH-6@z{lQf
zx*?a2Fd@7NgNjT{GHs(pqMXn<Hzvzf5)UcheQKogP`tU8#e)F|1%7mtQ{X8|O6Cu<
z32AtGHl3%7w33QWndy+f0NlQ3-XWp_NmOhFvRmzy&#FG`P%))UqznUKF9kIf$e%uv
zXYA-5rN4A!Z;)ffwptZdXz`LXBu!`LS#M&zBFHi*sXU|S0VN-4GtcrF<y794a61cm
zupbJ=cM`S@e$TOEZ(e)!8n%nBR$kh<@-^c#=c3C+E!V7bAC3TPxi7nQY6Jg*$c2c5
zb*rl_ZfP%WaR1Q1e+Y4n{niY5_MrM+q62P);(Z|I>vC_wNyxMBW+x<vrQrxaw)hD7
z4rvOyv$EWhq>6zEna0dH5{7!#kA#(TkA%H@)JW?5q`x~&u6HxI{ZTPd=-F(mX__^5
z(AGF2VKZIO2kMKVeU$_W3MPc)X4w#EWq^$`-2l^KwjnE9THpKT8;Q==x4^b>Si22|
zYQ;BcBh7|lkxU=a8QJ0T6|y#0@|-oM6V}QwgLhiTtxVF4As%AZ<Q2!SUz2fD#2zZn
z7`f}+pnEdY(vXO9Mob;CT&f*YW+#6gN&zybDNL1$Ea&DeYKD)RL|Pp&b_z6UjnCd9
zR`GRS7r%$rDG{y7W8!QL-frHS0BoUtC5lGObORDWkv!&9H>=92BXeFg*#)UKzucRm
zw2gH?&wm1Te<QyMf|SguVBCbF5Etic3+6$FMN6s36tp5-G0@z@R{bu9O<1lfE5X@i
zGPxSDH^FARy9u6pd@J&K6o#wAkCvIOart~=?-7iWsdSwttj!j}O$cbK_KINP1N-(^
z+5lix>(fCqF^NP{OMVGs-hs-GQB#|4ehy_3SBy2fsnwLi+n6R5c>L*|Cw&*Tok}~=
z1)_L&a$>HN6YbQC=*o4?D?`m~nNFK#Mo6p;EAKg(JFFIwz2Zg=OD*1T^0Rbf5nNl9
zEB6S6D_&~%9bX(FU}Skw;i|J4J?b12an1+c8~QB!;2jWGfZ0+k@61-G&0g&~B|8*o
zilwlft>$_MePYttHRr~CU+8{Ayk(&6Pd=Xqq1atdlSyu(T&5<poQu2}3r00phP~)W
zr(?v`NbMkW1P*R=i=12UA0(oI&wT@y%(Ra!iBkng_C0R*YtJBboVtcd4jSA?$_ha(
zo~PG|U&~cUP}XuC`B;F=Top|Cj{B#KuArCY1>O|Eel9Qg>6J4?9XQ1+icU{{`0?cJ
z+Xf`=T6wpu$V9^8a0vfbc?w;wug+$4q%}|cUaNOduc<2Y$!fM1(s5lY-J^Ns5@_Ls
zIMd<AOD5iLc2DL$unwMGrq~FUl(;)I6Y9#X)OaYHmU$!~VBTg;0M2gX_oq$wuG((i
zNl1R)c-4!WYYKn=)eE*uV924H90gfITx3fz<hsJXSlgP;)LU~5PZZME&P08f#@!-r
zm3?`uaDV4DqR={EIkpXR2ydfn6gTwY&>pB3`trIK0fU-YmYP1%q}AQ8Ia6VVpy0lW
z8xtpV5g6CI;UMq2A*6z%CFOD}O6Mag99ezc*hRTM4s;yPX+DIp!uFeML0q(ZU(oa#
z+@sSzRLZbJFg$hZmN&vW^+R5!l+tXvS}g7c+@k?0mvph5Cn%8xyf(f=8k+POU&AL@
zBbVwK?teAkUmZ4UUbchY#@?c$9mCsq@O8aIb#KgQZ=FA8b2t(aheTWPoCODqD6%64
zxujT*$FEJL2{8}v^6ErE0avr~Cds5xz4X5*wgWR!TVT9WbOl8d6T%9lbCZ^hEIyq}
z`Tm%o5Sry6md5*VwM55Trj86fE&KyqGft;l=CLfT!^q{9d)%ss5uqt^Q(+gVj?)Qp
zdB*I^&Rx-S)>|vJ`*Wx{uPE>Ui|#{L3!A4W47JXfQQJ9utf#-06RhEISr2C_i)}bW
zr`QAyuKBFf5-q|SCe7prWLHousv@!NoZ68!Cu|A=Ku68T=xS(@IVi&t3-SdmN_BE2
zP!^6!7@EOF2!}P?tBTb8&f9nL#yT3@v3T)TQv`LHs7`7PXdW6ccJ822zg_(M?ecq=
z^LB}p+JhojG!t2AGrf_lNVlq0H{O~Q=<H;{oz=x||38!e;qX~K|HDC-|KT^u|M0EM
z|8TVT&(Hq(+1`uj;M*53_Mg4zPT2p`{0~ubaj}zTvwZjKo&Og{M@{+P=*;gQ?H#;0
zIC`;nNckTQ_KyC+JL>X3boqZe{Qq0!|B?8=%m35ie}?}*{P@Gp$-6i2f6e?qd;9y(
z4@~@juy?q3(B=R6EuNo}Dn>i-oxd<I)q!^qJ?p(ge+Q32Lr=b8K+-#1Efz6w_TDFW
zpT-!a^5-Q+N8;8O`3%*b7e$QOe9G125_#*GrwkA-_J7V7$<8vqfNn0UYFQ3;cQ4ZF
zay5=7`C>QWsf9Q|_Fk^4%e)xWG7quecM{+Z=L2s+Z@(9nqcZ7{|3ErR6R7-w4QheX
zp|^2%v4Y;c0sKxmkMPssBg-Ec<=>{0BrB=N`_mH?YZdu5Fx>F{Pp7ZNYop40CT@fd
zPMH-a)%8xYX@d4`NmliEwVgNV9M<aX$*bdcr^mgI$=_FLk(4{H)3QS0^WRrVS(Wzh
zf4i9!cgrg8y}ko(I-Lx>m{!dG&Q?(UI+0^kzg>zQQ$Nl5*ifXWel5fpFf)+)xny9|
z-7Ovc*U^6+{ntIe1N!gu{m&m?9iK+kZS^bCe@BPUE&6YN@5S?u{`)N+K~Vhk^4-as
z<I_)3n)N;&zkL1EakQBB%A^8tn9MHtr{!I*LONp?|Bi^F<1tCCSMQOo7$<R&6z@-7
zzXDpwDsWoP=@*u8RK$kTev&yzdreG9uLW9b?*u_Lxf{*X?5cDY5|oScWtA^S^W-|2
zYj1baTX2`w;ZH?=l@wy4`rD)!Cq-WVIGs4&HY}7@;&gHe)Y(U}kS^|A1<JYO*Z<6O
zRM$C&<XCRUM0S}9Iw~*Q3eEG2XMc-$Mw%4YP9(BxsYEG4i}kgPrQ5xlPMB}lMum&<
zQA=rkd3OIxd}$jI=Un()bg;MHYpdJQe;xhT(SP0Zd!_$ex8_%;|M06t{~aD29d`8J
zZ}D_Ty_5fR_kVZ)clUpH|JUz-ogx0!<Uer!ZT;W=(Tf+|{r_7$Qgb9#MctX`?*H!o
z@9zKZ>F$3+=Kbs4|9da&`~St^v+n-??e@Pr@ZHlr-P1kY(>>kOJ>Ani-P1kY(>>kO
pJ>Ani-P1kY(>>kOJ>Ani-P1kY(>>kOJ-^rIe*hDO-cJB<0{})hLhk?o

literal 0
HcmV?d00001


From 0d81d2954ffa2d707f3066cda1bccbbd6eb71e0a Mon Sep 17 00:00:00 2001
From: Emanuele Sabellico <esabellico@confluent.io>
Date: Thu, 3 Jul 2025 18:56:01 +0200
Subject: [PATCH 04/12] v2.11.0 (#2006)

---
 .semaphore/semaphore.yml                  |  2 +-
 CHANGELOG.md                              | 11 ++++++++++-
 docs/conf.py                              |  2 +-
 examples/docker/Dockerfile.alpine         |  2 +-
 pyproject.toml                            |  2 +-
 src/confluent_kafka/src/confluent_kafka.h |  2 +-
 6 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
index 9d802ccb3..e119a2d98 100644
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@@ -8,7 +8,7 @@ execution_time_limit:
 global_job_config:
   env_vars:
     - name: LIBRDKAFKA_VERSION
-      value: v2.11.0-RC3
+      value: v2.11.0
   prologue:
     commands:
       - checkout
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 86f135093..b5f8c123b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,17 @@
 # Confluent's Python client for Apache Kafka
 
+## v2.11.0
+
+v2.11.0 is a feature release with the following enhancements:
+
+confluent-kafka-python v2.11.0 is based on librdkafka v2.11.0, see the
+[librdkafka release notes](https://github.com/confluentinc/librdkafka/releases/tag/v2.11.0)
+for a complete list of changes, enhancements, fixes and upgrade considerations.
+
+
 ## v2.10.1
 
-v2.10.1 is a maintenance release with the following fixes
+v2.10.1 is a maintenance release with the following fixes:
 
 - Handled `None` value for optional `ctx` parameter in  `ProtobufDeserializer` (#1939)
 - Handled `None` value for optional `ctx` parameter in  `AvroDeserializer` (#1973)
diff --git a/docs/conf.py b/docs/conf.py
index 4c383885e..decfdf63b 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -27,7 +27,7 @@
 # built documents.
 #
 # The short X.Y version.
-version = '2.11.0rc3'
+version = '2.11.0'
 # The full version, including alpha/beta/rc tags.
 release = version
 ######################################################################
diff --git a/examples/docker/Dockerfile.alpine b/examples/docker/Dockerfile.alpine
index f5848f4b9..08214da6a 100644
--- a/examples/docker/Dockerfile.alpine
+++ b/examples/docker/Dockerfile.alpine
@@ -30,7 +30,7 @@ FROM alpine:3.12
 
 COPY . /usr/src/confluent-kafka-python
 
-ENV LIBRDKAFKA_VERSION="v2.11.0-RC3"
+ENV LIBRDKAFKA_VERSION="v2.11.0"
 ENV KCAT_VERSION="master"
 ENV CKP_VERSION="master"
 
diff --git a/pyproject.toml b/pyproject.toml
index 704b4021a..38e2604b2 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "confluent-kafka"
-version = "2.11.0rc3"
+version = "2.11.0"
 description = "Confluent's Python client for Apache Kafka"
 classifiers = [
     "Development Status :: 5 - Production/Stable",
diff --git a/src/confluent_kafka/src/confluent_kafka.h b/src/confluent_kafka/src/confluent_kafka.h
index f0a817e3b..ac7474c9e 100644
--- a/src/confluent_kafka/src/confluent_kafka.h
+++ b/src/confluent_kafka/src/confluent_kafka.h
@@ -43,7 +43,7 @@
  *  MM=major, mm=minor, RR=revision, PP=patchlevel (not used)
  */
 #define CFL_VERSION     0x020b0000
-#define CFL_VERSION_STR "2.11.0rc3"
+#define CFL_VERSION_STR "2.11.0"
 
 /**
  * Minimum required librdkafka version. This is checked both during

From a32d81b95939ece0c235a8197aaa534960720ebe Mon Sep 17 00:00:00 2001
From: Matthew Seal <mseal007@gmail.com>
Date: Mon, 7 Jul 2025 14:00:53 -0700
Subject: [PATCH 05/12] Some of our tooling lands temporary files into the 
 directory (#2002)

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index edf60b535..19eb032cb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@ build
 _build
 build-openssl
 dist
+dest
 *~
 \#*
 MANIFEST

From c5ac241e2bcdf3fd0941883a4c799676d0dae0a7 Mon Sep 17 00:00:00 2001
From: Matthew Seal <mseal007@gmail.com>
Date: Mon, 7 Jul 2025 14:01:35 -0700
Subject: [PATCH 06/12] Fixed non-tool path prefix file names for python
 conventions (#2000)

---
 examples/README.md                                          | 2 +-
 examples/{eos-transactions.py => eos_transactions.py}       | 2 +-
 tests/{test_KafkaError.py => test_kafka_error.py}           | 0
 tests/{test_SerializerError.py => test_serializer_error.py} | 0
 tests/{test_TopicPartition.py => test_topic_partition.py}   | 0
 5 files changed, 2 insertions(+), 2 deletions(-)
 rename examples/{eos-transactions.py => eos_transactions.py} (99%)
 rename tests/{test_KafkaError.py => test_kafka_error.py} (100%)
 rename tests/{test_SerializerError.py => test_serializer_error.py} (100%)
 rename tests/{test_TopicPartition.py => test_topic_partition.py} (100%)

diff --git a/examples/README.md b/examples/README.md
index b68fb8886..fde034dab 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -4,7 +4,7 @@ The scripts in this directory provide various examples of using Confluent's Pyth
 * [asyncio_example.py](asyncio_example.py): AsyncIO webserver with Kafka producer.
 * [consumer.py](consumer.py): Read messages from a Kafka topic.
 * [producer.py](producer.py): Read lines from stdin and send them to a Kafka topic.
-* [eos-transactions.py](eos-transactions.py): Transactional producer with exactly once semantics (EOS).
+* [eos_transactions.py](eos_transactions.py): Transactional producer with exactly once semantics (EOS).
 * [avro_producer.py](avro_producer.py): Produce Avro serialized data using AvroSerializer.
 * [avro_consumer.py](avro_consumer.py): Read Avro serialized data using AvroDeserializer.
 * [json_producer.py](json_producer.py): Produce JSON serialized data using JSONSerializer.
diff --git a/examples/eos-transactions.py b/examples/eos_transactions.py
similarity index 99%
rename from examples/eos-transactions.py
rename to examples/eos_transactions.py
index 6a60aee98..0cba2709a 100755
--- a/examples/eos-transactions.py
+++ b/examples/eos_transactions.py
@@ -109,7 +109,7 @@ def main(args):
 
     producer = Producer({
         'bootstrap.servers': brokers,
-        'transactional.id': 'eos-transactions.py'
+        'transactional.id': 'eos_transactions.py'
     })
 
     # Initialize producer transaction.
diff --git a/tests/test_KafkaError.py b/tests/test_kafka_error.py
similarity index 100%
rename from tests/test_KafkaError.py
rename to tests/test_kafka_error.py
diff --git a/tests/test_SerializerError.py b/tests/test_serializer_error.py
similarity index 100%
rename from tests/test_SerializerError.py
rename to tests/test_serializer_error.py
diff --git a/tests/test_TopicPartition.py b/tests/test_topic_partition.py
similarity index 100%
rename from tests/test_TopicPartition.py
rename to tests/test_topic_partition.py

From 8577ecbb719609b32232a35c13ac983c9b5c128c Mon Sep 17 00:00:00 2001
From: Roman Melnyk <aywengo@users.noreply.github.com>
Date: Mon, 7 Jul 2025 23:25:26 +0200
Subject: [PATCH 07/12] Fix: Add version constraints to schemaregistry
 dependencies (#2007)

This commit adds explicit version constraints to attrs and cachetools
to ensure they are properly installed when using the schemaregistry extra.
This fixes the "No module named 'attrs'" error reported in issue #1972.

The version constraints are based on the versions that were successfully
resolved in the user's pip-compile output.

Co-authored-by: Robert Yokota <rayokota@gmail.com>
---
 requirements/requirements-schemaregistry.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/requirements/requirements-schemaregistry.txt b/requirements/requirements-schemaregistry.txt
index 1534bd34a..f6e9d5afe 100644
--- a/requirements/requirements-schemaregistry.txt
+++ b/requirements/requirements-schemaregistry.txt
@@ -1,4 +1,4 @@
-attrs
-cachetools
+attrs>=21.2.0
+cachetools>=5.5.0
 httpx>=0.26
 authlib>=1.0.0

From 4bcf1a0fe7e9aa0a97a1d4cca78ad39feae8abf4 Mon Sep 17 00:00:00 2001
From: Corey Christous <cchristous@confluent.io>
Date: Wed, 9 Jul 2025 13:57:24 -0400
Subject: [PATCH 08/12] remove explicit calls to pyenv (#2004)

---
 .semaphore/semaphore.yml     | 8 --------
 tools/wheels/build-wheels.sh | 3 +++
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
index e119a2d98..139bbbe94 100644
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@@ -31,8 +31,6 @@ blocks:
         - name: Build
           commands:
             - sem-version python 3.11
-            - PYTHON_VERSION=$(pyenv versions --bare | grep '^3.11' | head -n1)
-            - export PATH="$(pyenv root)/versions/$PYTHON_VERSION/bin:$PATH"
             - PIP_INSTALL_OPTIONS="--user" tools/wheels/build-wheels.sh "${LIBRDKAFKA_VERSION#v}" wheelhouse 2.16.2
             - tar -czf wheelhouse-macOS-${ARCH}.tgz wheelhouse
             - artifact push workflow wheelhouse-macOS-${ARCH}.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}.tgz/
@@ -57,8 +55,6 @@ blocks:
         - name: Build
           commands:
             - sem-version python 3.11
-            - PYTHON_VERSION=$(pyenv versions --bare | grep '^3.11' | head -n1)
-            - export PATH="$(pyenv root)/versions/$PYTHON_VERSION/bin:$PATH"
             - PIP_INSTALL_OPTIONS="--user" tools/wheels/build-wheels.sh "${LIBRDKAFKA_VERSION#v}" wheelhouse
             - tar -czf wheelhouse-macOS-${ARCH}-py313.tgz wheelhouse
             - artifact push workflow wheelhouse-macOS-${ARCH}-py313.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}-py313.tgz/
@@ -81,8 +77,6 @@ blocks:
         - name: Build
           commands:
             - sem-version python 3.11
-            - PYTHON_VERSION=$(pyenv versions --bare | grep '^3.11' | head -n1)
-            - export PATH="$(pyenv root)/versions/$PYTHON_VERSION/bin:$PATH"
             - PIP_INSTALL_OPTIONS="--user" tools/wheels/build-wheels.sh "${LIBRDKAFKA_VERSION#v}" wheelhouse 2.16.2
             - tar -czf wheelhouse-macOS-${ARCH}.tgz wheelhouse
             - artifact push workflow wheelhouse-macOS-${ARCH}.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}.tgz/
@@ -109,8 +103,6 @@ blocks:
         - name: Build
           commands:
             - sem-version python 3.11
-            - PYTHON_VERSION=$(pyenv versions --bare | grep '^3.11' | head -n1)
-            - export PATH="$(pyenv root)/versions/$PYTHON_VERSION/bin:$PATH"
             - PIP_INSTALL_OPTIONS="--user" tools/wheels/build-wheels.sh "${LIBRDKAFKA_VERSION#v}" wheelhouse
             - tar -czf wheelhouse-macOS-${ARCH}-py313.tgz wheelhouse
             - artifact push workflow wheelhouse-macOS-${ARCH}-py313.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}-py313.tgz/
diff --git a/tools/wheels/build-wheels.sh b/tools/wheels/build-wheels.sh
index 96b6e5a6d..d9af094c9 100755
--- a/tools/wheels/build-wheels.sh
+++ b/tools/wheels/build-wheels.sh
@@ -53,6 +53,9 @@ $this_dir/install-librdkafka.sh $librdkafka_version dest
 
 install_pkgs=cibuildwheel==$cibuildwheel_version
 
+# Ensure we have pip installed if using uv
+uv pip install pip || true
+
 python3 -m pip install ${PIP_INSTALL_OPTS} $install_pkgs ||
     pip3 install ${PIP_INSTALL_OPTS} $install_pkgs
 

From 138517e8fdd1353146801fa72871d36a6ac5ae35 Mon Sep 17 00:00:00 2001
From: Emanuele Sabellico <esabellico@confluent.io>
Date: Thu, 10 Jul 2025 17:20:59 +0200
Subject: [PATCH 09/12] Add MSeal to code owners (#2009)

---
 .github/CODEOWNERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 62dc1ad94..198c87908 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,2 +1,2 @@
 # See go/codeowners - automatically generated for confluentinc/confluent-kafka-python:
-*	@confluentinc/clients @confluentinc/data-governance
+*	@confluentinc/clients @confluentinc/data-governance @MSeal

From 02b1e6f50d9cf8d7a8f2f4c06fbe58f81c6d06af Mon Sep 17 00:00:00 2001
From: Robert Yokota <rayokota@gmail.com>
Date: Fri, 18 Jul 2025 10:26:53 -0700
Subject: [PATCH 10/12] Refactor encryption executor (#2011)

---
 .../schema_registry/_async/avro.py            | 18 +++-
 .../schema_registry/_async/json_schema.py     | 28 ++++--
 .../schema_registry/_async/protobuf.py        | 21 +++-
 .../schema_registry/_async/serde.py           | 44 +++++++--
 .../schema_registry/_sync/avro.py             | 18 +++-
 .../schema_registry/_sync/json_schema.py      | 28 ++++--
 .../schema_registry/_sync/protobuf.py         | 21 +++-
 .../schema_registry/_sync/serde.py            | 44 +++++++--
 .../common/schema_registry_client.py          | 30 +++++-
 .../rules/encryption/encrypt_executor.py      | 87 ++++++++++++----
 .../_async/test_avro_serdes.py                | 98 +++++++++++++++----
 .../_async/test_json_serdes.py                | 80 +++++++++++++--
 .../_async/test_proto_serdes.py               | 60 +++++++++++-
 .../schema_registry/_sync/test_avro_serdes.py | 98 +++++++++++++++----
 .../schema_registry/_sync/test_json_serdes.py | 80 +++++++++++++--
 .../_sync/test_proto_serdes.py                | 60 +++++++++++-
 16 files changed, 698 insertions(+), 117 deletions(-)

diff --git a/src/confluent_kafka/schema_registry/_async/avro.py b/src/confluent_kafka/schema_registry/_async/avro.py
index 91016f1ec..fc8ff0749 100644
--- a/src/confluent_kafka/schema_registry/_async/avro.py
+++ b/src/confluent_kafka/schema_registry/_async/avro.py
@@ -14,7 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+import io
 from json import loads
 from typing import Dict, Union, Optional, Callable
 
@@ -29,6 +29,8 @@
                                              AsyncSchemaRegistryClient,
                                              prefix_schema_id_serializer,
                                              dual_schema_id_deserializer)
+from confluent_kafka.schema_registry.common.schema_registry_client import \
+    RulePhase
 from confluent_kafka.serialization import (SerializationError,
                                            SerializationContext)
 from confluent_kafka.schema_registry.rule_registry import RuleRegistry
@@ -348,8 +350,14 @@ def field_transformer(rule_ctx, field_transform, msg): return (  # noqa: E731
         with _ContextStringIO() as fo:
             # write the record to the rest of the buffer
             schemaless_writer(fo, parsed_schema, value)
+            buffer = fo.getvalue()
+
+            if latest_schema is not None:
+                buffer = self._execute_rules_with_phase(
+                    ctx, subject, RulePhase.ENCODING, RuleMode.WRITE,
+                    None, latest_schema.schema, buffer, None, None)
 
-            return self._schema_id_serializer(fo.getvalue(), ctx, self._schema_id)
+            return self._schema_id_serializer(buffer, ctx, self._schema_id)
 
     async def _get_parsed_schema(self, schema: Schema) -> AvroSchema:
         parsed_schema = self._parsed_schemas.get_parsed_schema(schema)
@@ -557,6 +565,12 @@ async def __deserialize(
             if subject is not None:
                 latest_schema = await self._get_reader_schema(subject)
 
+        payload = self._execute_rules_with_phase(
+            ctx, subject, RulePhase.ENCODING, RuleMode.READ,
+            None, writer_schema_raw, payload, None, None)
+        if isinstance(payload, bytes):
+            payload = io.BytesIO(payload)
+
         if latest_schema is not None:
             migrations = await self._get_migrations(subject, writer_schema_raw, latest_schema, None)
             reader_schema_raw = latest_schema.schema
diff --git a/src/confluent_kafka/schema_registry/_async/json_schema.py b/src/confluent_kafka/schema_registry/_async/json_schema.py
index 8aa7bc17d..99c1f7d59 100644
--- a/src/confluent_kafka/schema_registry/_async/json_schema.py
+++ b/src/confluent_kafka/schema_registry/_async/json_schema.py
@@ -14,7 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+import io
 import json
 from typing import Union, Optional, Tuple, Callable
 
@@ -33,6 +33,8 @@
 from confluent_kafka.schema_registry.common.json_schema import (
     DEFAULT_SPEC, JsonSchema, _retrieve_via_httpx, transform, _ContextStringIO, JSON_TYPE
 )
+from confluent_kafka.schema_registry.common.schema_registry_client import \
+    RulePhase
 from confluent_kafka.schema_registry.rule_registry import RuleRegistry
 from confluent_kafka.schema_registry.serde import AsyncBaseSerializer, AsyncBaseDeserializer, \
     ParsedSchemaCache, SchemaId
@@ -374,8 +376,14 @@ def field_transformer(rule_ctx, field_transform, msg): return (  # noqa: E731
             if isinstance(encoded_value, str):
                 encoded_value = encoded_value.encode("utf8")
             fo.write(encoded_value)
+            buffer = fo.getvalue()
+
+            if latest_schema is not None:
+                buffer = self._execute_rules_with_phase(
+                    ctx, subject, RulePhase.ENCODING, RuleMode.WRITE,
+                    None, latest_schema.schema, buffer, None, None)
 
-            return self._schema_id_serializer(fo.getvalue(), ctx, self._schema_id)
+            return self._schema_id_serializer(buffer, ctx, self._schema_id)
 
     async def _get_parsed_schema(self, schema: Schema) -> Tuple[Optional[JsonSchema], Optional[Registry]]:
         if schema is None:
@@ -552,9 +560,9 @@ async def __init_impl(
     __init__ = __init_impl
 
     def __call__(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
-        return self.__serialize(data, ctx)
+        return self.__deserialize(data, ctx)
 
-    async def __serialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
+    async def __deserialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
         """
         Deserialize a JSON encoded record with Confluent Schema Registry framing to
         a dict, or object instance according to from_dict if from_dict is specified.
@@ -583,9 +591,6 @@ async def __serialize(self, data: bytes, ctx: Optional[SerializationContext] = N
         schema_id = SchemaId(JSON_TYPE)
         payload = self._schema_id_deserializer(data, ctx, schema_id)
 
-        # JSON documents are self-describing; no need to query schema
-        obj_dict = self._json_decode(payload.read())
-
         if self._registry is not None:
             writer_schema_raw = await self._get_writer_schema(schema_id, subject)
             writer_schema, writer_ref_registry = await self._get_parsed_schema(writer_schema_raw)
@@ -597,6 +602,15 @@ async def __serialize(self, data: bytes, ctx: Optional[SerializationContext] = N
             writer_schema_raw = None
             writer_schema, writer_ref_registry = None, None
 
+        payload = self._execute_rules_with_phase(
+            ctx, subject, RulePhase.ENCODING, RuleMode.READ,
+            None, writer_schema_raw, payload, None, None)
+        if isinstance(payload, bytes):
+            payload = io.BytesIO(payload)
+
+        # JSON documents are self-describing; no need to query schema
+        obj_dict = self._json_decode(payload.read())
+
         if latest_schema is not None:
             migrations = await self._get_migrations(subject, writer_schema_raw, latest_schema, None)
             reader_schema_raw = latest_schema.schema
diff --git a/src/confluent_kafka/schema_registry/_async/protobuf.py b/src/confluent_kafka/schema_registry/_async/protobuf.py
index 20ecaa57d..f7d1dc8b3 100644
--- a/src/confluent_kafka/schema_registry/_async/protobuf.py
+++ b/src/confluent_kafka/schema_registry/_async/protobuf.py
@@ -27,6 +27,8 @@
 from confluent_kafka.schema_registry import (reference_subject_name_strategy,
                                              topic_subject_name_strategy,
                                              prefix_schema_id_serializer, dual_schema_id_deserializer)
+from confluent_kafka.schema_registry.common.schema_registry_client import \
+    RulePhase
 from confluent_kafka.schema_registry.schema_registry_client import AsyncSchemaRegistryClient
 from confluent_kafka.schema_registry.common.protobuf import _bytes, _create_index_array, \
     _init_pool, _is_builtin, _schema_to_str, _str_to_proto, transform, _ContextStringIO, PROTOBUF_TYPE
@@ -426,7 +428,14 @@ def field_transformer(rule_ctx, field_transform, msg): return (  # noqa: E731
         with _ContextStringIO() as fo:
             fo.write(message.SerializeToString())
             self._schema_id.message_indexes = self._index_array
-            return self._schema_id_serializer(fo.getvalue(), ctx, self._schema_id)
+            buffer = fo.getvalue()
+
+            if latest_schema is not None:
+                buffer = self._execute_rules_with_phase(
+                    ctx, subject, RulePhase.ENCODING, RuleMode.WRITE,
+                    None, latest_schema.schema, buffer, None, None)
+
+            return self._schema_id_serializer(buffer, ctx, self._schema_id)
 
     async def _get_parsed_schema(self, schema: Schema) -> Tuple[descriptor_pb2.FileDescriptorProto, DescriptorPool]:
         result = self._parsed_schemas.get_parsed_schema(schema)
@@ -549,9 +558,9 @@ async def __init_impl(
     __init__ = __init_impl
 
     def __call__(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
-        return self.__serialize(data, ctx)
+        return self.__deserialize(data, ctx)
 
-    async def __serialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
+    async def __deserialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
         """
         Deserialize a serialized protobuf message with Confluent Schema Registry
         framing.
@@ -596,6 +605,12 @@ async def __serialize(self, data: bytes, ctx: Optional[SerializationContext] = N
             writer_schema_raw = None
             writer_schema = None
 
+        payload = self._execute_rules_with_phase(
+            ctx, subject, RulePhase.ENCODING, RuleMode.READ,
+            None, writer_schema_raw, payload, None, None)
+        if isinstance(payload, bytes):
+            payload = io.BytesIO(payload)
+
         if latest_schema is not None:
             migrations = await self._get_migrations(subject, writer_schema_raw, latest_schema, None)
             reader_schema_raw = latest_schema.schema
diff --git a/src/confluent_kafka/schema_registry/_async/serde.py b/src/confluent_kafka/schema_registry/_async/serde.py
index 792761430..5b208c39c 100644
--- a/src/confluent_kafka/schema_registry/_async/serde.py
+++ b/src/confluent_kafka/schema_registry/_async/serde.py
@@ -20,6 +20,8 @@
 from typing import List, Optional, Set, Dict, Any
 
 from confluent_kafka.schema_registry import RegisteredSchema
+from confluent_kafka.schema_registry.common.schema_registry_client import \
+    RulePhase
 from confluent_kafka.schema_registry.common.serde import ErrorAction, \
     FieldTransformer, Migration, NoneAction, RuleAction, \
     RuleConditionError, RuleContext, RuleError, SchemaId
@@ -59,6 +61,17 @@ def _execute_rules(
         source: Optional[Schema], target: Optional[Schema],
         message: Any, inline_tags: Optional[Dict[str, Set[str]]],
         field_transformer: Optional[FieldTransformer]
+    ) -> Any:
+        return self._execute_rules_with_phase(
+            ser_ctx, subject, RulePhase.DOMAIN, rule_mode,
+            source, target, message, inline_tags, field_transformer)
+
+    def _execute_rules_with_phase(
+        self, ser_ctx: SerializationContext, subject: str,
+        rule_phase: RulePhase, rule_mode: RuleMode,
+        source: Optional[Schema], target: Optional[Schema],
+        message: Any, inline_tags: Optional[Dict[str, Set[str]]],
+        field_transformer: Optional[FieldTransformer]
     ) -> Any:
         if message is None or target is None:
             return message
@@ -73,7 +86,10 @@ def _execute_rules(
                 rules.reverse()
         else:
             if target is not None and target.rule_set is not None:
-                rules = target.rule_set.domain_rules
+                if rule_phase == RulePhase.ENCODING:
+                    rules = target.rule_set.encoding_rules
+                else:
+                    rules = target.rule_set.domain_rules
                 if rule_mode == RuleMode.READ:
                     # Execute read rules in reverse order for symmetry
                     rules = rules[:] if rules else []
@@ -197,19 +213,25 @@ async def _get_writer_schema(
         else:
             raise SerializationError("Schema ID or GUID is not set")
 
-    def _has_rules(self, rule_set: RuleSet, mode: RuleMode) -> bool:
+    def _has_rules(self, rule_set: RuleSet, phase: RulePhase, mode: RuleMode) -> bool:
         if rule_set is None:
             return False
+        if phase == RulePhase.MIGRATION:
+            rules = rule_set.migration_rules
+        elif phase == RulePhase.DOMAIN:
+            rules = rule_set.domain_rules
+        elif phase == RulePhase.ENCODING:
+            rules = rule_set.encoding_rules
         if mode in (RuleMode.UPGRADE, RuleMode.DOWNGRADE):
             return any(rule.mode == mode or rule.mode == RuleMode.UPDOWN
-                       for rule in rule_set.migration_rules or [])
+                       for rule in rules or [])
         elif mode == RuleMode.UPDOWN:
-            return any(rule.mode == mode for rule in rule_set.migration_rules or [])
+            return any(rule.mode == mode for rule in rules or [])
         elif mode in (RuleMode.WRITE, RuleMode.READ):
             return any(rule.mode == mode or rule.mode == RuleMode.WRITEREAD
-                       for rule in rule_set.domain_rules or [])
+                       for rule in rules or [])
         elif mode == RuleMode.WRITEREAD:
-            return any(rule.mode == mode for rule in rule_set.migration_rules or [])
+            return any(rule.mode == mode for rule in rules or [])
         return False
 
     async def _get_migrations(
@@ -235,7 +257,8 @@ async def _get_migrations(
             if i == 0:
                 previous = version
                 continue
-            if version.schema.rule_set is not None and self._has_rules(version.schema.rule_set, migration_mode):
+            if version.schema.rule_set is not None and self._has_rules(
+                  version.schema.rule_set, RulePhase.MIGRATION, migration_mode):
                 if migration_mode == RuleMode.UPGRADE:
                     migration = Migration(migration_mode, previous, version)
                 else:
@@ -265,7 +288,8 @@ def _execute_migrations(
         migrations: List[Migration], message: Any
     ) -> Any:
         for migration in migrations:
-            message = self._execute_rules(ser_ctx, subject, migration.rule_mode,
-                                          migration.source.schema, migration.target.schema,
-                                          message, None, None)
+            message = self._execute_rules_with_phase(
+                ser_ctx, subject, RulePhase.MIGRATION, migration.rule_mode,
+                migration.source.schema, migration.target.schema,
+                message, None, None)
         return message
diff --git a/src/confluent_kafka/schema_registry/_sync/avro.py b/src/confluent_kafka/schema_registry/_sync/avro.py
index e1e2ac915..78e7dd8ea 100644
--- a/src/confluent_kafka/schema_registry/_sync/avro.py
+++ b/src/confluent_kafka/schema_registry/_sync/avro.py
@@ -14,7 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+import io
 from json import loads
 from typing import Dict, Union, Optional, Callable
 
@@ -29,6 +29,8 @@
                                              SchemaRegistryClient,
                                              prefix_schema_id_serializer,
                                              dual_schema_id_deserializer)
+from confluent_kafka.schema_registry.common.schema_registry_client import \
+    RulePhase
 from confluent_kafka.serialization import (SerializationError,
                                            SerializationContext)
 from confluent_kafka.schema_registry.rule_registry import RuleRegistry
@@ -348,8 +350,14 @@ def field_transformer(rule_ctx, field_transform, msg): return (  # noqa: E731
         with _ContextStringIO() as fo:
             # write the record to the rest of the buffer
             schemaless_writer(fo, parsed_schema, value)
+            buffer = fo.getvalue()
+
+            if latest_schema is not None:
+                buffer = self._execute_rules_with_phase(
+                    ctx, subject, RulePhase.ENCODING, RuleMode.WRITE,
+                    None, latest_schema.schema, buffer, None, None)
 
-            return self._schema_id_serializer(fo.getvalue(), ctx, self._schema_id)
+            return self._schema_id_serializer(buffer, ctx, self._schema_id)
 
     def _get_parsed_schema(self, schema: Schema) -> AvroSchema:
         parsed_schema = self._parsed_schemas.get_parsed_schema(schema)
@@ -557,6 +565,12 @@ def __deserialize(
             if subject is not None:
                 latest_schema = self._get_reader_schema(subject)
 
+        payload = self._execute_rules_with_phase(
+            ctx, subject, RulePhase.ENCODING, RuleMode.READ,
+            None, writer_schema_raw, payload, None, None)
+        if isinstance(payload, bytes):
+            payload = io.BytesIO(payload)
+
         if latest_schema is not None:
             migrations = self._get_migrations(subject, writer_schema_raw, latest_schema, None)
             reader_schema_raw = latest_schema.schema
diff --git a/src/confluent_kafka/schema_registry/_sync/json_schema.py b/src/confluent_kafka/schema_registry/_sync/json_schema.py
index 78ea5efd9..88da6322c 100644
--- a/src/confluent_kafka/schema_registry/_sync/json_schema.py
+++ b/src/confluent_kafka/schema_registry/_sync/json_schema.py
@@ -14,7 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+import io
 import json
 from typing import Union, Optional, Tuple, Callable
 
@@ -33,6 +33,8 @@
 from confluent_kafka.schema_registry.common.json_schema import (
     DEFAULT_SPEC, JsonSchema, _retrieve_via_httpx, transform, _ContextStringIO, JSON_TYPE
 )
+from confluent_kafka.schema_registry.common.schema_registry_client import \
+    RulePhase
 from confluent_kafka.schema_registry.rule_registry import RuleRegistry
 from confluent_kafka.schema_registry.serde import BaseSerializer, BaseDeserializer, \
     ParsedSchemaCache, SchemaId
@@ -374,8 +376,14 @@ def field_transformer(rule_ctx, field_transform, msg): return (  # noqa: E731
             if isinstance(encoded_value, str):
                 encoded_value = encoded_value.encode("utf8")
             fo.write(encoded_value)
+            buffer = fo.getvalue()
+
+            if latest_schema is not None:
+                buffer = self._execute_rules_with_phase(
+                    ctx, subject, RulePhase.ENCODING, RuleMode.WRITE,
+                    None, latest_schema.schema, buffer, None, None)
 
-            return self._schema_id_serializer(fo.getvalue(), ctx, self._schema_id)
+            return self._schema_id_serializer(buffer, ctx, self._schema_id)
 
     def _get_parsed_schema(self, schema: Schema) -> Tuple[Optional[JsonSchema], Optional[Registry]]:
         if schema is None:
@@ -552,9 +560,9 @@ def __init_impl(
     __init__ = __init_impl
 
     def __call__(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
-        return self.__serialize(data, ctx)
+        return self.__deserialize(data, ctx)
 
-    def __serialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
+    def __deserialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
         """
         Deserialize a JSON encoded record with Confluent Schema Registry framing to
         a dict, or object instance according to from_dict if from_dict is specified.
@@ -583,9 +591,6 @@ def __serialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -
         schema_id = SchemaId(JSON_TYPE)
         payload = self._schema_id_deserializer(data, ctx, schema_id)
 
-        # JSON documents are self-describing; no need to query schema
-        obj_dict = self._json_decode(payload.read())
-
         if self._registry is not None:
             writer_schema_raw = self._get_writer_schema(schema_id, subject)
             writer_schema, writer_ref_registry = self._get_parsed_schema(writer_schema_raw)
@@ -597,6 +602,15 @@ def __serialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -
             writer_schema_raw = None
             writer_schema, writer_ref_registry = None, None
 
+        payload = self._execute_rules_with_phase(
+            ctx, subject, RulePhase.ENCODING, RuleMode.READ,
+            None, writer_schema_raw, payload, None, None)
+        if isinstance(payload, bytes):
+            payload = io.BytesIO(payload)
+
+        # JSON documents are self-describing; no need to query schema
+        obj_dict = self._json_decode(payload.read())
+
         if latest_schema is not None:
             migrations = self._get_migrations(subject, writer_schema_raw, latest_schema, None)
             reader_schema_raw = latest_schema.schema
diff --git a/src/confluent_kafka/schema_registry/_sync/protobuf.py b/src/confluent_kafka/schema_registry/_sync/protobuf.py
index 08c64bf44..f202f0e99 100644
--- a/src/confluent_kafka/schema_registry/_sync/protobuf.py
+++ b/src/confluent_kafka/schema_registry/_sync/protobuf.py
@@ -27,6 +27,8 @@
 from confluent_kafka.schema_registry import (reference_subject_name_strategy,
                                              topic_subject_name_strategy,
                                              prefix_schema_id_serializer, dual_schema_id_deserializer)
+from confluent_kafka.schema_registry.common.schema_registry_client import \
+    RulePhase
 from confluent_kafka.schema_registry.schema_registry_client import SchemaRegistryClient
 from confluent_kafka.schema_registry.common.protobuf import _bytes, _create_index_array, \
     _init_pool, _is_builtin, _schema_to_str, _str_to_proto, transform, _ContextStringIO, PROTOBUF_TYPE
@@ -426,7 +428,14 @@ def field_transformer(rule_ctx, field_transform, msg): return (  # noqa: E731
         with _ContextStringIO() as fo:
             fo.write(message.SerializeToString())
             self._schema_id.message_indexes = self._index_array
-            return self._schema_id_serializer(fo.getvalue(), ctx, self._schema_id)
+            buffer = fo.getvalue()
+
+            if latest_schema is not None:
+                buffer = self._execute_rules_with_phase(
+                    ctx, subject, RulePhase.ENCODING, RuleMode.WRITE,
+                    None, latest_schema.schema, buffer, None, None)
+
+            return self._schema_id_serializer(buffer, ctx, self._schema_id)
 
     def _get_parsed_schema(self, schema: Schema) -> Tuple[descriptor_pb2.FileDescriptorProto, DescriptorPool]:
         result = self._parsed_schemas.get_parsed_schema(schema)
@@ -549,9 +558,9 @@ def __init_impl(
     __init__ = __init_impl
 
     def __call__(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
-        return self.__serialize(data, ctx)
+        return self.__deserialize(data, ctx)
 
-    def __serialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
+    def __deserialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -> Optional[bytes]:
         """
         Deserialize a serialized protobuf message with Confluent Schema Registry
         framing.
@@ -596,6 +605,12 @@ def __serialize(self, data: bytes, ctx: Optional[SerializationContext] = None) -
             writer_schema_raw = None
             writer_schema = None
 
+        payload = self._execute_rules_with_phase(
+            ctx, subject, RulePhase.ENCODING, RuleMode.READ,
+            None, writer_schema_raw, payload, None, None)
+        if isinstance(payload, bytes):
+            payload = io.BytesIO(payload)
+
         if latest_schema is not None:
             migrations = self._get_migrations(subject, writer_schema_raw, latest_schema, None)
             reader_schema_raw = latest_schema.schema
diff --git a/src/confluent_kafka/schema_registry/_sync/serde.py b/src/confluent_kafka/schema_registry/_sync/serde.py
index f0512f872..df192ed5e 100644
--- a/src/confluent_kafka/schema_registry/_sync/serde.py
+++ b/src/confluent_kafka/schema_registry/_sync/serde.py
@@ -20,6 +20,8 @@
 from typing import List, Optional, Set, Dict, Any
 
 from confluent_kafka.schema_registry import RegisteredSchema
+from confluent_kafka.schema_registry.common.schema_registry_client import \
+    RulePhase
 from confluent_kafka.schema_registry.common.serde import ErrorAction, \
     FieldTransformer, Migration, NoneAction, RuleAction, \
     RuleConditionError, RuleContext, RuleError, SchemaId
@@ -59,6 +61,17 @@ def _execute_rules(
         source: Optional[Schema], target: Optional[Schema],
         message: Any, inline_tags: Optional[Dict[str, Set[str]]],
         field_transformer: Optional[FieldTransformer]
+    ) -> Any:
+        return self._execute_rules_with_phase(
+            ser_ctx, subject, RulePhase.DOMAIN, rule_mode,
+            source, target, message, inline_tags, field_transformer)
+
+    def _execute_rules_with_phase(
+        self, ser_ctx: SerializationContext, subject: str,
+        rule_phase: RulePhase, rule_mode: RuleMode,
+        source: Optional[Schema], target: Optional[Schema],
+        message: Any, inline_tags: Optional[Dict[str, Set[str]]],
+        field_transformer: Optional[FieldTransformer]
     ) -> Any:
         if message is None or target is None:
             return message
@@ -73,7 +86,10 @@ def _execute_rules(
                 rules.reverse()
         else:
             if target is not None and target.rule_set is not None:
-                rules = target.rule_set.domain_rules
+                if rule_phase == RulePhase.ENCODING:
+                    rules = target.rule_set.encoding_rules
+                else:
+                    rules = target.rule_set.domain_rules
                 if rule_mode == RuleMode.READ:
                     # Execute read rules in reverse order for symmetry
                     rules = rules[:] if rules else []
@@ -197,19 +213,25 @@ def _get_writer_schema(
         else:
             raise SerializationError("Schema ID or GUID is not set")
 
-    def _has_rules(self, rule_set: RuleSet, mode: RuleMode) -> bool:
+    def _has_rules(self, rule_set: RuleSet, phase: RulePhase, mode: RuleMode) -> bool:
         if rule_set is None:
             return False
+        if phase == RulePhase.MIGRATION:
+            rules = rule_set.migration_rules
+        elif phase == RulePhase.DOMAIN:
+            rules = rule_set.domain_rules
+        elif phase == RulePhase.ENCODING:
+            rules = rule_set.encoding_rules
         if mode in (RuleMode.UPGRADE, RuleMode.DOWNGRADE):
             return any(rule.mode == mode or rule.mode == RuleMode.UPDOWN
-                       for rule in rule_set.migration_rules or [])
+                       for rule in rules or [])
         elif mode == RuleMode.UPDOWN:
-            return any(rule.mode == mode for rule in rule_set.migration_rules or [])
+            return any(rule.mode == mode for rule in rules or [])
         elif mode in (RuleMode.WRITE, RuleMode.READ):
             return any(rule.mode == mode or rule.mode == RuleMode.WRITEREAD
-                       for rule in rule_set.domain_rules or [])
+                       for rule in rules or [])
         elif mode == RuleMode.WRITEREAD:
-            return any(rule.mode == mode for rule in rule_set.migration_rules or [])
+            return any(rule.mode == mode for rule in rules or [])
         return False
 
     def _get_migrations(
@@ -235,7 +257,8 @@ def _get_migrations(
             if i == 0:
                 previous = version
                 continue
-            if version.schema.rule_set is not None and self._has_rules(version.schema.rule_set, migration_mode):
+            if version.schema.rule_set is not None and self._has_rules(
+                  version.schema.rule_set, RulePhase.MIGRATION, migration_mode):
                 if migration_mode == RuleMode.UPGRADE:
                     migration = Migration(migration_mode, previous, version)
                 else:
@@ -265,7 +288,8 @@ def _execute_migrations(
         migrations: List[Migration], message: Any
     ) -> Any:
         for migration in migrations:
-            message = self._execute_rules(ser_ctx, subject, migration.rule_mode,
-                                          migration.source.schema, migration.target.schema,
-                                          message, None, None)
+            message = self._execute_rules_with_phase(
+                ser_ctx, subject, RulePhase.MIGRATION, migration.rule_mode,
+                migration.source.schema, migration.target.schema,
+                message, None, None)
         return message
diff --git a/src/confluent_kafka/schema_registry/common/schema_registry_client.py b/src/confluent_kafka/schema_registry/common/schema_registry_client.py
index edbd38d02..27f9d946a 100644
--- a/src/confluent_kafka/schema_registry/common/schema_registry_client.py
+++ b/src/confluent_kafka/schema_registry/common/schema_registry_client.py
@@ -312,6 +312,15 @@ def __str__(self) -> str:
         return str(self.value)
 
 
+class RulePhase(str, Enum):
+    MIGRATION = "MIGRATION"
+    DOMAIN = "DOMAIN"
+    ENCODING = "ENCODING"
+
+    def __str__(self) -> str:
+        return str(self.value)
+
+
 class RuleMode(str, Enum):
     UPGRADE = "UPGRADE"
     DOWNGRADE = "DOWNGRADE"
@@ -471,6 +480,7 @@ def from_dict(cls: Type[T], src_dict: Dict[str, Any]) -> T:
 class RuleSet:
     migration_rules: Optional[List["Rule"]] = _attrs_field(hash=False)
     domain_rules: Optional[List["Rule"]] = _attrs_field(hash=False)
+    encoding_rules: Optional[List["Rule"]] = _attrs_field(hash=False, default=None)
 
     def to_dict(self) -> Dict[str, Any]:
         _migration_rules: Optional[List[Dict[str, Any]]] = None
@@ -487,12 +497,21 @@ def to_dict(self) -> Dict[str, Any]:
                 domain_rules_item = domain_rules_item_data.to_dict()
                 _domain_rules.append(domain_rules_item)
 
+        _encoding_rules: Optional[List[Dict[str, Any]]] = None
+        if self.encoding_rules is not None:
+            _encoding_rules = []
+            for encoding_rules_item_data in self.encoding_rules:
+                encoding_rules_item = encoding_rules_item_data.to_dict()
+                _encoding_rules.append(encoding_rules_item)
+
         field_dict: Dict[str, Any] = {}
         field_dict.update({})
         if _migration_rules is not None:
             field_dict["migrationRules"] = _migration_rules
         if _domain_rules is not None:
             field_dict["domainRules"] = _domain_rules
+        if _encoding_rules is not None:
+            field_dict["encodingRules"] = _encoding_rules
 
         return field_dict
 
@@ -511,15 +530,24 @@ def from_dict(cls: Type[T], src_dict: Dict[str, Any]) -> T:
             domain_rules_item = Rule.from_dict(domain_rules_item_data)
             domain_rules.append(domain_rules_item)
 
+        encoding_rules = []
+        _encoding_rules = d.pop("encodingRules", None)
+        for encoding_rules_item_data in _encoding_rules or []:
+            encoding_rules_item = Rule.from_dict(encoding_rules_item_data)
+            encoding_rules.append(encoding_rules_item)
+
         rule_set = cls(
             migration_rules=migration_rules,
             domain_rules=domain_rules,
+            encoding_rules=encoding_rules,
         )
 
         return rule_set
 
     def __hash__(self):
-        return hash(frozenset((self.migration_rules or []) + (self.domain_rules or [])))
+        return hash(frozenset((self.migration_rules or []) +
+                              (self.domain_rules or []) +
+                              (self.encoding_rules or [])))
 
 
 @_attrs_define
diff --git a/src/confluent_kafka/schema_registry/rules/encryption/encrypt_executor.py b/src/confluent_kafka/schema_registry/rules/encryption/encrypt_executor.py
index cb480f145..8a05e3077 100644
--- a/src/confluent_kafka/schema_registry/rules/encryption/encrypt_executor.py
+++ b/src/confluent_kafka/schema_registry/rules/encryption/encrypt_executor.py
@@ -13,6 +13,7 @@
 # limitations under the License.
 
 import base64
+import io
 import logging
 import time
 from typing import Optional, Tuple, Any
@@ -30,8 +31,8 @@
 from confluent_kafka.schema_registry.rules.encryption.kms_driver_registry import \
     get_kms_driver, KmsDriver
 from confluent_kafka.schema_registry.serde import RuleContext, \
-    FieldRuleExecutor, FieldTransform, RuleError, FieldContext, FieldType
-
+    RuleError, RuleExecutor, FieldType, FieldRuleExecutor, FieldTransform, \
+    FieldContext
 
 log = logging.getLogger(__name__)
 
@@ -53,7 +54,7 @@ def now(self) -> int:
         return int(round(time.time() * 1000))
 
 
-class FieldEncryptionExecutor(FieldRuleExecutor):
+class EncryptionExecutor(RuleExecutor):
 
     def __init__(self, clock: Clock = Clock()):
         self.client = None
@@ -81,15 +82,19 @@ def configure(self, client_conf: dict, rule_conf: dict):
             self.config = rule_conf if rule_conf else {}
 
     def type(self) -> str:
-        return "ENCRYPT"
+        return "ENCRYPT_PAYLOAD"
 
-    def new_transform(self, ctx: RuleContext) -> FieldTransform:
+    def transform(self, ctx: RuleContext, message: Any) -> Any:
+        executor = self.new_transform(ctx)
+        return executor.transform(ctx, FieldType.BYTES, message)
+
+    def new_transform(self, ctx: RuleContext) -> 'EncryptionExecutorTransform':
         cryptor = self._get_cryptor(ctx)
         kek_name = self._get_kek_name(ctx)
         dek_expiry_days = self._get_dek_expiry_days(ctx)
-        transform = FieldEncryptionExecutorTransform(
+        transform = EncryptionExecutorTransform(
             self, cryptor, kek_name, dek_expiry_days)
-        return transform.transform
+        return transform
 
     def close(self):
         if self.client is not None:
@@ -125,11 +130,11 @@ def _get_dek_expiry_days(self, ctx: RuleContext) -> int:
 
     @classmethod
     def register(cls):
-        RuleRegistry.register_rule_executor(FieldEncryptionExecutor())
+        RuleRegistry.register_rule_executor(EncryptionExecutor())
 
     @classmethod
-    def register_with_clock(cls, clock: Clock) -> 'FieldEncryptionExecutor':
-        executor = FieldEncryptionExecutor(clock)
+    def register_with_clock(cls, clock: Clock) -> 'EncryptionExecutor':
+        executor = EncryptionExecutor(clock)
         RuleRegistry.register_rule_executor(executor)
         return executor
 
@@ -191,9 +196,9 @@ def decrypt(self, dek: bytes, ciphertext: bytes, associated_data: bytes) -> byte
             return primitive.decrypt(ciphertext, associated_data)
 
 
-class FieldEncryptionExecutorTransform(object):
+class EncryptionExecutorTransform(object):
 
-    def __init__(self, executor: FieldEncryptionExecutor, cryptor: Cryptor, kek_name: str, dek_expiry_days: int):
+    def __init__(self, executor: EncryptionExecutor, cryptor: Cryptor, kek_name: str, dek_expiry_days: int):
         self._executor = executor
         self._cryptor = cryptor
         self._kek_name = kek_name
@@ -341,13 +346,13 @@ def _is_expired(self, ctx: RuleContext, dek: Optional[Dek]) -> bool:
                 and dek is not None
                 and (now - dek.ts) / MILLIS_IN_DAY > self._dek_expiry_days)
 
-    def transform(self, ctx: RuleContext, field_ctx: FieldContext, field_value: Any) -> Any:
+    def transform(self, ctx: RuleContext, field_type: FieldType, field_value: Any) -> Any:
         if field_value is None:
             return None
         if ctx.rule_mode == RuleMode.WRITE:
-            plaintext = self._to_bytes(field_ctx.field_type, field_value)
+            plaintext = self._to_bytes(field_type, field_value)
             if plaintext is None:
-                raise RuleError(f"type {field_ctx.field_type} not supported for encryption")
+                raise RuleError(f"type {field_type} not supported for encryption")
             version = None
             if self._is_dek_rotated():
                 version = -1
@@ -356,15 +361,15 @@ def transform(self, ctx: RuleContext, field_ctx: FieldContext, field_value: Any)
             ciphertext = self._cryptor.encrypt(key_material_bytes, plaintext, Cryptor.EMPTY_AAD)
             if self._is_dek_rotated():
                 ciphertext = self._prefix_version(dek.version, ciphertext)
-            if field_ctx.field_type == FieldType.STRING:
+            if field_type == FieldType.STRING:
                 return base64.b64encode(ciphertext).decode("utf-8")
             else:
-                return self._to_object(field_ctx.field_type, ciphertext)
+                return self._to_object(field_type, ciphertext)
         elif ctx.rule_mode == RuleMode.READ:
-            if field_ctx.field_type == FieldType.STRING:
+            if field_type == FieldType.STRING:
                 ciphertext = base64.b64decode(field_value)
             else:
-                ciphertext = self._to_bytes(field_ctx.field_type, field_value)
+                ciphertext = self._to_bytes(field_type, field_value)
             if ciphertext is None:
                 return field_value
 
@@ -376,7 +381,7 @@ def transform(self, ctx: RuleContext, field_ctx: FieldContext, field_value: Any)
             dek = self._get_or_create_dek(ctx, version)
             key_material_bytes = dek.get_key_material_bytes()
             plaintext = self._cryptor.decrypt(key_material_bytes, ciphertext, Cryptor.EMPTY_AAD)
-            return self._to_object(field_ctx.field_type, plaintext)
+            return self._to_object(field_type, plaintext)
         else:
             raise RuleError(f"unsupported rule mode {ctx.rule_mode}")
 
@@ -393,6 +398,8 @@ def _to_bytes(self, field_type: FieldType, value: Any) -> Optional[bytes]:
         if field_type == FieldType.STRING:
             return value.encode("utf-8")
         elif field_type == FieldType.BYTES:
+            if isinstance(value, io.BytesIO):
+                return value.read()
             return value
         return None
 
@@ -420,3 +427,43 @@ def _register_kms_client(self, kms_driver: KmsDriver, config: dict, kek_url: str
         kms_client = kms_driver.new_kms_client(config, kek_url)
         register_kms_client(kms_client)
         return kms_client
+
+
+class FieldEncryptionExecutor(FieldRuleExecutor):
+
+    def __init__(self, clock: Clock = Clock()):
+        self.executor = EncryptionExecutor(clock)
+
+    def configure(self, client_conf: dict, rule_conf: dict):
+        self.executor.configure(client_conf, rule_conf)
+
+    def type(self) -> str:
+        return "ENCRYPT"
+
+    def new_transform(self, ctx: RuleContext) -> FieldTransform:
+        executor_transform = self.executor.new_transform(ctx)
+        transform = FieldEncryptionExecutorTransform(executor_transform)
+        return transform.transform
+
+    def close(self):
+        if self.client is not None:
+            self.client.__exit__()
+
+    @classmethod
+    def register(cls):
+        RuleRegistry.register_rule_executor(FieldEncryptionExecutor())
+
+    @classmethod
+    def register_with_clock(cls, clock: Clock) -> 'FieldEncryptionExecutor':
+        executor = FieldEncryptionExecutor(clock)
+        RuleRegistry.register_rule_executor(executor)
+        return executor
+
+
+class FieldEncryptionExecutorTransform(object):
+
+    def __init__(self, executor_transform: 'EncryptionExecutorTransform'):
+        self.executor_transform = executor_transform
+
+    def transform(self, ctx: RuleContext, field_ctx: FieldContext, field_value: Any) -> Any:
+        return self.executor_transform.transform(ctx, field_ctx.field_type, field_value)
diff --git a/tests/schema_registry/_async/test_avro_serdes.py b/tests/schema_registry/_async/test_avro_serdes.py
index bc06fcd64..bb95f4098 100644
--- a/tests/schema_registry/_async/test_avro_serdes.py
+++ b/tests/schema_registry/_async/test_avro_serdes.py
@@ -38,7 +38,7 @@
 from confluent_kafka.schema_registry.rules.encryption.dek_registry.dek_registry_client import \
     DekRegistryClient, DekAlgorithm
 from confluent_kafka.schema_registry.rules.encryption.encrypt_executor import \
-    FieldEncryptionExecutor, Clock
+    FieldEncryptionExecutor, Clock, EncryptionExecutor
 from confluent_kafka.schema_registry.rules.encryption.gcpkms.gcp_driver import \
     GcpKmsDriver
 from confluent_kafka.schema_registry.rules.encryption.hcvault.hcvault_driver import \
@@ -1125,7 +1125,7 @@ async def test_avro_encryption():
         'bytesField': b'foobar',
     }
     ser = await AsyncAvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -1134,6 +1134,68 @@ async def test_avro_encryption():
     obj['stringField'] = 'hi'
     obj['bytesField'] = b'foobar'
 
+    deser = await AsyncAvroDeserializer(client, rule_conf=rule_conf)
+    executor.executor.client = dek_client
+    obj2 = await deser(obj_bytes, ser_ctx)
+    assert obj == obj2
+
+
+async def test_avro_payload_encryption():
+    executor = EncryptionExecutor.register_with_clock(FakeClock())
+
+    conf = {'url': _BASE_URL}
+    client = AsyncSchemaRegistryClient.new_client(conf)
+    ser_conf = {'auto.register.schemas': False, 'use.latest.version': True}
+    rule_conf = {'secret': 'mysecret'}
+    schema = {
+        'type': 'record',
+        'name': 'test',
+        'fields': [
+            {'name': 'intField', 'type': 'int'},
+            {'name': 'doubleField', 'type': 'double'},
+            {'name': 'stringField', 'type': 'string', 'confluent:tags': ['PII']},
+            {'name': 'booleanField', 'type': 'boolean'},
+            {'name': 'bytesField', 'type': 'bytes', 'confluent:tags': ['PII']},
+        ]
+    }
+
+    rule = Rule(
+        "test-encrypt",
+        "",
+        RuleKind.TRANSFORM,
+        RuleMode.WRITEREAD,
+        "ENCRYPT_PAYLOAD",
+        None,
+        RuleParams({
+            "encrypt.kek.name": "kek1",
+            "encrypt.kms.type": "local-kms",
+            "encrypt.kms.key.id": "mykey"
+        }),
+        None,
+        None,
+        "ERROR,NONE",
+        False
+    )
+    await client.register_schema(_SUBJECT, Schema(
+        json.dumps(schema),
+        "AVRO",
+        [],
+        None,
+        RuleSet(None, None, [rule])
+    ))
+
+    obj = {
+        'intField': 123,
+        'doubleField': 45.67,
+        'stringField': 'hi',
+        'booleanField': True,
+        'bytesField': b'foobar',
+    }
+    ser = await AsyncAvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
+    dek_client = executor.client
+    ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
+    obj_bytes = await ser(obj, ser_ctx)
+
     deser = await AsyncAvroDeserializer(client, rule_conf=rule_conf)
     executor.client = dek_client
     obj2 = await deser(obj_bytes, ser_ctx)
@@ -1193,7 +1255,7 @@ async def test_avro_encryption_deterministic():
         'bytesField': b'foobar',
     }
     ser = await AsyncAvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -1203,7 +1265,7 @@ async def test_avro_encryption_deterministic():
     obj['bytesField'] = b'foobar'
 
     deser = await AsyncAvroDeserializer(client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = await deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
@@ -1273,7 +1335,7 @@ async def test_avro_encryption_cel():
         'bytesField': b'foobar',
     }
     ser = await AsyncAvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -1283,7 +1345,7 @@ async def test_avro_encryption_cel():
     obj['bytesField'] = b'foobar'
 
     deser = await AsyncAvroDeserializer(client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = await deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
@@ -1341,7 +1403,7 @@ async def test_avro_encryption_dek_rotation():
         'bytesField': b'foobar',
     }
     ser = await AsyncAvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client: DekRegistryClient = executor.client
+    dek_client: DekRegistryClient = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -1350,17 +1412,17 @@ async def test_avro_encryption_dek_rotation():
     obj['stringField'] = 'hi'
 
     deser = await AsyncAvroDeserializer(client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = await deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
-    dek_client = executor.client
+    dek_client = executor.executor.client
     dek = dek_client.get_dek("kek1-rot", _SUBJECT, version=-1)
     assert dek.version == 1
 
     # advance 2 days
     now = datetime.now() + timedelta(days=2)
-    executor.clock.fixed_now = int(round(now.timestamp() * 1000))
+    executor.executor.clock.fixed_now = int(round(now.timestamp() * 1000))
 
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -1376,7 +1438,7 @@ async def test_avro_encryption_dek_rotation():
 
     # advance 2 days
     now = datetime.now() + timedelta(days=2)
-    executor.clock.fixed_now = int(round(now.timestamp() * 1000))
+    executor.executor.clock.fixed_now = int(round(now.timestamp() * 1000))
 
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -1437,7 +1499,7 @@ async def test_avro_encryption_f1_preserialized():
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     deser = await AsyncAvroDeserializer(client, rule_conf=rule_conf)
 
-    dek_client: DekRegistryClient = executor.client
+    dek_client: DekRegistryClient = executor.executor.client
     dek_client.register_kek("kek1-f1", "local-kms", "mykey")
 
     encrypted_dek = "07V2ndh02DA73p+dTybwZFm7DKQSZN1tEwQh+FoX1DZLk4Yj2LLu4omYjp/84tAg3BYlkfGSz+zZacJHIE4="
@@ -1500,7 +1562,7 @@ async def test_avro_encryption_deterministic_f1_preserialized():
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     deser = await AsyncAvroDeserializer(client, rule_conf=rule_conf)
 
-    dek_client: DekRegistryClient = executor.client
+    dek_client: DekRegistryClient = executor.executor.client
     dek_client.register_kek("kek1-det-f1", "local-kms", "mykey")
 
     encrypted_dek = ("YSx3DTlAHrmpoDChquJMifmPntBzxgRVdMzgYL82rgWBKn7aUSnG+WIu9oz"
@@ -1562,7 +1624,7 @@ async def test_avro_encryption_dek_rotation_f1_preserialized():
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     deser = await AsyncAvroDeserializer(client, rule_conf=rule_conf)
 
-    dek_client: DekRegistryClient = executor.client
+    dek_client: DekRegistryClient = executor.executor.client
     dek_client.register_kek("kek1-rot-f1", "local-kms", "mykey")
 
     encrypted_dek = "W/v6hOQYq1idVAcs1pPWz9UUONMVZW4IrglTnG88TsWjeCjxmtRQ4VaNe/I5dCfm2zyY9Cu0nqdvqImtUk4="
@@ -1642,7 +1704,7 @@ async def test_avro_encryption_references():
     ))
 
     ser = await AsyncAvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -1652,7 +1714,7 @@ async def test_avro_encryption_references():
     obj['refField']['bytesField'] = b'foobar'
 
     deser = await AsyncAvroDeserializer(client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = await deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
@@ -1709,7 +1771,7 @@ async def test_avro_encryption_with_union():
         'bytesField': b'foobar',
     }
     ser = await AsyncAvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -1719,7 +1781,7 @@ async def test_avro_encryption_with_union():
     obj['bytesField'] = b'foobar'
 
     deser = await AsyncAvroDeserializer(client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = await deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
diff --git a/tests/schema_registry/_async/test_json_serdes.py b/tests/schema_registry/_async/test_json_serdes.py
index 69e984bb8..31a4aed55 100644
--- a/tests/schema_registry/_async/test_json_serdes.py
+++ b/tests/schema_registry/_async/test_json_serdes.py
@@ -32,7 +32,7 @@
 from confluent_kafka.schema_registry.rules.encryption.azurekms.azure_driver import \
     AzureKmsDriver
 from confluent_kafka.schema_registry.rules.encryption.encrypt_executor import \
-    FieldEncryptionExecutor
+    FieldEncryptionExecutor, EncryptionExecutor
 from confluent_kafka.schema_registry.rules.encryption.gcpkms.gcp_driver import \
     GcpKmsDriver
 from confluent_kafka.schema_registry.rules.encryption.hcvault.hcvault_driver import \
@@ -980,7 +980,7 @@ async def test_json_encryption():
         'bytesField': base64.b64encode(b'foobar').decode('utf-8'),
     }
     ser = await AsyncJSONSerializer(json.dumps(schema), client, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -989,6 +989,74 @@ async def test_json_encryption():
     obj['stringField'] = 'hi'
     obj['bytesField'] = base64.b64encode(b'foobar').decode('utf-8')
 
+    deser = await AsyncJSONDeserializer(None, schema_registry_client=client, rule_conf=rule_conf)
+    executor.executor.client = dek_client
+    obj2 = await deser(obj_bytes, ser_ctx)
+    assert obj == obj2
+
+
+async def test_json_payloadencryption():
+    executor = EncryptionExecutor.register_with_clock(FakeClock())
+
+    conf = {'url': _BASE_URL}
+    client = AsyncSchemaRegistryClient.new_client(conf)
+    ser_conf = {'auto.register.schemas': False, 'use.latest.version': True}
+    rule_conf = {'secret': 'mysecret'}
+    schema = {
+        "type": "object",
+        "properties": {
+            "intField": {"type": "integer"},
+            "doubleField": {"type": "number"},
+            "stringField": {
+                "type": "string",
+                "confluent:tags": ["PII"]
+            },
+            "booleanField": {"type": "boolean"},
+            "bytesField": {
+                "type": "string",
+                "contentEncoding": "base64",
+                "confluent:tags": ["PII"]
+            }
+        }
+    }
+
+    rule = Rule(
+        "test-encrypt",
+        "",
+        RuleKind.TRANSFORM,
+        RuleMode.WRITEREAD,
+        "ENCRYPT_PAYLOAD",
+        None,
+        RuleParams({
+            "encrypt.kek.name": "kek1",
+            "encrypt.kms.type": "local-kms",
+            "encrypt.kms.key.id": "mykey"
+        }),
+        None,
+        None,
+        "ERROR,NONE",
+        False
+    )
+    await client.register_schema(_SUBJECT, Schema(
+        json.dumps(schema),
+        "JSON",
+        [],
+        None,
+        RuleSet(None, None, [rule])
+    ))
+
+    obj = {
+        'intField': 123,
+        'doubleField': 45.67,
+        'stringField': 'hi',
+        'booleanField': True,
+        'bytesField': base64.b64encode(b'foobar').decode('utf-8'),
+    }
+    ser = await AsyncJSONSerializer(json.dumps(schema), client, conf=ser_conf, rule_conf=rule_conf)
+    dek_client = executor.client
+    ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
+    obj_bytes = await ser(obj, ser_ctx)
+
     deser = await AsyncJSONDeserializer(None, schema_registry_client=client, rule_conf=rule_conf)
     executor.client = dek_client
     obj2 = await deser(obj_bytes, ser_ctx)
@@ -1060,7 +1128,7 @@ async def test_json_encryption_with_union():
         'bytesField': base64.b64encode(b'foobar').decode('utf-8'),
     }
     ser = await AsyncJSONSerializer(json.dumps(schema), client, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -1070,7 +1138,7 @@ async def test_json_encryption_with_union():
     obj['bytesField'] = base64.b64encode(b'foobar').decode('utf-8')
 
     deser = await AsyncJSONDeserializer(None, schema_registry_client=client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = await deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
@@ -1151,7 +1219,7 @@ async def test_json_encryption_with_references():
         'otherField': nested
     }
     ser = await AsyncJSONSerializer(json.dumps(schema), client, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -1161,7 +1229,7 @@ async def test_json_encryption_with_references():
     obj['otherField']['bytesField'] = base64.b64encode(b'foobar').decode('utf-8')
 
     deser = await AsyncJSONDeserializer(None, schema_registry_client=client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = await deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
diff --git a/tests/schema_registry/_async/test_proto_serdes.py b/tests/schema_registry/_async/test_proto_serdes.py
index 053db03ff..5c742ac38 100644
--- a/tests/schema_registry/_async/test_proto_serdes.py
+++ b/tests/schema_registry/_async/test_proto_serdes.py
@@ -34,7 +34,7 @@
 from confluent_kafka.schema_registry.rules.encryption.azurekms.azure_driver import \
     AzureKmsDriver
 from confluent_kafka.schema_registry.rules.encryption.encrypt_executor import \
-    FieldEncryptionExecutor, Clock
+    FieldEncryptionExecutor, Clock, EncryptionExecutor
 from confluent_kafka.schema_registry.rules.encryption.gcpkms.gcp_driver import \
     GcpKmsDriver
 from confluent_kafka.schema_registry.rules.encryption.hcvault.hcvault_driver import \
@@ -568,7 +568,7 @@ async def test_proto_encryption():
         oneof_string='oneof'
     )
     ser = await AsyncProtobufSerializer(example_pb2.Author, client, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = await ser(obj, ser_ctx)
 
@@ -582,6 +582,62 @@ async def test_proto_encryption():
         oneof_string='oneof'
     )
 
+    deser_conf = {
+        'use.deprecated.format': False
+    }
+    deser = await AsyncProtobufDeserializer(example_pb2.Author, deser_conf, client, rule_conf=rule_conf)
+    executor.executor.client = dek_client
+    obj2 = await deser(obj_bytes, ser_ctx)
+    assert obj == obj2
+
+
+async def test_proto_payload_encryption():
+    executor = EncryptionExecutor.register_with_clock(FakeClock())
+
+    conf = {'url': _BASE_URL}
+    client = AsyncSchemaRegistryClient.new_client(conf)
+    ser_conf = {
+        'auto.register.schemas': False,
+        'use.latest.version': True,
+        'use.deprecated.format': False
+    }
+    rule_conf = {'secret': 'mysecret'}
+    rule = Rule(
+        "test-encrypt",
+        "",
+        RuleKind.TRANSFORM,
+        RuleMode.WRITEREAD,
+        "ENCRYPT_PAYLOAD",
+        None,
+        RuleParams({
+            "encrypt.kek.name": "kek1",
+            "encrypt.kms.type": "local-kms",
+            "encrypt.kms.key.id": "mykey"
+        }),
+        None,
+        None,
+        "ERROR,NONE",
+        False
+    )
+    await client.register_schema(_SUBJECT, Schema(
+        _schema_to_str(example_pb2.Author.DESCRIPTOR.file),
+        "PROTOBUF",
+        [],
+        None,
+        RuleSet(None, None, [rule])
+    ))
+    obj = example_pb2.Author(
+        name='Kafka',
+        id=123,
+        picture=b'foobar',
+        works=['The Castle', 'TheTrial'],
+        oneof_string='oneof'
+    )
+    ser = await AsyncProtobufSerializer(example_pb2.Author, client, conf=ser_conf, rule_conf=rule_conf)
+    dek_client = executor.client
+    ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
+    obj_bytes = await ser(obj, ser_ctx)
+
     deser_conf = {
         'use.deprecated.format': False
     }
diff --git a/tests/schema_registry/_sync/test_avro_serdes.py b/tests/schema_registry/_sync/test_avro_serdes.py
index dadf530db..735d0f29a 100644
--- a/tests/schema_registry/_sync/test_avro_serdes.py
+++ b/tests/schema_registry/_sync/test_avro_serdes.py
@@ -38,7 +38,7 @@
 from confluent_kafka.schema_registry.rules.encryption.dek_registry.dek_registry_client import \
     DekRegistryClient, DekAlgorithm
 from confluent_kafka.schema_registry.rules.encryption.encrypt_executor import \
-    FieldEncryptionExecutor, Clock
+    FieldEncryptionExecutor, Clock, EncryptionExecutor
 from confluent_kafka.schema_registry.rules.encryption.gcpkms.gcp_driver import \
     GcpKmsDriver
 from confluent_kafka.schema_registry.rules.encryption.hcvault.hcvault_driver import \
@@ -1125,7 +1125,7 @@ def test_avro_encryption():
         'bytesField': b'foobar',
     }
     ser = AvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = ser(obj, ser_ctx)
 
@@ -1134,6 +1134,68 @@ def test_avro_encryption():
     obj['stringField'] = 'hi'
     obj['bytesField'] = b'foobar'
 
+    deser = AvroDeserializer(client, rule_conf=rule_conf)
+    executor.executor.client = dek_client
+    obj2 = deser(obj_bytes, ser_ctx)
+    assert obj == obj2
+
+
+def test_avro_payload_encryption():
+    executor = EncryptionExecutor.register_with_clock(FakeClock())
+
+    conf = {'url': _BASE_URL}
+    client = SchemaRegistryClient.new_client(conf)
+    ser_conf = {'auto.register.schemas': False, 'use.latest.version': True}
+    rule_conf = {'secret': 'mysecret'}
+    schema = {
+        'type': 'record',
+        'name': 'test',
+        'fields': [
+            {'name': 'intField', 'type': 'int'},
+            {'name': 'doubleField', 'type': 'double'},
+            {'name': 'stringField', 'type': 'string', 'confluent:tags': ['PII']},
+            {'name': 'booleanField', 'type': 'boolean'},
+            {'name': 'bytesField', 'type': 'bytes', 'confluent:tags': ['PII']},
+        ]
+    }
+
+    rule = Rule(
+        "test-encrypt",
+        "",
+        RuleKind.TRANSFORM,
+        RuleMode.WRITEREAD,
+        "ENCRYPT_PAYLOAD",
+        None,
+        RuleParams({
+            "encrypt.kek.name": "kek1",
+            "encrypt.kms.type": "local-kms",
+            "encrypt.kms.key.id": "mykey"
+        }),
+        None,
+        None,
+        "ERROR,NONE",
+        False
+    )
+    client.register_schema(_SUBJECT, Schema(
+        json.dumps(schema),
+        "AVRO",
+        [],
+        None,
+        RuleSet(None, None, [rule])
+    ))
+
+    obj = {
+        'intField': 123,
+        'doubleField': 45.67,
+        'stringField': 'hi',
+        'booleanField': True,
+        'bytesField': b'foobar',
+    }
+    ser = AvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
+    dek_client = executor.client
+    ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
+    obj_bytes = ser(obj, ser_ctx)
+
     deser = AvroDeserializer(client, rule_conf=rule_conf)
     executor.client = dek_client
     obj2 = deser(obj_bytes, ser_ctx)
@@ -1193,7 +1255,7 @@ def test_avro_encryption_deterministic():
         'bytesField': b'foobar',
     }
     ser = AvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = ser(obj, ser_ctx)
 
@@ -1203,7 +1265,7 @@ def test_avro_encryption_deterministic():
     obj['bytesField'] = b'foobar'
 
     deser = AvroDeserializer(client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
@@ -1273,7 +1335,7 @@ def test_avro_encryption_cel():
         'bytesField': b'foobar',
     }
     ser = AvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = ser(obj, ser_ctx)
 
@@ -1283,7 +1345,7 @@ def test_avro_encryption_cel():
     obj['bytesField'] = b'foobar'
 
     deser = AvroDeserializer(client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
@@ -1341,7 +1403,7 @@ def test_avro_encryption_dek_rotation():
         'bytesField': b'foobar',
     }
     ser = AvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client: DekRegistryClient = executor.client
+    dek_client: DekRegistryClient = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = ser(obj, ser_ctx)
 
@@ -1350,17 +1412,17 @@ def test_avro_encryption_dek_rotation():
     obj['stringField'] = 'hi'
 
     deser = AvroDeserializer(client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
-    dek_client = executor.client
+    dek_client = executor.executor.client
     dek = dek_client.get_dek("kek1-rot", _SUBJECT, version=-1)
     assert dek.version == 1
 
     # advance 2 days
     now = datetime.now() + timedelta(days=2)
-    executor.clock.fixed_now = int(round(now.timestamp() * 1000))
+    executor.executor.clock.fixed_now = int(round(now.timestamp() * 1000))
 
     obj_bytes = ser(obj, ser_ctx)
 
@@ -1376,7 +1438,7 @@ def test_avro_encryption_dek_rotation():
 
     # advance 2 days
     now = datetime.now() + timedelta(days=2)
-    executor.clock.fixed_now = int(round(now.timestamp() * 1000))
+    executor.executor.clock.fixed_now = int(round(now.timestamp() * 1000))
 
     obj_bytes = ser(obj, ser_ctx)
 
@@ -1437,7 +1499,7 @@ def test_avro_encryption_f1_preserialized():
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     deser = AvroDeserializer(client, rule_conf=rule_conf)
 
-    dek_client: DekRegistryClient = executor.client
+    dek_client: DekRegistryClient = executor.executor.client
     dek_client.register_kek("kek1-f1", "local-kms", "mykey")
 
     encrypted_dek = "07V2ndh02DA73p+dTybwZFm7DKQSZN1tEwQh+FoX1DZLk4Yj2LLu4omYjp/84tAg3BYlkfGSz+zZacJHIE4="
@@ -1500,7 +1562,7 @@ def test_avro_encryption_deterministic_f1_preserialized():
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     deser = AvroDeserializer(client, rule_conf=rule_conf)
 
-    dek_client: DekRegistryClient = executor.client
+    dek_client: DekRegistryClient = executor.executor.client
     dek_client.register_kek("kek1-det-f1", "local-kms", "mykey")
 
     encrypted_dek = ("YSx3DTlAHrmpoDChquJMifmPntBzxgRVdMzgYL82rgWBKn7aUSnG+WIu9oz"
@@ -1562,7 +1624,7 @@ def test_avro_encryption_dek_rotation_f1_preserialized():
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     deser = AvroDeserializer(client, rule_conf=rule_conf)
 
-    dek_client: DekRegistryClient = executor.client
+    dek_client: DekRegistryClient = executor.executor.client
     dek_client.register_kek("kek1-rot-f1", "local-kms", "mykey")
 
     encrypted_dek = "W/v6hOQYq1idVAcs1pPWz9UUONMVZW4IrglTnG88TsWjeCjxmtRQ4VaNe/I5dCfm2zyY9Cu0nqdvqImtUk4="
@@ -1642,7 +1704,7 @@ def test_avro_encryption_references():
     ))
 
     ser = AvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = ser(obj, ser_ctx)
 
@@ -1652,7 +1714,7 @@ def test_avro_encryption_references():
     obj['refField']['bytesField'] = b'foobar'
 
     deser = AvroDeserializer(client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
@@ -1709,7 +1771,7 @@ def test_avro_encryption_with_union():
         'bytesField': b'foobar',
     }
     ser = AvroSerializer(client, schema_str=None, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = ser(obj, ser_ctx)
 
@@ -1719,7 +1781,7 @@ def test_avro_encryption_with_union():
     obj['bytesField'] = b'foobar'
 
     deser = AvroDeserializer(client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
diff --git a/tests/schema_registry/_sync/test_json_serdes.py b/tests/schema_registry/_sync/test_json_serdes.py
index 56b3714a2..3e1c7b4b3 100644
--- a/tests/schema_registry/_sync/test_json_serdes.py
+++ b/tests/schema_registry/_sync/test_json_serdes.py
@@ -32,7 +32,7 @@
 from confluent_kafka.schema_registry.rules.encryption.azurekms.azure_driver import \
     AzureKmsDriver
 from confluent_kafka.schema_registry.rules.encryption.encrypt_executor import \
-    FieldEncryptionExecutor
+    FieldEncryptionExecutor, EncryptionExecutor
 from confluent_kafka.schema_registry.rules.encryption.gcpkms.gcp_driver import \
     GcpKmsDriver
 from confluent_kafka.schema_registry.rules.encryption.hcvault.hcvault_driver import \
@@ -980,7 +980,7 @@ def test_json_encryption():
         'bytesField': base64.b64encode(b'foobar').decode('utf-8'),
     }
     ser = JSONSerializer(json.dumps(schema), client, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = ser(obj, ser_ctx)
 
@@ -989,6 +989,74 @@ def test_json_encryption():
     obj['stringField'] = 'hi'
     obj['bytesField'] = base64.b64encode(b'foobar').decode('utf-8')
 
+    deser = JSONDeserializer(None, schema_registry_client=client, rule_conf=rule_conf)
+    executor.executor.client = dek_client
+    obj2 = deser(obj_bytes, ser_ctx)
+    assert obj == obj2
+
+
+def test_json_payloadencryption():
+    executor = EncryptionExecutor.register_with_clock(FakeClock())
+
+    conf = {'url': _BASE_URL}
+    client = SchemaRegistryClient.new_client(conf)
+    ser_conf = {'auto.register.schemas': False, 'use.latest.version': True}
+    rule_conf = {'secret': 'mysecret'}
+    schema = {
+        "type": "object",
+        "properties": {
+            "intField": {"type": "integer"},
+            "doubleField": {"type": "number"},
+            "stringField": {
+                "type": "string",
+                "confluent:tags": ["PII"]
+            },
+            "booleanField": {"type": "boolean"},
+            "bytesField": {
+                "type": "string",
+                "contentEncoding": "base64",
+                "confluent:tags": ["PII"]
+            }
+        }
+    }
+
+    rule = Rule(
+        "test-encrypt",
+        "",
+        RuleKind.TRANSFORM,
+        RuleMode.WRITEREAD,
+        "ENCRYPT_PAYLOAD",
+        None,
+        RuleParams({
+            "encrypt.kek.name": "kek1",
+            "encrypt.kms.type": "local-kms",
+            "encrypt.kms.key.id": "mykey"
+        }),
+        None,
+        None,
+        "ERROR,NONE",
+        False
+    )
+    client.register_schema(_SUBJECT, Schema(
+        json.dumps(schema),
+        "JSON",
+        [],
+        None,
+        RuleSet(None, None, [rule])
+    ))
+
+    obj = {
+        'intField': 123,
+        'doubleField': 45.67,
+        'stringField': 'hi',
+        'booleanField': True,
+        'bytesField': base64.b64encode(b'foobar').decode('utf-8'),
+    }
+    ser = JSONSerializer(json.dumps(schema), client, conf=ser_conf, rule_conf=rule_conf)
+    dek_client = executor.client
+    ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
+    obj_bytes = ser(obj, ser_ctx)
+
     deser = JSONDeserializer(None, schema_registry_client=client, rule_conf=rule_conf)
     executor.client = dek_client
     obj2 = deser(obj_bytes, ser_ctx)
@@ -1060,7 +1128,7 @@ def test_json_encryption_with_union():
         'bytesField': base64.b64encode(b'foobar').decode('utf-8'),
     }
     ser = JSONSerializer(json.dumps(schema), client, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = ser(obj, ser_ctx)
 
@@ -1070,7 +1138,7 @@ def test_json_encryption_with_union():
     obj['bytesField'] = base64.b64encode(b'foobar').decode('utf-8')
 
     deser = JSONDeserializer(None, schema_registry_client=client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
@@ -1151,7 +1219,7 @@ def test_json_encryption_with_references():
         'otherField': nested
     }
     ser = JSONSerializer(json.dumps(schema), client, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = ser(obj, ser_ctx)
 
@@ -1161,7 +1229,7 @@ def test_json_encryption_with_references():
     obj['otherField']['bytesField'] = base64.b64encode(b'foobar').decode('utf-8')
 
     deser = JSONDeserializer(None, schema_registry_client=client, rule_conf=rule_conf)
-    executor.client = dek_client
+    executor.executor.client = dek_client
     obj2 = deser(obj_bytes, ser_ctx)
     assert obj == obj2
 
diff --git a/tests/schema_registry/_sync/test_proto_serdes.py b/tests/schema_registry/_sync/test_proto_serdes.py
index 5448240c2..1ce23c807 100644
--- a/tests/schema_registry/_sync/test_proto_serdes.py
+++ b/tests/schema_registry/_sync/test_proto_serdes.py
@@ -34,7 +34,7 @@
 from confluent_kafka.schema_registry.rules.encryption.azurekms.azure_driver import \
     AzureKmsDriver
 from confluent_kafka.schema_registry.rules.encryption.encrypt_executor import \
-    FieldEncryptionExecutor, Clock
+    FieldEncryptionExecutor, Clock, EncryptionExecutor
 from confluent_kafka.schema_registry.rules.encryption.gcpkms.gcp_driver import \
     GcpKmsDriver
 from confluent_kafka.schema_registry.rules.encryption.hcvault.hcvault_driver import \
@@ -568,7 +568,7 @@ def test_proto_encryption():
         oneof_string='oneof'
     )
     ser = ProtobufSerializer(example_pb2.Author, client, conf=ser_conf, rule_conf=rule_conf)
-    dek_client = executor.client
+    dek_client = executor.executor.client
     ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
     obj_bytes = ser(obj, ser_ctx)
 
@@ -582,6 +582,62 @@ def test_proto_encryption():
         oneof_string='oneof'
     )
 
+    deser_conf = {
+        'use.deprecated.format': False
+    }
+    deser = ProtobufDeserializer(example_pb2.Author, deser_conf, client, rule_conf=rule_conf)
+    executor.executor.client = dek_client
+    obj2 = deser(obj_bytes, ser_ctx)
+    assert obj == obj2
+
+
+def test_proto_payload_encryption():
+    executor = EncryptionExecutor.register_with_clock(FakeClock())
+
+    conf = {'url': _BASE_URL}
+    client = SchemaRegistryClient.new_client(conf)
+    ser_conf = {
+        'auto.register.schemas': False,
+        'use.latest.version': True,
+        'use.deprecated.format': False
+    }
+    rule_conf = {'secret': 'mysecret'}
+    rule = Rule(
+        "test-encrypt",
+        "",
+        RuleKind.TRANSFORM,
+        RuleMode.WRITEREAD,
+        "ENCRYPT_PAYLOAD",
+        None,
+        RuleParams({
+            "encrypt.kek.name": "kek1",
+            "encrypt.kms.type": "local-kms",
+            "encrypt.kms.key.id": "mykey"
+        }),
+        None,
+        None,
+        "ERROR,NONE",
+        False
+    )
+    client.register_schema(_SUBJECT, Schema(
+        _schema_to_str(example_pb2.Author.DESCRIPTOR.file),
+        "PROTOBUF",
+        [],
+        None,
+        RuleSet(None, None, [rule])
+    ))
+    obj = example_pb2.Author(
+        name='Kafka',
+        id=123,
+        picture=b'foobar',
+        works=['The Castle', 'TheTrial'],
+        oneof_string='oneof'
+    )
+    ser = ProtobufSerializer(example_pb2.Author, client, conf=ser_conf, rule_conf=rule_conf)
+    dek_client = executor.client
+    ser_ctx = SerializationContext(_TOPIC, MessageField.VALUE)
+    obj_bytes = ser(obj, ser_ctx)
+
     deser_conf = {
         'use.deprecated.format': False
     }

From 7039489e7ed76c55be240baa79a92a8d3b0bfe96 Mon Sep 17 00:00:00 2001
From: Naxin Fang <nfang@confluent.io>
Date: Tue, 5 Aug 2025 14:58:35 -0400
Subject: [PATCH 11/12] Upgrade cel-python to 0.4.0 and update usage (#2015)

* celpy fix

* fix

* update
---
 requirements/requirements-examples.txt                      | 2 +-
 requirements/requirements-rules.txt                         | 4 ++--
 .../schema_registry/rules/cel/cel_field_presence.py         | 6 +++---
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/requirements/requirements-examples.txt b/requirements/requirements-examples.txt
index 87f4a7a32..c26c25de3 100644
--- a/requirements/requirements-examples.txt
+++ b/requirements/requirements-examples.txt
@@ -23,7 +23,7 @@ protobuf
 azure-identity
 azure-keyvault-keys
 boto3
-cel-python>=0.1.5
+cel-python>=0.4.0
 google-auth
 google-api-core
 google-cloud-kms
diff --git a/requirements/requirements-rules.txt b/requirements/requirements-rules.txt
index 98dcaba4a..4dcf89d83 100644
--- a/requirements/requirements-rules.txt
+++ b/requirements/requirements-rules.txt
@@ -1,7 +1,7 @@
 azure-identity
 azure-keyvault-keys
 boto3>=1.35
-cel-python>=0.1.5
+cel-python>=0.4.0
 google-auth
 google-api-core
 google-cloud-kms
@@ -10,4 +10,4 @@ hvac
 jsonata-python
 # Dependency of cel-python.  Use version 6 due to https://github.com/yaml/pyyaml/issues/601
 pyyaml>=6.0.0
-tink
\ No newline at end of file
+tink
diff --git a/src/confluent_kafka/schema_registry/rules/cel/cel_field_presence.py b/src/confluent_kafka/schema_registry/rules/cel/cel_field_presence.py
index e29685ea9..f78e4887e 100644
--- a/src/confluent_kafka/schema_registry/rules/cel/cel_field_presence.py
+++ b/src/confluent_kafka/schema_registry/rules/cel/cel_field_presence.py
@@ -35,12 +35,12 @@ def in_has() -> bool:
 class InterpretedRunner(celpy.InterpretedRunner):
     def evaluate(self, context):
         class Evaluator(celpy.Evaluator):
-            def macro_has_eval(self, exprlist):
+            def macro_has_eval(self, exprlist) -> celpy.celtypes.BoolType:
                 _has_state.in_has = True
                 result = super().macro_has_eval(exprlist)
                 _has_state.in_has = False
                 return result
 
-        e = Evaluator(ast=self.ast, activation=self.new_activation(context), functions=self.functions)
-        value = e.evaluate()
+        e = Evaluator(ast=self.ast, activation=self.new_activation())
+        value = e.evaluate(context)
         return value

From e9ba52e17595ba8094943fe9eaae70bc33c54749 Mon Sep 17 00:00:00 2001
From: Naxin Fang <nfang@confluent.io>
Date: Thu, 7 Aug 2025 11:23:06 -0400
Subject: [PATCH 12/12] Fix URLs in SchemaRegistryClient docs (#2014)

* fix

* typo
---
 .../schema_registry/_async/schema_registry_client.py   | 10 +++++-----
 .../schema_registry/_sync/schema_registry_client.py    | 10 +++++-----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/confluent_kafka/schema_registry/_async/schema_registry_client.py b/src/confluent_kafka/schema_registry/_async/schema_registry_client.py
index f4ca12c32..72f26a106 100644
--- a/src/confluent_kafka/schema_registry/_async/schema_registry_client.py
+++ b/src/confluent_kafka/schema_registry/_async/schema_registry_client.py
@@ -753,7 +753,7 @@ async def lookup_schema(
             SchemaRegistryError: If schema or subject can't be found
 
         See Also:
-            `POST Subject API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#post--subjects-(string-%20subject)-versions>`_
+            `POST Subject API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#post--subjects-(string-%20subject)>`_
         """  # noqa: E501
 
         registered_schema = self._cache.get_registered_by_subject_schema(subject_name, schema)
@@ -785,7 +785,7 @@ async def lookup_schema(
 
     async def get_subjects(self) -> List[str]:
         """
-        List all subjects registered with the Schema Registry
+        Lists all subjects registered with the Schema Registry
 
         Returns:
             list(str): Registered subject names
@@ -794,7 +794,7 @@ async def get_subjects(self) -> List[str]:
             SchemaRegistryError: if subjects can't be found
 
         See Also:
-            `GET subjects API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#get--subjects-(string-%20subject)-versions>`_
+            `GET subjects API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#get--subjects>`_
         """  # noqa: E501
 
         return await self._rest_client.get('subjects')
@@ -908,7 +908,7 @@ async def get_latest_with_metadata(
         return registered_schema
 
     async def get_version(
-        self, subject_name: str, version: int,
+        self, subject_name: str, version: Union[int, str] = "latest",
         deleted: bool = False, fmt: Optional[str] = None
     ) -> 'RegisteredSchema':
         """
@@ -927,7 +927,7 @@ async def get_version(
             SchemaRegistryError: if the version can't be found or is invalid.
 
         See Also:
-            `GET Subject Version API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#get--subjects-(string-%20subject)-versions-(versionId-%20version)>`_
+            `GET Subject Versions API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#get--subjects-(string-%20subject)-versions>`_
         """  # noqa: E501
 
         registered_schema = self._cache.get_registered_by_subject_version(subject_name, version)
diff --git a/src/confluent_kafka/schema_registry/_sync/schema_registry_client.py b/src/confluent_kafka/schema_registry/_sync/schema_registry_client.py
index 2394172c4..3be266538 100644
--- a/src/confluent_kafka/schema_registry/_sync/schema_registry_client.py
+++ b/src/confluent_kafka/schema_registry/_sync/schema_registry_client.py
@@ -753,7 +753,7 @@ def lookup_schema(
             SchemaRegistryError: If schema or subject can't be found
 
         See Also:
-            `POST Subject API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#post--subjects-(string-%20subject)-versions>`_
+            `POST Subject API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#post--subjects-(string-%20subject)>`_
         """  # noqa: E501
 
         registered_schema = self._cache.get_registered_by_subject_schema(subject_name, schema)
@@ -785,7 +785,7 @@ def lookup_schema(
 
     def get_subjects(self) -> List[str]:
         """
-        List all subjects registered with the Schema Registry
+        Lists all subjects registered with the Schema Registry
 
         Returns:
             list(str): Registered subject names
@@ -794,7 +794,7 @@ def get_subjects(self) -> List[str]:
             SchemaRegistryError: if subjects can't be found
 
         See Also:
-            `GET subjects API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#get--subjects-(string-%20subject)-versions>`_
+            `GET subjects API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#get--subjects>`_
         """  # noqa: E501
 
         return self._rest_client.get('subjects')
@@ -908,7 +908,7 @@ def get_latest_with_metadata(
         return registered_schema
 
     def get_version(
-        self, subject_name: str, version: int,
+        self, subject_name: str, version: Union[int, str] = "latest",
         deleted: bool = False, fmt: Optional[str] = None
     ) -> 'RegisteredSchema':
         """
@@ -927,7 +927,7 @@ def get_version(
             SchemaRegistryError: if the version can't be found or is invalid.
 
         See Also:
-            `GET Subject Version API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#get--subjects-(string-%20subject)-versions-(versionId-%20version)>`_
+            `GET Subject Versions API Reference <https://docs.confluent.io/current/schema-registry/develop/api.html#get--subjects-(string-%20subject)-versions>`_
         """  # noqa: E501
 
         registered_schema = self._cache.get_registered_by_subject_version(subject_name, version)

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://github.com/confluentinc/confluent-kafka-python/compare/v2.10.1...master.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://github.com/confluentinc/confluent-kafka-python/compare/v2.10.1...master.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://github.com/confluentinc/confluent-kafka-python/compare/v2.10.1...master.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://github.com/confluentinc/confluent-kafka-python/compare/v2.10.1...master.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>