From 0e1a7da6e5044424ddf66b25ca4871f4736ad07a Mon Sep 17 00:00:00 2001
From: Annangarachari R <annangarachari@gmail.com>
Date: Mon, 22 Jun 2026 23:02:48 +0530
Subject: [PATCH] New pattern:
 apigw-lambda-durable-tenant-isolation-callback-terraform

---
 .../README.md                                 | 202 +++++++++++++
 .../architecture/architecture.png             | Bin 0 -> 42437 bytes
 .../example-pattern.json                      |  61 ++++
 .../main.tf                                   | 271 ++++++++++++++++++
 .../src/callback/callback.mjs                 |  34 +++
 .../src/callback/package.json                 |   1 +
 .../src/workflow/package.json                 |   1 +
 .../src/workflow/workflow.mjs                 |  27 ++
 8 files changed, 597 insertions(+)
 create mode 100644 apigw-lambda-durable-tenant-isolation-callback-terraform/README.md
 create mode 100644 apigw-lambda-durable-tenant-isolation-callback-terraform/architecture/architecture.png
 create mode 100644 apigw-lambda-durable-tenant-isolation-callback-terraform/example-pattern.json
 create mode 100644 apigw-lambda-durable-tenant-isolation-callback-terraform/main.tf
 create mode 100644 apigw-lambda-durable-tenant-isolation-callback-terraform/src/callback/callback.mjs
 create mode 100644 apigw-lambda-durable-tenant-isolation-callback-terraform/src/callback/package.json
 create mode 100644 apigw-lambda-durable-tenant-isolation-callback-terraform/src/workflow/package.json
 create mode 100644 apigw-lambda-durable-tenant-isolation-callback-terraform/src/workflow/workflow.mjs

diff --git a/apigw-lambda-durable-tenant-isolation-callback-terraform/README.md b/apigw-lambda-durable-tenant-isolation-callback-terraform/README.md
new file mode 100644
index 000000000..ff6cc3167
--- /dev/null
+++ b/apigw-lambda-durable-tenant-isolation-callback-terraform/README.md
@@ -0,0 +1,202 @@
+# Serverless multi-tenant workflow with external callback using Lambda durable functions
+
+![architecture](architecture/architecture.png)
+
+This pattern implements a multi-tenant workflow API that suspends execution while waiting for external confirmation and resumes processing when a callback arrives. It uses AWS Lambda durable functions for checkpoint-based execution and per-tenant compute isolation to ensure workflow state remains private across tenants.
+
+When a tenant submits a request to the `/workflow` endpoint, the function validates the request, checkpoints its progress, and suspends — consuming no compute resources while waiting. This wait can represent any external dependency: a payment gateway confirming a charge, a compliance system returning a decision, a human approver clicking "approve," or a third-party API completing an async operation. When the confirmation arrives at the `/callback` endpoint, the workflow resumes from its checkpoint, completes its final processing step, and returns the result — without re-executing any previously completed work.
+
+Multiple tenants can have workflows suspended simultaneously. Each tenant's execution environment is dedicated — cached configuration, intermediate results, and temporary files stored during Step 1 remain private and are never accessible to other tenants, even during long suspension periods.
+
+The combination of durable execution and tenant isolation is essential for this use case. During the suspension period, tenant-specific data from Step 1 — such as cached configuration, validated credentials, or computed intermediate results — remains in the execution environment's memory. Without per-tenant isolation, a different tenant's invocation could be routed to that same environment during the wait, exposing the suspended tenant's in-memory state. Without durable execution, the function cannot suspend and resume across the wait boundary, forcing you to externalize all intermediate state to a database and build a separate mechanism to trigger resumption.
+
+Please note that this pattern deploys API Gateway endpoints with no authorization. Production deployments should secure all endpoints with an appropriate authorization mechanism such as AWS IAM authorization, Amazon Cognito user pools, or API key usage plans.
+
+Learn more about this pattern at Serverless Land Patterns: https://serverlessland.com/patterns/apigw-lambda-durable-tenant-isolation-callback-terraform
+
+Important: this application uses various AWS services and there are costs associated with these services after the Free Tier usage - please see the [AWS Pricing page](https://aws.amazon.com/pricing/) for details. You are responsible for any AWS costs incurred. No warranty is implied in this example.
+
+## Requirements
+
+* [Create an AWS account](https://portal.aws.amazon.com/gp/aws/developer/registration/index.html) if you do not already have one and log in. The IAM user that you use must have sufficient permissions to make necessary AWS service calls and manage AWS resources.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) installed and configured
+* [Git Installed](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
+* [Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/aws-get-started) installed
+* [Node.js 22.x](https://nodejs.org/) installed (for installing Lambda dependencies)
+
+## Deployment Instructions
+
+1. Create a new directory, navigate to that directory in a terminal and clone the GitHub repository:
+    ```
+    git clone https://github.com/aws-samples/serverless-patterns
+    ```
+2. Change directory to the pattern directory:
+    ```
+    cd apigw-lambda-durable-tenant-isolation-callback-terraform
+    ```
+3. Install Lambda function dependencies:
+    ```
+    cd src/workflow && npm install && cd ../..
+    cd src/callback && npm install && cd ../..
+    ```
+4. From the command line, initialize Terraform to download and install the providers defined in the configuration:
+    ```
+    terraform init
+    ```
+5. From the command line, apply the configuration in the main.tf file:
+    ```
+    terraform apply
+    ```
+6. During the prompts:
+
+    var.aws_region
+    - Enter a value: {enter the region for deployment, e.g. us-west-2}
+
+    var.prefix
+    - Enter a value: {enter any prefix to associate with resources, or press Enter for default "durable-tenant"}
+
+7. Note the outputs from the Terraform deployment process. These contain the endpoint URLs used for testing.
+
+## How it works
+
+This pattern addresses a common SaaS requirement: processing tenant requests that depend on external confirmation before completing. Examples include order fulfillment waiting for payment confirmation, loan applications waiting for approval decisions, and document pipelines waiting for human review.
+
+1. **Start workflow** — Client sends a POST request with an `x-tenant-id` header to the `/workflow` endpoint. API Gateway maps the header to `X-Amz-Tenant-Id` and invokes the workflow Lambda asynchronously in a tenant-dedicated execution environment.
+
+2. **Step 1 executes and checkpoints** — The workflow function validates the request (e.g., checks business rules, caches tenant configuration) and creates a checkpoint. This step will not re-execute if the function is interrupted or resumed later.
+
+3. **Workflow suspends** — The function calls `waitForCallback`, which suspends execution at zero compute cost. A callback token is logged to CloudWatch. In production, this token would be sent to the external system (payment provider, approval system, etc.).
+
+4. **External confirmation arrives** — The external system sends the callback token and result payload to the `/callback` endpoint. This triggers the workflow to resume from its checkpoint.
+
+5. **Step 2 executes** — The workflow resumes, skipping Step 1 entirely (using the stored checkpoint result), and completes processing with the confirmation payload included in the final result.
+
+## Testing
+
+Use [curl](https://curl.se/) to send HTTP requests to the API.
+
+### 1. Start a workflow for Tenant A
+
+```
+curl -s -X POST "WORKFLOW_ENDPOINT" \
+  -H "x-tenant-id: tenant-a" \
+  -H "Content-Type: application/json" \
+  -d '{"requestId": "req-001"}'
+```
+
+Note: Replace `WORKFLOW_ENDPOINT` with the `workflow_endpoint` output from Terraform.
+
+For example:
+```
+curl -s -X POST "https://abc123.execute-api.us-west-2.amazonaws.com/dev/workflow" \
+  -H "x-tenant-id: tenant-a" \
+  -H "Content-Type: application/json" \
+  -d '{"requestId": "req-001"}'
+```
+
+The response would be:
+```
+{"message": "Workflow started"}
+```
+
+### 2. Start a workflow for Tenant B
+
+```
+curl -s -X POST "WORKFLOW_ENDPOINT" \
+  -H "x-tenant-id: tenant-b" \
+  -H "Content-Type: application/json" \
+  -d '{"requestId": "req-002"}'
+```
+
+The response would be:
+```
+{"message": "Workflow started"}
+```
+
+### 3. Verify workflows are suspended
+
+Open the AWS Lambda Console, navigate to the workflow function, and select the **Durable executions** tab. You should see two executions, both with status **Running** (suspended at waitForCallback):
+
+| Tenant ID | Status |
+|-----------|--------|
+| tenant-a  | Running |
+| tenant-b  | Running |
+
+### 4. Get the callback token
+
+Open CloudWatch Logs, navigate to the log group `/aws/lambda/{prefix}-workflow`, and find the log entry containing the callback token for the tenant you want to resume:
+
+```json
+{"waiting":true,"callbackToken":"Ab9hZX...","tenantId":"tenant-a"}
+```
+
+Copy the `callbackToken` value.
+
+### 5. Send callback to resume Tenant A only
+
+```
+curl -s -X POST "CALLBACK_ENDPOINT" \
+  -H "Content-Type: application/json" \
+  -d '{"callbackId": "CALLBACK_TOKEN", "payload": {"decision": "approved", "amount": 99.99}}'
+```
+
+Note: Replace `CALLBACK_ENDPOINT` with the `callback_endpoint` output from Terraform, and `CALLBACK_TOKEN` with the token from Step 4.
+
+For example:
+```
+curl -s -X POST "https://abc123.execute-api.us-west-2.amazonaws.com/dev/callback" \
+  -H "Content-Type: application/json" \
+  -d '{"callbackId": "Ab9hZX...", "payload": {"decision": "approved", "amount": 99.99}}'
+```
+
+The response would be:
+```
+{"message": "Callback sent"}
+```
+
+### 6. Verify results
+
+Return to the Lambda Console **Durable executions** tab:
+
+| Tenant ID | Status |
+|-----------|--------|
+| tenant-a  | **Succeeded** |
+| tenant-b  | Running |
+
+Click on Tenant A's execution to see the complete timeline:
+- Step 1: Validate — completed ✓
+- Wait: external-confirmation — callback received ✓
+- Step 2: Complete — completed ✓ (includes callback payload in result)
+
+Tenant B remains suspended and unaffected, confirming tenant isolation.
+
+### 7. Verify tenant isolation in CloudWatch Logs
+
+Navigate to CloudWatch Logs → `/aws/lambda/{prefix}-workflow`. Each tenant's logs appear in **separate log streams**, confirming they ran in isolated execution environments. Step 1 appears only once per tenant despite the function being re-invoked after the callback (confirming checkpoint replay skips completed work).
+
+## Cleanup
+
+1. Change directory to the pattern directory:
+    ```
+    cd serverless-patterns/apigw-lambda-durable-tenant-isolation-callback-terraform
+    ```
+
+1. Delete all created resources:
+    ```
+    terraform destroy
+    ```
+
+1. During the prompts:
+    ```
+    Enter all details as entered during creation.
+    ```
+
+1. Confirm all created resources have been deleted:
+    ```
+    terraform show
+    ```
+
+----
+Copyright 2026 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+SPDX-License-Identifier: MIT-0
diff --git a/apigw-lambda-durable-tenant-isolation-callback-terraform/architecture/architecture.png b/apigw-lambda-durable-tenant-isolation-callback-terraform/architecture/architecture.png
new file mode 100644
index 0000000000000000000000000000000000000000..73aac29627f6e3d44a9e5d8598baa9409bda54a5
GIT binary patch
literal 42437
zcmeFY2SAkBk~ZAk&>%@NNCp)phbAkb36dovId_volaoLrf{F+zAcBY}L2?ohBuf-f
z6chxBA}FAMk`eGfO_*_J?(Vm{-`#KT{rAo&(x=aRLY=DTR6SMiH61M#GGazz2n0f=
zrmCa|fxu7@2=w?70?=Z#@lpo@5oYi?XYAt^VDIFLhH#1~?*GP#5OVbJ_Tdy!;zS@&
zUN-(t9s+hAUKjxzH=7_2cksI#_yY8D^FTS-JE2kgJrP0(aeg6jegwimSe#QtUQ`JD
z5EB)U5)wAu?{DLPc0U;Qyho6etE&wsLRm~e2n@w_-p0<!-N(b*kyAtgd{%S!LA!!~
zK{NQNtq*<}gTKN;0>WbZJ-qzD@WNuk0z%y23l+4Tiw77D*9H6$22ILNUTAxd0MNMC
zYkvu79~+1L<r<5L>Z)70_;{&^x|*D`^H<<^R^0F7hxYPz@^C-cm9T(>fav}gK7knY
zfmG0bPIhQqtH?P{A$c$x?vIEf%E`vT%La%?$lb>6psx<tHa}PpPGU|6vJ#cll+x2v
zbyF~Q(=(Jh@9t@@rT6F24##v0Q1P<CIG*=F?MVa`u)hRhAnyG^QGxp{62b@TbnrTy
z2P_LWEv`Y|Dd=E9!iTNCPAIhZ!D#y(eLOr|eVj0VY_#)mcSqYD9NfW1Y`nZY{Qua^
z-oy1^cL#kiVB>!n9oL|5XXE<URwE~r4>)<8!byr9EDzUP7478UcsMgS+5J`8+Ss``
zczO7`AI!&z5V7C;Z~tpIo5QgV`g=RtpgjEdhu>@Z_0aakd?;)$4-YWiFK7De*N2_l
z0u<4%IPLtCn1QPO=b!yeSYE#w$HB7yOT$U}80z|)pykDN5F!d5+8%zYS{Dwr&(Fry
z_dxdhlJfQmJUk3<7qpKZ?g)SyD_}f;E$*GJm;$Gm0$7jY{$DY0LW;N+0fgA!X#87k
z5`S$3TmJKSpk=@HPc!_v5jWVM+xBMoV<Ya<A6xd;f4J)3Cc!O4V1I#sY&%%>VdLId
ze|~zu@sCgMxBdP!7yulDuaB#fJ6iEKJHpA>-oxET(ZkilYfmpl5F!X=pm(4h;Nmas
zl8U0r%0R6YynVbpT)-H=J#nD&A_^!QZ^u0l#tjR=%f|`Wn5K;_+EvHH+sS7i%4|J+
zd;o6$-a+2g$pMFPJ{}m*YIE?(4k#fSEJ?x9$ITUdD-3?ct@HprgaP2~e?HJ0+>|!n
zn0<J#cM8C*Ljl;^9#Fak05HTj3fTC2iwbz5y*+%r?9gfePCy^<asM}^KlHM}I9WN^
z_@Mo50H}eB0Eb?<EujxlZ@&p+^SiYGk^d2f|7x<o8?Fl4!wv1@6$pks91$Ug(*WE=
z2RJG$Cb9q7|94c9klb%_`~{E>+iVVS(BZeSafAIwtQYh-z>@zo<or!L2lMU;>~}kt
z-@CHGa^!W?z)zI}(e8Eo#rlDK0qp&H=zmd&L&ZAO8#gBu3I`szlXMEQvE2g_oI3mw
zJaGDN;|nhK{p$y(Pk+>8cMo^mD8H)xLDRuz{##F9>fopkjvfJ=mOa`0a`eI?2kP<b
z*&p7$|2SuVu*iR5{K3t12;KX@|3{SGZ~Gmk_wKa+IgCH2B!Tm7{%je)yEXs+!gyC3
zH(Qhq*zW%e0~ZxJ@RAQL{Lq?zvG7A6|JA?`+x~G3{9qsdGVp&H_-|g`;br`f<;4Au
z8n}eiUvBV2TmHwk?*mWd7yFhs!toxO`*8U$m+in|7e)NhXA>6RivSQpzaYBQfhYXy
ziT~rdYzHyLzfSzOhz&<U{xwAV^NEWH|207S=Q!~LZ2INI_rdCyPz>#klE;y2Ao#X(
zwej|LvICydFVXlO@AX@_55je?Kx5Ds=RWRzFu{EQ5$(Z8C7jj#_N5Ze3;OMo4%*8J
zM8mjvf4?!n$p<$UE=WUz-}i?C*X{nt--iO<{XP=-@aKW{H-$$1h5!3g)Q%9^=LEo<
z;E}%>(jM5hkByfD`hW=hoBj5@qklh&{+leoFQ9QqJpKwAhizVHR~sKEzXSH{U{Qa|
zH~fz*;rE5;;D|PW@dwZ*EcHicRRr)Yd$@l%)4sS4p2CIt|7VurH`@Zg;LPh!QzAtF
zI3+^-PgCwo{{Lc1pv{2HK?oi00kcmof_?qRW%X}L3?X)4QU~t6u*3m0{O1JoA0J=z
zfMfsf8ejO}QusTKFM`_{PEii!^IscZ1f)ik_Yd+va%g+qe?jtp|Cxi{dz||Jspns)
z_rD1ShZ&B4Dx3v$#6JPf?$J#D{we)#Out;^|4=xKILwqCT7~2RY8+zJ-ydg1|Ae!`
zhyz1EobsOwXAvO9yN4@(C!G2-jw2-gOE~+_hEoTQ#D4=$?fGyx=WySN`#buB|D!N<
zz;ge~9o+Mn|Nb!bPwozii65Zq0kHoUVdVE4>`&hEpT`&e-{DRjgam(pDRCP&3~*T7
zZM|{-?1du#ktQ8&eS`hD#oxor#oiSJx_kG?FA?zn+GHd`<S(gc;lHw(!ia;b@z*%@
zACKHRbg}-vN&_kzTyf<;|5BPm&Hy2D;JY3|p6G$K{^D^9BMuyme{hxgTRCiTS6pR+
z9jJZ-u<<)eh<p0tDzyOc{QjHJ9$~geCLK0nyga<o{J5w2L7f6%kbdbd?r<=`-VC@Z
z7chgp4XEqGU9N{CsG?o{(72MC-<!a1dynb^t`0n+<m<Ip{(ulV7l5|&-7C03>@VBa
z>#(olZ;C6V?`vm=_Vxzf>`e?j=>56>xE|2Fzv(|V{}+~dIMIK<4F8Qa|7C|bLgM$M
zMEtJ>e6d5a?Jy3N5Iw9#`qg?x4=nsw>lGE*hrq+|@qfPf=rAJuBjEpPTXw${uN@i}
zC~=S!!u=0)^ml{aGcK;*&59F&^Dhk0?lyZSs^;y1BV#?>LE-PeVM6~>uzgBh<S;FA
zpkQJLTJx)Ri62DrziQV%pgVD31OG|wlG^+4Z)n#c9{)>+fN354`8Tp}f3BbrIyj17
zlt|*h=lFlELwkJBzfrS&NJ9T!JpU_gx%cg1x&Hna2M^$0hS*O{B&WIgKp^Z8H6?k2
z0Lw4;2=C|{Qb#!iXRA_YNz9&)W@pLPDCv_&o}*M+QlZg>LMcl*uEP4VPMpJsE9L3o
zQ^p@R%sO%@@#|{i_~lyE<LB<~w?;pX^#roA`X%T$diyUg^rT72K3C`9eu(8_C%y_h
z_{UwpNd?>EHr(CxYkMgShWgI_TPN_<ggqR;bEFQ6sQdM4(2Ml{vRAcocxR{T_x1Hh
z85!(@K6m5=)zs9?TLuRuG};s7%}bE3u6#CZiV6zm<25T>#Eu3?tY)UQo&^mBTv|K4
zx>_<-+>McpSu*}*x{Stn*w2uzlOY!`a+y`RzNvCE<1s1E>OLjsF($q6L?c-sZ>yDX
zd*j>G?2yC#Y=ubT8dqtb%ff;dPf?Y<`Gy60wSHgC&!ktr{4h1;)Dg>KP-0mxx)i*#
z<(n$za=XRF>aji9gSb!k!^URL^mM3XKTkN_pCKRd`KAi%>$<h>WWoMhoEnZFJ8!}U
zQr{*J6kkAMd)`K?hXMJ;PZLi>Y>(9kzj@+eHC*d2xU<wkF6#PDD7_<3|B>T(L&yqP
zyzbB4ojlc>#|2WXl#$}rO%NXQ>Qaq%y|dx8LZ?neHCmKfL(#qI_s;lyZW_N56=i=d
zoA8YGec5}KL9?7)_s;s~ukI}O%83TAxn2o(U7dSNiW00_x^#ZDr=vHCm!3r~G)+BO
z;A<&*<+@-)1`JO8s$W~~YhV4XmrBqg;v?}+hMIHNfoiC5W4o2DZ_W)pK5f=yz|JJ$
zZk`|5@N@UaW%4D<`k>b;Y$2@!qL6bwKB6Jp-#T2AHrL0)oceRllj?<Se<Q5l-I^!$
zKI^~mF(`0(Ci~^Rv-;`Mf$vNs2bTnSc%sMWM{6Y_C}%QZL$m#loOZTW%>}I*F0S;5
z^a`mC@qB(_*Abg2;_%YPw>^z5=rac^HN2_DXIAfN;PR=+$jGuv(je>YBC{vo-<{S@
zM?Dc>FV;*!j4a&sXqX&)aAJUrg_?@Wu|0;tpgzd=3}ymSyXyQl|J?bz;%E(&k`g|g
zfS@m)Ly=1*mYI9G0>8Y{Ww1Qf(W=;7YVJ)Q^<ZR<-0sGS=HW;&B(<aSQIx~Wv<ENl
zN-RIk7}VF6IY-N5peiQIXJ-|%O1nBg82A4D96eqC`zIdWRub+b*4?Kjn7s*KK|hZN
zOp%q{3VfqowSHb1+w)`1`~n~GF?A>{OgWDA#RV!eWR=&n`WgQPW-~w8jS0M<g_=)X
zVY}P-1=I~4^Ml0}nT7=ybdgBN+d`8BMhSP#gj44qGKx9t<mqKQwnUL_H;+HkzE87m
z(-uv;DOUZBn2xU#lL2Fp-GGLHCcEmPDmNy@Bj%{8uCt4EEu~i*`gm_6#nD|f>Hc7-
z&#l*}No|jP>XrMM<vTwh95Ya2b-&7WNC7kTp`L_Z;MK!(*K<uC+mm`?MUY07&Trq*
zUfngVa#d^G-QsPoCq%-VAVPN~JYGJ9EWNQkihAV>CjHU}$9EfVxcAh5QLDMRSu||-
zB9CRAq|ENd6sZM9DvnW%hc>=`eJpqdD8GIL0ok#NiTt*WE97ii42^o(>UI9Fc!h;u
z+c(}J6otNOuDlikVTTn%o!_0nx?Q8<Bwc;Xas72Nz^1KX!IUBZM8;fL^3NWPJGa|o
zS-KbB!O9mKe#FKyODPC8ZhJ)`bJ|Zf%lLhHC!DYU=;&yT_myxs1{#3nB%!Muv<$w{
z0XP0K-gtlP;_?d`_LhLgoi(P$C|K_1_in+!qot%Kys;35Lba=rmy*aSB4At>zdt`c
zWJ}22B28Hr`uP>dz<kk@G271YN|FIYAv^=0OTLZ;OM1JaD~b29FFBpE@s4%P;|_G-
zw-4v4dLEEtUs;9iw9#=J7YG&SGc`orF0Fz(8zyrW-ohF;oxpwpuwu`y$lh=!G$25-
zml_#WRkZ~twY^At*+vcjYF@Ff<I#9{sX8TmBpVA!sZC7wJO|Zn;v{Zr+xW5A*#C2P
zz0oI}^fr4n-DJ7wlXz%_?DkR%4GF`DJ(iZn`0<iV;d#vL=H_M@tri^7bhJ>G3-h9x
zm~e0qXaa+!^)=`nV>;v4(RBQ&-w_ZZ>ua#}^dK+lvh!Fnm$ngws^E3^D7J2ZkZuH`
z#%l)Fk=aM+PE`9qlQDzMh$Bn#;nS*c#IkiDlB7@-^I{keRjR}xtMQd-KJtS1r<dsD
z2XoGmzN8matJR^UJn>MBp+9#a29udXh{9@_?Z6bE))9o{Gh)w@hy$3;_;7{AeS?OT
z()@M1>{vFs#1%f&#;YqD<i(QJ98eUG>x99~hqmiQupw~n&*)g1V0<da=0CsA<VHrp
zA$2+w)RE-7lqZz4j5{Ifkn+ivE8Z+fcthCAYZd*Ptzyf1b<Fw$2p{GW<u^A7so818
z7vY+|Q<Llwsn4Kv9IZF*$%Uo!+vX>|WbULBFz;-_M=Fh`h&X)z$rGRFZqcK`8_&^B
zDxkfM=P1us&1K`;8Z>!aIs82hAq_yGmSR<i$&a<KPA}7>z7!XlJrOXY6CPZ_k_Mv-
ztc=AM$LjCGp4>(fxE#N<_3fhSU(PodYr~)zRYA?Q!9G^)d7^_G8biUmx=_1F^&yUe
z4SuYJuz^w0-kl=?O(dXEJqV$als__0+i>OX*Tu%4GvtBB7zpiE5k;YTMnwV%c6Pkx
zFIb_AH#T$VkqcM5^(wzZxlAja+uZdE88RY~erCw1cih#Ky5#P?C5^kOqsfrt)vzKc
z1D`v@RD+kTLOhP6g_)v}U@3A&k`yw}wACSbb)3hlL7Ghon|;*XTr8KZ_(I)L61ohU
zVcWRU4y>u~#a2i@Sec>QD#`T>e)g6;!=^LlIi<U5f8DBpAT5PK!R=uwb5HEmfg-a<
zAK{7<vX}aGmmVDDrNojV!`BUxrvda!me9f4b>l6e3mUD7&~^xwGb6F_Wr)z#GDNQ;
zff4sn>I}#X#Pw=-xgi9#_VH~w>D+jw3w^EX+e^X}jc}oIII6S|dPa95woM*pyfk5I
zUgc`S$lhW@fIp>u?@ZEY<Lx}bp5=IshIw#9qQ90BmX2_=lVMkZ<51=o!1D8{?|gfc
zbNUt1(jyWlh}&E1Faa=6tGNw~{Igp*bKqoMkWo7=+lD0frt{2`rPKPZab?Iup$IZt
zHA7t_&5|bEx(E^XsodeVB>XCD{=D)ufDKY#EL}we(@{tijQujLI$6$>0eU`TEJ^F-
zysrqx{+sL2D_HgFvrwfqn%3tWh6GJCaBsLM+6NDM6b~gzuto6YVfr)&L6bnn(Nv_7
z%enKq;Rz|P7<Tf0pj|EoZ;7#yltx9soHg&tq^hy#vWw7Auy>OhW^025b?U*FI7sJ@
ze0Tz}*HeN9(?BTl326{rKkT)`^i*gt%3$pdZxX6-uAne6`v8dm|J%MPVd{iy0fjJ0
ze8@bz*K^!~7U8hTAK6Y1SAv3JDZoD^M!*f4XM<Aif81;RZ|$eZMX|GUHp=+QSvtzT
zi)m-0l7!De<MhBPGOH9%odC{nkRb#~x3lv;=w8G78J50nH!61TyW5CTLT+~CjQm{=
zeM+$I9Uk!E-5624RL<QBL^`;3+TZJ&+yvK7HSQ!kl<3*LH6@(T(!ev0dGe_IIM^8`
z0(6VLCV-r|<KEX509+~t4{h{0oYV+FH)d)JY>)70R?;^hdXcg8u4o{oCNj`X>eN$6
zirrH+-YKvI`#PB<+H1fMV*=g0HGRNjJ_#4v^}!ATf_ZqUz~UshCe+!NiMkaZxIMZx
zuGnT?b*p;ZNWUk2NJ))IV7{N0g($v8;oNM?5!@PV=+R`jHTc2JiBQeju{o~>63iQN
zI<t4U*P4t376(&~!aLJ+wTBtiz|Ky5%_%$wj&39e%Nwp4nV4lpPlGj`SV@I-iJ$)Y
zu#)@RxQLH~msDK&Eg+ow`o3^^+;%#ZyAZhT)Du@zbt=5?&6pr);a+%W8hvN5c{UPm
z;HWXQRdoD2Nd}nK92TghJr_y{Llx`kZN07qQVSZFPiX|g4Y&+TCq+?k)%7BX3y05#
z*R9fgGdvwv2IdNEo#IVcf&f8ETT`Qm!HzP*;L<FeumV5B3|A=<mNFga<M9gtmp{W$
ztYu^fB61xdGCXnl99+b+Wz^Ik9&>SryKdZ>xbWSD@Um&*MBnuzui>52woE80)(oJ#
zgszt~!EWFyCD;zUl;fT{FJx)fV!Tw@h0_<f-McrYm_`KZASv&kAWuzj0MQ0^DtC(F
zRDGQIGqm&KrDsFxbUHZ<j~bDTr2h0!g#RKoW|14$u}iB{8rN|U*O48gbMF&ZVYjP#
zY)yCb&bLQTo*Mc?5l^}VBZA|BFjy-X5VSy_UX{RtposgWb%{kkoxcm}-nU)vdDv;F
zIKl(e#cVpcSw<Bc82K=1N;DANXCr7mgn{O$yHJe6`!H3t_2S1#e3RP(PlyDOGvc#o
zYjT_lwTLU_;EZ6)0I7|fx%*fsvPJzu^{KXP>4=8|H!ydB@Z1wD3D$&ga&}cjox#aj
z8>cxuStl*!)P&#XWbvwcDUi0Y=$0?J)QK`nKqr(T6}3BBHf^SUFZiF4#MhkjV|ar{
zOToU}bp9qcPL+3QI!W0d8^NoY7en>N$L7p?JLK+o#mHzk41L${i6!TD{>qy=T$^7G
zNhwH73|%P(hcV`_Gb0FA%K88(Vo!;+A@QQ@{fi1-_SNF!=55tS7wTF^lTFo^5;D0f
zR!?3^`ucL?gF8-9oQ8z+Tu?Z>tg9^-2XgF0;MQ+?ie<o?5^lJ7&a<&ZcvLs<!G?@p
z%JQwvY3_5c?~XnE%s(Yo;dkB;iWvONRsY!vh<0c3K_L#eq>)g6sEKv<8mZyOsRD?J
z1H31(L@e>uqenWJgh8%v-#yam<z{E3$cpZj@E~XEqWU6)aYoTD+r@)3iWkJyB%P&S
zmKu1uO4aG3&#s7_<6Fp6Bl>x~^4RB#-gFOh$uha@e-Ne)pEWbV_L#u4>veI@cWHH<
z!98C@Tulx1-1pJan1&P`>4owQIdSK{;}tC`H0D3i>eZ#mqv>k?CC<)^n&^F`R>lFI
zYAv@54$Gc!PiV29Xhe1mc+dh%R4n`PN%v#9gV^kZRr!OyP_fO+(>b|fg1SA$DPRTq
zU<C}TSw%N-E9i6YGR3XHjkub&GtrRn?H3iB-X5cc+&V?d<)pJbKSy%Zu9phj=Uq2H
znzJGDz9z(LB@7H=3I@@g&bs#+H^^{oR}gLxe&T8-U?q=v%dDf5zP!$%sWq#~^s1~n
z%Y)Y?{>d0|zey<CTsGcz{lyC^7I<g5l0AbGA+VlV>jYFZ4#75Y17zsDqVCl<{$!#q
zTNbu3u3KZ4fU%LG)6=;zMichotowatw#>Zx6G`w+X5I6{#{gY|II)mls0Pll+&sJx
zA8|heqaJ&s^l3Y@-R{Ra+cLt2hX9nsX0ewmq%386+?drw3!F-S{96OS5J>&CPfv87
zWk>jUXmyLu8`wSHi0vX$U)y;f=F)fkeG?gt&aTr-4L=7{vGZ;$d3?y3tImDxS8-VE
zX@ouxb^-_i6jA&p9Ft~j9a&Y^&{^_B=S%asyn(qNI+VpzR@JA@dE8Zc&D7!8r*Qs(
zd}2@Yj;BiF>o=Az;Czds)j~4C^<@9%UXm})x-@75R^J*qwO*w(D7BU^*s+Jl!!LYQ
zo(#F29mD4D%JPXNLae7Q*WcjOnB<Ex>uW}FLnUxM#}%s=7s{)x==ED~jjcWL&9Dzb
z`fYwkr^<$$0paqC@bqlpwg>_{TB)=`nBnfX1lZ>H=}bTfyehS6aeR}j>(s=@i{&$~
zd4kXZe`g2a>Wg}wY(K5Lgx91u?Ym1xw58;09(fg>dJE&_85AZHGHG9UnfrX<bq~(~
zmXuxGcg|qzb7mZucDi(7Esbu|XPk^euAoD3r%eUFP-J=zkAO5IE9+!*OpGR;eF_=s
z$eUi_E&Q7$a)cv<19KXX(@j(v&&zW!lz;sEo>?R6XC)2(`Uy*ZaP_bXK8}`(Pl+%#
zHa^CA`gH##I7zOzLmM&IIU1pA0J8++)+Xt=3tcN5f$n+**oc~zks9xQ5bx)Cj5mmS
zeo*T2{h|@QyX!VcX8$@N_15u)b+Iowq=kKIH7#D*RCC#_LHteGA6)b*mw0uqEk|!o
z^PkrpkIlKm_Q)~SOlOpytFYf8k=gh9X!<vY(7rcgV_lGPGg`tvCXc%2rR=%rwK&-=
zu6t*EyT*#M(z!BRfUte)L)ug7;^N{w=}zzpSHL(pIA~Z{?v=MUH6f#~U(d{a;o-m-
z4^MRSlyh?7vSN+ZXuWnZaqxnkHJWp2_m$rCDyx$ZxtmPNrTg1#oZFT6IRs|cIBVD2
zCEmA4=Y)NGO7nP`I(lmcUHjfS?+81I+c)vNGx=_KFc_Dttfht#s}Vh&EZ_<2!BGqq
zB);i3fJ0E<yLt6FZ@;w2z}E7iY%CfxGKTRs`!HBq0ZJ93LU2XqRl^*vdHRqiN3)H`
zJ16a)b4D0!&hTmKx?BPH9w(YdF@nL5th%eL=3mS;<(GB&`VY}c;5O;<qrRVgkv^Jy
zW(Lgne0hSBxKmIt?j1pj(ivj*DA!jR@-&o`@<c>LD<j^$uiur~>0kOG!W+exVQ?bB
zmrs=5iZQmkMW49On#;YrDf(-oQYlH2QfWwkA$!FRDY3gy8r93M1{vp{H?Y}+VWp2A
z#Sq_6c*|}7!ytNiDYg4PW%sf2Z&MxpApX|c-QC4^`B)dY?8BgVs<GdEH}_bBA{5c$
zQ6@{r)mXPuradODv6`68c{MK;MHe6Gw|)82e7zF5zPZb6t5<$#<-0W*s$3P+h`o-Q
zH`#vvBCiO=Ij1iUu?Vn?HeZ!)Ti7)37mtz_i&8K>pOqEXi+IIpDfKWfL^;XrUb#WD
zX2~PIX@67Yvx19ez`RfOURL2^Z>-yMPiDC$Vx>{LZF6_bV~0qV(391o(k}$RVRd3T
zNw@~11@SxDCT_#m%|4`eZ|Iw8`Wv*5Jq|9}`JN=ka<tPb{b5)@@<WNZ$F)T=v^P?(
zXofx-di+DL!yI5^Agi<jbaQ%|@;!S3Mj^bXG(NKGo_g~QWxZ#c7C9Lgr~5E2oVgdm
zi05VF^vz0>zVy1~<-?_i6Q3oaN@V4SHbON<yz{azS1@aHoFC6>b?J}{mZN(4H2;{G
ze&e>5_gm@@GCRNn>a`4BQJ+puR`H0_e0daZPKFAF7kIW`1a~>N^XQT2&A_M^CL8z;
zpNz|~h!-@;ANktEq)rwkeM#B894tV&5r+qnJYwx3FN>&_3Gq(O$h}db-&6H`P5eb^
zI>aQ3N)0Zk3+_A(@!|etZsg4D*^|rNs!$_56V+~_Xu~-&&TsS31m7=>jeYkNbnZ3N
z3`~2g>s?yAnanr&CHBpQa$>h*`KnS!D9S!FM4#QBAkK*yh+0>C&o%J0J-Sj$O^Hdk
zF*ApTaduS@X&<+x*MalSm!m8Oni(zND8SfF>0<y1Hl=Sm(3P!`d;~fyFE4*aXQr7Z
z^WnpdyRTm9SiE>|c4{8@?ZMU3_uW^5tJ6m5xbMFj$uTb1yOC69!^Ruf5|w>Zwr*XI
z(@@zz`fRygcvW#~Rl9ULKX8xKiEogLRX#BU7b_=1{WJm2xrN+yyv&(Jhyo;-c>VIr
zv)tW1xA~cT7su{d27eXfG0dlFY;fv7H8)toX3-cblRXBQ&(9I$vJ;uhT!3QD>XrQw
z1L!&O-3E(VKhePND21>{V%l=<%*t&?VPRoXUwT2ytShWRot$QvPcK=zQbbOVKK122
zf4{olV`FJD?WpzpDmQ~nWwHis-RMuaphU5b?n4z-2`hU3PQ9>Mv+orh$44nSbvC89
zEZ*H!&uHSYpc$MY=By2)B3$oau_#bOuC_ip!7Ym4DXPYwRIdXRQgFma+uSP%DegWZ
z85J+)qG{B!4LGhh*&6ggU&=ZhUq3uo5x8vcJXFrvG6?u?Z9q0wc#O-=0bbcKS0@~B
znc9HLf4H?e?=45hD4LO}66bZ48!`g;_u2bln$3NH`+WeemTx~L-Q&J@o`}o3`Q-{*
zXogzCsn=^?-&>q|M2xDAJ#AEMp10MO2FP9Q6Us3e?xRn20jJKOnjH`eD~2Ijoti7J
zR`Z*;T@L-qpJriojdR&Z&!Tl(^v1)1IL*;FgK_*G)p#OngKac5Sx@RMyk(5XH!#Rf
zMVcBtwFhNJX2fJJ5!WI$`{`8Cc)Z{?pLp@MzYhVt3u<;%{!%|2jgEg6>PX9Pns}Sf
z<d*YuvnTG^Ip^>80labose(6+VLuH99wnUC?u(}7{S4?xb*J_DlE(5?qKw-T9+r2h
z8n(Z8C(4C|n%4U97n#@G>QFJg9K62pI!(%(OI-Xm;FFaAD=B7HtHb8|`V(Nxq?#RV
zZI8dr)4yUFFbR)RYvM$bAPF=W_^dI_w|R|XC(D$sQHg>}+qB_gAaVRXNzY5xM6Gq*
zxA`?h?0Ygm{zDHagh-mvw-0TrD^~-y&4F!TxSv(3suAI0M)mFWn4HQJ_3%FPjGdyJ
zP^aOoWLKpjE72W}aE<4b)H&IgN9CBYfi|JXI#P}!XJUf-22^n_fs=%9-R&5xD@e;!
zcupx>P67h%m;yu|aMd4;%YeO=GxgU^uu6}_5q6v6IPr(J+w-{m#dC<_ZBNu1#6(Yz
zik3?UyY^+M<rQ4@(pw&&1f(cz8Q>lDuG8^<Zv45MDI2o2w4O`Pz@R1*w2}b`wDeR_
zCxz+~a)JJvCsYtZbliHE`LWf7j2TyiCs+ZY`P1^^w{t<$Nk+#yqsW-r1>UPC@w~nx
zY*(#aE&hOftk=;pG&J-~sI9ceTrsSixrEhz{+OOV`?<)0Tf}$9c-<;%&M1$RRniET
zMC5S9C-ZfDrXD$ED^JhK>XwwVb{lx0X}7c)nQ&1ao?A|O@-52v`X39mdAA31&NBrq
z)~|02GghxR{8%{aXO>EDzCk*1X*$oS#L|_!MU1aBdS_>SoK)d{=oU9#g6S71;*C7h
z3gJ9mhV$oF4?uQHX2Bk$5>^1k^}5WiqdE-BXq^X0|7}^UkhFA~-S8{F-R({0pE*zY
zCjBBS7ndemT)!$nk<ao8Bns!s3(ac~C7TPQwRLofUxprgr!hdp>jR;v?CJ|pBZvuR
z=K;;|q@AqpwPS)s0|nUf7mHR3tT|2Qa_~7iV+)kdS9zKN-=mx=I~`N4_g~KhkuTQV
zffev3r?HuJeC6hTZ6gdE_}f~HjGAEg5pKDb$qAJ4%@#EQ-)t>eC-9)FTt}+cS69)=
z>6{fifV6jo|JeL=Uuul>wrFee14xbz8zyQ)xKb_{OZrtv!1ld$NJ}_gHNCJ(Pd1=D
zNv%sSPr4X?vR(y=Gl{qxepvnrxaed&bmSJGb%O&YnxKC7hhYfpSO;5JkBcrzMkye&
zU7a*MEFlKm#fD8LIR52DncXfYlh;e(kF5Qs@oTVIK}1)l2ct$!rk<x&`<Jc6hXbT<
zMGdT{V@X4~C`oE{M?AXZp@i2VDG|@qL|SlUPc{GBPnUqzcOOG68$SDvpR2&$5Gemj
zW|!kdn}%S0>q2*p_op0#8q6e&BbInUsd_^PoFp^N##}*3uKkNt=EcZ~FlGd@jxl2q
z<iKor84591*+@u8rfQlWM)p;@7_pKIJ3tVv;T*dfa72&8*2?VVV-l?m&6SQX6fOWp
zKWJ<A(GY+18LSeL@u*ZHxBjWoz~*wUwn}125)^k}YohD6q{+1}+or_G*u_EvYhJIn
zB<h#m4b6&cm$i@9JD0bcq;>W<x<VM5_!gGDI7>|CFyS%7sf~ijoOArYMdD{n?}{MT
zrsCxK60~KXH-EocaOu4}Kn`YaF`H-jK~py*j<pgTW$t{$N4XxkQO>QOQ(D<IGM!8r
z4>FsvMeabY(Jsf-i%ctz4Dh9mT)s}@={((?tX*bq!-}l}=||5PhOw5}9&qa!!x2bU
zuUJ|E^E*I7ZKqWLg>C!X+E=mg-Q!-_ZkMRD)J`IhD25jrDsfi?a_0Er(QM`Swl%nW
zbG)QB>ZS5V7uSwtTp}yhek$`o(ke62{oCp%W1&Xr?8LJ|jRp%%%&1-=Zr>hq!jq#<
z<8$1~slKp1b|YTDXGzK4f3ns<9G5{S7&DjQ=g*Wz9dVbCLp#-o8)t8=eeG__q=V3#
zU;E5-n$fe5GO+UvOybl?P$?ph^8~wMuyF;2c7pL?Er9Ii$Am=j&IE$%17F`i3FJ#_
zP|`fst};{~EYT5^=Zz=L@sfm&-?-D7DB@f<f}FuCi$iMx*y5W!{nL!n0YV+mQXbVK
znHdYiFjEi1u%EC{ynvCIne0cO6v@4P2|Bk)1~a~tFi)Vz?hP3~FaMd4!};U#$E-Au
zbfZ4qj~_)DRFiGAb+u8aPPe|g_pL3d7Ev<P&zG%L)qIyL!<FQ&8`aBgC4V`WH23>3
zRO-p(E&^Q6yXkJhqwJdF`f^%w&&aOn#{zV&O3h<ika;72D$Iz}r&7fsEfL=sI`GCA
z5j;GkPsn~`ovY7Ql`brpraSG7DYDaxU=puka>RNK5>q)uC~-{d!B+>0rn$9h7=u~I
zg8zppHchGa^wZ<6n^McNh$R>P-L|9_zUayqb@*@Ry4UT8AG6}3WR1fp`R&kCb13SJ
zS-Iw*HL)ZyD%`MEFW~-kA~Rb{nccV3nzI&P_(S15yw6ROTyB3)%=vu7jw|T>$>6(Q
z_3=4&NoLTo?A9<XFFunGayfVT(ztm*?9O@iL}tY*0t9Szt}QaYH852AQxSw<FfE3r
z6Jm!guU6FHvMpQdFX7ofX?fNimOuaK%RR*4a(7&?NYY(s;<oMUyX|@_w~11R%?kLC
z%FGScUx&pWwIv-TEdb<~&65jOBneiQxLl{3DV!Nv4uTua*%OI)$4g_|cHEz`_KbZ<
zeo{e{Lu~NyGh4g<$_(KXt#|JU=OQaoRXMb8JZSB1d@Tc?yXBtV-zR<E0*Zhl9<j0u
zx&byKn`zOhn~r_Cg5~C>qhS*zJIQ<*_LB38F49#DFJ*vg<YO4k)(VOsH+cE1-iM?&
zc~)P(_BOt<BlT;jiPn7+H3+yWgW$WSMW>OckTY-aK4#y5ch>n#$+!&xF;tyEuoV$I
zf_z}%7UlI|E&+|{U3IcH2?v`7u8~GnegZCRq6lZjS5abj(MwbUyU&Vyv(6eZFKA&k
zu|1PlI<7Mj#|M6!3GV9y)U1;PN+6aigSHdnOIa)w{d3B!?R>6r2bHZD8PkaM9k255
zit0~;BahGUUbCQ$_sZFz4_1(3&M<zSNS&-ZUZ*L1mMzQg^>7I!1(Gu0pghOh8$;#8
z)q(t|hQZO!?&Gi&Yyz<(v>d_-<uku5`=Ex)YX}lODreRIS=J_S!RqmwrUwOau4Ht>
zPN(35EDuNAHmPfM5;EPLQ<DM71(y7Pu%nv^(9@fE6WrbO?8}Mw;sYh~v2^StUpIu|
zgG}lmKr9aylA0;bv3cuqo4KBOWWXAlefJJhS51hi##X3p_j_bcAW^(byhi9Fsg=(G
zz9*oFlCjWUle+Ei-_z>jQzUb+^~f2kiYjibY{v<|Q7I=WCct9FvXF4~k38UwLzr3^
zKdGTv*?=@WyH<qqyvZP@w%lOc*{YDU`QRqOhw?;+CS1N}IVL3DM6wtRMmKEF1D9Y`
zBl_frSUP#md{C523;n^z-s_^M+299l*S<HhnO)FnQ%^pI@(q>H(JQv(0$sV+AStww
zAN^BjI@;%%u14bWI=vLg(7?cU*-k!Yqb62%k;eQZQjH&Ci~6P6wH%&xMXmYg81|2h
zr4!5<YF!)D)*G3eUK3R_Je`43Y~Zp$tZH1Xn!%kph!FpH=GNr#n|sdT$b#y+)38#{
zd<JCHG<gL*bj_+cKXK}9i`M#$V>Q8#@8-OZ8$r)j^!%2Im<wSz$SBAlqpUY6I8zF=
z*S58YZeu*z+7?p28n7{l9WCrjfptB3nQQuVv18}yWpaTmBYfa)8UNyL9Y^MT8cnEC
zga%_Z6V-8MDNXwji%XIOQh}fuioo#{m#Kk+Ds?LT4+)&N)6sy*sc}O%i2#IP4rT^F
z`p=s(XoH8QzUB!SokZqzyCtZR#7pgvg2(wE_*hebo}}eBgRG(sxNkZ{M>^>LOZF$f
zo0cek*6Tg0&z8e`ivgsEOciFE*l`{*>cnaTDHKt^n9*a!hl-WK1DUAVQ$;b4ux41-
zUc?kp3N3HY!{7@sAJT<EEmvl3%-k73?C3G;vuABeb}$BEcsK9OG~b<ipzlo*f8J&B
zfpfq{h2@L1tP$2S=L3EKm(Zi<W(VBJ$t-%`6Udy*7j*3XukD{3;HnV{aE$-lSAWNE
zFx1iKGwI4O)WT~EWm@o%F0uevn<;I=77TSJhyci@!UVCG3U$UIXwVN9Q;=6tEU$TV
z6Ot0_ldKEI1No19Ao2@sSq+esSeztS+-_?c0vfl@6np>%a)l0LHsW0uoK7NVSVz$Y
z;1LRV1)xrH42APNRN1?Y(sDmeDV+{I^)y7xTf&58{)_Cx`A;JLe9-cqw?;vGY04%;
zAif%PwZ+*E9VCHde&$JS{_Lh>U9&PuOk=$xFI?BRBEG%k(y2013%YA!eF}NICYZY(
zS0}|a!2=d=o}IP6k{QfSa^!f>3Q>O}m6*N<GsI~$t7o)lOynx$lCxTjL^%7d%|#<R
zD8eY8I|N7Ba>WONY0>Fb%3n<ekr%3u>lVc-wXp`5%9LuI+i?i`+9&*w*28{b!1o^V
za$u88YOSiXq<3YTCYH~8T@S2WS~nc9qE7?99mfTT7ehiu5p5eAAm@0b)aA?N%lM$C
z?ny!MO<tmShCqK22e+sA2ndCF!iE(;M7Wv+Djz_;E^E&j@3wpA^G4jMb<TE)C#g1C
zgh?)O0{1cQ)FATc*EYQlGs$iObxyOBSJ-mI-G*O*m^$zsaLrz=%=Uv=dRHw)dGcB0
zEGP-fc6(p-&4rSZGLhd*-1Mmrx9`G83XX*^Ek_YOXuP=jT^CmdF<jw9!^)cO%<a&d
zo(+nAUIXtoH^5UQp`L_p8<dez&oHpCoCgv8>{<Y>bjKi%3Q)JT)~FDF4rI>aj(5iw
zUp$n&&ALT`FYUaMVS)jMJbl>Bi#&bwC$gcvmr7=!9pAxZy4)a~^zo9>Zu~`ql+z=*
zoGvnV2JZ(i)`}!a@rJE93jlwGGlAeC){JK3%i~_hmCvtz7RO|w@&NnSmo5{W3!;6W
z-R(f03x&r3JsaJ1o4<QmQ3g2xDyB4VFpAk;e+TN?W<kvT5U|CMeQ|*)j-b?i;y(Hr
z)HppRMnN7^ajIAQya0Ci9Pm+h+{Z?`ro#D*Hx+dv?>;otG)tmbhq%6ERjmzKAVByk
zhep4(yjL6a3bJ@_b6P&l#P-ro+<i#Oj;Y#t-KKlQAYQu%++$T7)pLVQE}ej!RkN(D
z%+<!U%ogrD+ZPEu-E;E;MVWFxw-aP{R`hZFh}r9zo)kq$0SIhgMUv1TYkgA==pbAr
z9bhuL-Psj)gzeg24OhD4`ONmcDY24EH`CN46?1%r4O;u6wmkE~uA3Qx0a4%z@Z0r3
z;n;?6#g$0X#TV%^cfDqM0AX_eVJu5h0A+TeX=QZd`ttIWxG^3ds;b@hQv+)H9SmiX
zS0&v3-I$%^`7XP0qbgd2LZ9FE0#b97N*jvsm2C(;CB&O)+@t<BbZMd~{}C$$g0eTj
z??mXSj?u$MN}8@wpUwrk<I3=3B7)p;ePOi1Wl$j97)0zFGSvc;p|0;rITYzXJl1&v
z^v@tyhvQNtS+P2no}JKl{%wIu60ec{QW;-<cVBAcm+54y9K|a~Uw?d_5LgJvpnecO
zFcdy}_AEdaq7t)-i-SQuXD%p+lb$I@cfZRgWG^sze5(FiI}@oNuHw&Z3&K*mW<!en
zoU5A|FbYAKP00fOXkk2y?@l<xgzl<qDTg#wCvhT2{`h;p7-Qw&iI>O9V`l96+eypZ
z&(c#`$RvfjK+9v^B(0x=uJb}P`oM9vm)SLLe<uN~%jvfBQh;2EN~;fE*VECVi0A{p
z^Dz{}3!4SZq#RBLUs_%rw0iuW%Kd!nU4F~DJCmJtfc`7>qXo>wgSj}l-HZ;_;266B
z=fUC^$SU9Y3qhc4%?U7Ou1U4Q>jGxokSm~?&-Oawu=`MXWO~pXH|NOlYoDa-+DT<m
zOTfze0MQX}rgVjj<xFCD&p<Uq(}N3!8Y}GvC5auN5Xi3g<#C0cW6^=74fPu9D0clp
zYa;ubUC&<$-WRE{bEAbKg6~7}P7_zFgtxXTU4kEhE?s51e*OB1R%>XhaxAkN00BFS
zEl|KDN%sYCE_M)5`9dG^b7%ccU7&ZB<%2j}F{L?!7T-gw*5vx{UA%QdwAeR>pi-<f
zh>S@*CiLfye^rBx><p41nfoX{U?FbtqdVf*KDh(VPaV`}W;omrxgAbQcoc%+dXXw-
zCwVq#g{x)g^!<y^N($!j;)fWGust%pIWcpa!~x9llOIp&sb#RUkKZ)641yq5U*~3Q
zm%aOd?)SGMJ@qsgRBSAVxuT*TVtwHdjvGu8_SJg&a!t?R*N-6yXHUTJ@EE!%E|Nbv
zNzA8<IXCvy_j<&RE=HZ&U9<YwTiE=uh9}Z(jwGEBFTjHBY=CVeq^CP?M(}&&M{3HX
zqyR?a7GZ||r>cvaUQw+rSIE7?xbpAP<_Wsq;6<L2lfg|Z&Dfb!>F@epnm>xK-VoKR
zBI+2M*ZxT6n(Ya<!LfiRL>&oD=do5}8&*3GyY)pS{O@a?k_Z2IEKXjLl=(eYX0fl!
zn+91b&1ZJR$B1O)*42_rk;L2_>7iRr!=R*$u(yTfDy;hru1?g`h%ID=64ZAom{rSa
z+~#{O|9$7jx`U&>UEdpF1NI+l?>&Z6v*{qlfMOdW8wMI{T8-gYhptaiYfCrN2?mFg
za!W#dAw5t$f>K%vCxNB2L|3Rwt5{`%FyjH_PG<^lkaVX?(0G~zwFuPu-GHIA=JM?4
zB(#GcWNYvv{hoA5#*R11ZBG}3x^32P2CofxpJQ8#MHc|?>h@`sxu8^-uC6YrWT_~}
zl{=<O<|m>^isi8Mwk66j$8PdC+;KKB14Y`tpI?RFwFJX!BahRO2wPm`a2c-P4%yxO
z<m7cD4{4uAq$Ov2F|AyQ4J))QkDsCVlL5+LeRK)lsd(mS4>i2ZR<L2?_|K!4T)Y8H
zZU+IyI`&fNRC|@UfO*B34)9lOk}YbLp@`F~J?iWtUZg1r@7Z6RgSPNsrn_jhPMH;(
z*N{>_9;Sj`5UbXhB!KhfU3007CU`QfNG_9jN|;~E<9N0TKvjL;*?iB+m;KapB=LdI
z1U|bQ1p-+}hNL9G)V=qd8PZ(f0YN3i5|UA>?D`Q~lyQ;zsm{8Km7<M5zdz%6xZ`s5
z8S8Q9ow<moOphohKc2X>@Qr*rs&8<uCa2_W1Yz}YqSFc%ljSQj8M~UHFSCR9MlCmh
zLd*G*-cv*{P<6h^2<>LkBPXf|9`*Tjvg-lasZK=P^s{*$=9G1GC~ZRak5{zF+qyc9
z)qG^%L{4AF`GA7B<O7NLP@9J6$@n}vL{_|Hj`>Crow;l*>{xg3&s_`SdWdPM*W|87
zCFG5@jUr>L!n&ZaN?0|L8E%(hU{L6Ql`?{)7<Za)`)K$BcL-!*aelP~QOT4I84*hP
zd@u(cg5_t{^EZ2*C5<Y1Cq@$HB#$wRC?N4_%9C0$AAKUTGr4r67?$wR0zCRPHQSj(
zen*R#3mgU5rcefK0P70wzl#oB#ia`JsT3o^poG~ZnLA!4*l)PT`?O&mNVMFq_LXO$
z_n2TTc1RD5T0HGbi=3o8lBFuodM53um>}R-S*^&Uc%OdZcMg^9-nvtpiX0kiU@r0p
zg}uX#VRBXuIXP9j9#1e8+Gbxt0AXN&?NNhf*MJ>eg%KDuQFX@uC<@)#y69#IN}e}{
z^8nTAMND;ZqBb8?EQ7qW4ygVodVbv#P48|BVFyLnw*;^IpHn06Jf)S^iOe0-vgr+&
zYQK@ma@Ow^@J{p$JKX5uBy<&zNFL3D+b=u{)K7P=Ua1Ry*MTb#cXZ6{4>9ut#cNqv
zK%0J%2B<Rqtm|Ql6p%<f$Qc}=@5{_MN<}y|_6pSX3zs(U9J!i*p@?xD0?n02Sennp
zGHGGVU<*8OQd~~SL%(Ty?KT|(!r*=hsbEzJDvZf5hVi(&H0|U=Dka7*CX6e89|!Mq
zY>ofi?QpYhYoRs4J_UuG-hEaVt)BWgHF(0jfnPSCA`>ib^)?c}8SLq#H+u_9Np8f+
zu3Qo4H(cqpXlVS-)_lojCN4e_K2-G!*p3{a!7f)?fBh`tzc3>HgYZb>(le5a-UI`}
zq1ypGIvEhFz^K&;R+G<hOk6m=&s33Z#0Ppu$;*D^Lb&)brfaEXtS3F&8Nq8LeWN8S
ztiHf<!ze-2#hoF#9|B;BjbRKU=9tP!HrYBG&I0{MTI$S0AlH%$%J5gdb+CC;SvS20
z&cQLhIp9^)`Y+o1kAvH*JGloG3f%M1ZmKlJ9v{IEcX^`IYsr57+BF+2Bxcf5Z)FEK
z9pBw!SY=W@u3%}&nj)A^;5@ezDzP8CKYA9?j})mAlL|e(xQQ@}pC~T`?nbQwR1#b|
zpL#`la_JB&WSCS0nz$AU4V(+=VS_^$wvZvquy=f*=r)3UxcQlJrL!S{BII__u4kAF
zxac>x5O09T%G2>3)NtHr)~Qz}9lQ@s?M;(vX(HWd+l8om*0zCChs}X#Bdd_42c&~h
zHrj8$^}iP^!9zF*(v$0$kAD+h+lfNTBGOtD^>44ua#rF3IGQB_cwt-o<fXvs@g)v&
z7pmgNmpJpm>nFH3ZKCjKuj-ID!89mjC+>o`Wo*@2&@0$XkQ6~oj8=O_eE;~og}z>H
z?VX(;9>W@Rxi!fGI072<otPc^1*>z=w8`KmdUg`KXSCOACd5V@qR(nT9U&~nI~YUy
zIT(-4P|MF!*hA}`T*70O_z2_rSB-(t_=o)Nmzp@&q`W>_(;r9D5OTV%lCSe+(BGDO
zL&)_qMdS+fC1X4kVe>%W;<hs>1C|s*Fn=6E0sj&8!_m{aWgryF4(}A*UO6HErK$JY
zOO}(vXYO*HiEtSN$;hj`hI=ToL<Q#yCv_L9W_xSx-^5^zhlwgEqp*r14_by<w~XH3
zz;;}z31SEV4rwkB_{bp0RNkkWhz-6Z992(;FmC-m^P+p|!|?!b5{3n{8#iv8FN<%^
zK60IfxKI(3@a(G*a9N`?fDM@1s3|~IVJ|UTR7iq?#L5l9Y68kZdm>bo`E6&J)t3ge
zOPIHJigqWX(quz|Qt_a`7S!OVe1Tc02`(+k<0*s(pYJ&1DV9>SgYc&}`ynip)r~ko
z!jM5?vQd=8`1Km&nn=BzO88Kgl0N@OZbeH(H%PH@Hd>%l_5j#X2Y}VYfTGZuCKZ0n
zI<25(+EG?%Rl)idDzmyb0f<)b=KRa#p%<G#gt5#`$4T2cF?{(fWhov-%Qd8N%ojK!
zZ3F)#yCH#j3`FrQ@jydJFagtB^fl@ftOAm)z3B%;-T1ckgG(;DmGRB$_&SQsJ9!ZP
zYCR~bR5kL-m3~}oxxkf6UT^`t<RS`XKoZ-1FnE-I;zNz=YMdtooo|VK^0vU}k@4p@
z{R#Qm!ZPd;k>wyM!z~<mRRZKjS=`3zhGs&E;!{3Q>#H|=Dcx(Q{Az03)#qWd#Y5LG
zeJ*i6@dEYNy0A0!M0TE|ebHq~Pj<CN6|kBu9$a}m0InZmlew&kP!M4V86Wr69T-g$
z=QT-g<7VsGOO>SG%u8b?@z}mufH%o1H=*R$Y0Z;VxrM=NS_CIooPdi*fgy*PQizEA
zeAYQ?PWT1-l0u^rc;H7D2#*|PK%69t=U5;uHY_9zU%+K810<@sDed6N(=H|T?cVZB
zXJ_En3gbXcZ9h$XS3*i>94VG#wr)y&K~fQJdFO86x7F2bkmmiqy(BvmQ^6|f2wBf8
z+O@H{Z29Vlr^{7n%LwEFR=wiNsnT7W5D21)VE|k5;4Y(LREUE42#98m$=a~AOv0-r
z+@KYZ6o&Xbp{QfR#!WK~@n<d+A{idC>TAB2{mDsvu^BP&Q@`IL+0l*&4MSOee{Xo3
zdrvmNj{$F(aHe^QULk2!=2$o)KXc?H;RL%Z2|WCpq#+STZ4r+Zy7rkq8wAf^l$D&L
zfNTFKwFu3Mz_0e7AGiU9O@p@zKCEHnU_#cO3Z+k-Ip$wy60$KPbw@8lI!>ntT!N?`
zqi%w;<6)i^UAuHl3VSt>6|s8xM7zT5s|R>yulbfA40S0+iFZ~KNC>uvqjhE4h}U`9
zNltSWt^RDIx5~n@i7KCErhp(}5MApRm(NmBL|vjTF2#qvgrG{ZzzZ+&t)_2wo;m3>
z<wH`2G9CE!!`dEQP1n(SYu~Ntvj%ycp54_p^-1riPbIUmL4)vXwl43A*%rb@+5&rL
z66+T9boC{oLH=*;FW8^Kr;3lvCD-!lFJ8HLdQU=@w53UTYy+pOc_!EN`>k?al(s2H
zVy})~;yoJjPM=~Kf87GS$n?eCuE+|1(yBfvNnZ{nDh`{onU2t)T2_`7yI4e5O;{$2
zy<Q2E;MNlU5c0O(sn_&tQG(^qBQLL5s#@4sE-?}pqG#YC(C?6p8F>7S2q@+po{~r(
zUuI44IntDDbWiI1Yq|K(fzuEoK3ln-lV_fCR{GS?_y-tG3q@vUYx1EOWNg1T?D;2S
zkFbC_4GCWO5=};qDxe`biR3+5>zka(V_g%aRAkAae)YswVccp3{fv&^Vvbjjp{Kup
zs7jxu<PQq<eP1#r2Y9Hj{X~}sr)ZJlnAi{bJ@;hep@q>rMq&3hQa+z;BXcSOOxG?R
z_ldoiMXm7xX%<s@-K3U45tf1`HSy$pG(z1=F)euBXZkXgTuv+2Li#(>u?|#r*1)(0
zE;JV5OR%1=B|^_ra@-@x`0|V+o1D|4>#aVO;_b?~f|yf#vX=$)c7KO#U>{#Stdl+9
z+T1CwU}H6JuT64&okn8I8;KDo-X^`F`xMH#)t=}hVOR#Y%RMQ-lfEL^ZN7iKk-`y7
zofM9-Sg)*hB!#TjnKOD6cVaI|Tbo#5u0pOH!`!=>x!gM^<uDTvg^w`1X2Wk0yPQ}-
zf0cnLt6KE&ClQmEm`i<is>9cNE^cRe?0MQTAlv{*M(T9>4Su-}`6J$&IZ$q{K3>(<
z=oQ+|=13aq>JjF3(V5=+a-7o<BDD|f>pF-uyQ#Bgc5KNy4WpzjCGTA`pi~vTZjP?f
zLZ1;4tgl$*VQ<NSbWsSdCEViMTw&Em%4(@U?9t^z9~pSUck9>%!MMjg`hW>lg7)gL
zKgN;<cE@*<N_E9A5)ZAO)=E<)q2rqnrNT0q!I4ohKUCw1+0S}@z_(IeaAvOs)DU<V
zrF%viVhd46RbKgx+48g${m8pK@WB@ubwfFt#JF7tQ%-f7k5WI1I;ASw{NBeRx#Q*T
zdz-G{jb}hcX_VQ>KWm%nj4h%2_%>+yg#<%IJOv$HMcZ}y<s?<r_~;)eCT~^1Q4lWk
z{>!94t4~lrH@BI5Hs5I(=W-Lgr}|>2fF8vr6O@Q6MbV0h7REdmUuaW;8CJCX%v8Sd
zA@t_Ox6-q`?j%S7aqJyaz)rS)#W+c}178Axp?T9GhiZ8uE>LV<zIvuzWhUfge34!@
zvBRv&L!*xoiXTi+!zydL;1%BGVYm9?9imrb&*G8x{KAD|PQ=pAPnC&ED<?w|+B98m
z9^0$8-9OC|q&;K^IPj9e4MCqCiqS$(LFh*qh;rxpvPp29*yG9fFhm`BhC;ci`RU8N
zSWGsRJ4DjwGerwAgqY#W&3e`WLE|b+3uJ<*iLjg5JQgB+GC%UII}mw=LocgVs<Wjv
z2VTIWrCK$Q%`Bd3zNc$-)ohZHrCLob_4t(fNk~GaCp3P*Qsu%fs7pxugip_1Z1T($
zVqq1!$!S${Iq;btVMbe}PW5Kf@H{9$OWA$JNY#mWYHn^wyU<Oic;3BdsEds$|E=cr
zIiM-mP4$fS6lGC|T?9)??}KM)y(-)r?NQ7%5)V0wJyLuW7T<g+(k0v#$NhlXp=tMt
zqwwvC(DUX~mkaJf465mfjAWqBm;_|Og`y*LwV=*T)*J#+I@?6P(2nmjng0M31(}Xw
zj7KqpoYtQK>vmBDS{PLQvXd^p`HZ962mu+RaR`gQ|3I#8#3#actv6tpUfUbS?{V+)
z6<eC~!rjVbjaLinV}0%YzB#k&w;4WOJbSzfl5!$njcNZ>iomHbKu9nZHZ25IS}F8z
z8Sx9=;VNw9cjpY{N`tZqQJA4-g{X%LY$Nxo1*sNft2sUEDccF-n-wHNwtUX`sz2XB
zT>ydbYBnC>Q6UNwx{>!p)qp`io%X%;+^5p3516IAzy%JyGhx|k19h4DaLdc3q(xy6
zygV#A)v`sn1KxRkIp6l+NX*YZ4Z&}WMfK^l+65fpJ(kJYy!dqBhe4w39?A&ahNVDJ
zs?<;t8iCDp;VF57<;M=aR3CCDF0|&U83#}>fvg-BADO@!FCW<0e4+5L763_1{GpyA
zvnu3=UlmVt_SNf8gasA?E~80YB5Eo9O<?(ebWkWTDw&ZKd~-Hni5-th%X4A8QSQ7t
znejUA6=T2feE5LyMRHy`J``X<(f(WwD(W$`ycaNq$(5eG7YZF$S3x+s1fMA7%Eu6E
zu=zCG95K&`tp-laKv^)|B9x-2-V)5B8HNPefkfj!#JNCyG~tgp6r+SPnnJF0H$f3t
z<|ZmWIS6s90>^HFZl<#6#SKgpj~RFukY1NQd|f7Z?W61~0#6&@!DVaRJM;QkB*`Xw
z^KE{!BLWIdl(3IC74YaJ%^Pk|-*wiJJIdIUO86>*q`%I(;g|<_XZ%YaKFtFU<0ika
z!)+8qBrHu78CN3kjXeNYQy5F)|Nj;Drr}Wc|Nr;Q*q4y4QW%x&3P~ZxnmzlzXO|4h
zzKpCTHOZdr`%bbGB8sBylq}gLl3n`0rt^D#f9G-i&KuWpT-SA6H@Z>HeCGYx-plLx
zd_LX<FLn`o*gk~NErehXtFs(GTXAHh$w>)M{suMp!FL{QJo?UMGvL30lnxgYGulHN
z<0$xNAVD&9@uP|I5$7g?EUw)1e0kAjEOv_IRtJ0FPB5KB80t8(ierJ*%^Ey`<;f8%
z!xllDa7KtTk;{aoXxdOakE&q;eug@p7r`*yJ$af{(y*@2h$nLYu5F2B>s@LaCzucQ
zorxyl_fCv5wyZ$ya6F_6Ac`y}tz|<#f$F&lH#}Bzhv(E1Th_5duLUfc8{Z8loVR!{
zsPw{83T9B^CI~AR9RYhBhInt>_bMNo7Mz3L|2hYqoVz5HtxH`WU6VqYWVW$q+GZnt
zKEYz_x?*lZG&>hHQUyDo5p9f+!>YHT$hJA?>k7#zFOaoIBPUMrB%U#iz><-Yk>xF+
zoH4~oFJ4hqzkabPPQ#AjLuA$IBUEdBta7NRbUq4vI$v$>WfN^Y1_%MIZWXW^aFN8$
z{aI5S*9`6<6(&-d+f;>+-H)T7SpMTeLo{SE*X~CQH3eLhN|PXlZx$Pv)*0#KX2JYZ
z@m)S&+I;s5-A8vQG7%ldd-<cHmP+&|*`L(k`WhsEjOOWHeqZ~~ppu8Vl6Fs}&uQ-u
zSK8OgF?cy<`e)S6d^fN8yf^s5*f+lZPfH?EtAt35+1q6=Q<!%oZ?(Cb<h~GV`nY;0
zQ~S}=W~r)RhX(gD+vaKca?b*Vuq@{D(zr5_{m3D8;lc9IGX{v!KP6X^uAloeXGQ+1
z8)OqCVG3iW3xBF$HWQEPpRrV~nY{|6Ew(BT{dK^kRsBi+^Y>TGOZ+<NM~+259d63}
z+A@Cm-9VbtAmuy9`jh=km~+g+C6CGm{yL%vK|}2cSpRASrMa_0#az<v!eY?P;ZT>C
z9^IUs;~K-x9{I>JdG<K{EpcP~C*dZBI}f*ts^#u#r#QSi$T5VtrCKWWUpR-J%s_q8
zP1nZp(2ZR5G3vn4>7dQD-R<h;>YMXRQsC(rl1%wT3D5n4A~KtXP@TT~{7N7jKA+x;
z;&cguQmUs&w?GyI0~Igzu9?s(;x36WwfS0Fy5D$thI^MDFZ7SzZ8*gKI#StGMA8>o
z<b$;m{h^_({FhR045!jxn0PXH<yM?q=u5SA+8|_+g-M|6VQSN+>4%7>8>5AJfyb}Z
zaeg#qT=OPDTvuwj7gT$U?hQALC2tL0BRsKb?DRgT&-jj3+Pai>(s#kMK)qJ*bsQ!<
zGz}qadi{nuUX9U1?0Ws;dYk<eF+_$mZ-!8FV&=Xo+U11xfR_vm=TB%eFAhhe;0*%z
z<?5NxJJeWadiu8E{={RZwba9$>EA$RxhW&prgFACbe8%Je?O71jpR#ERv#hLWu>`s
z(q~__vtyL%p%tp7M903qjy`$i1lL^1C7g^0nkaOtS=v;Z$ZPgsccTDAD1zbk^Fo>)
zL);ffqns+Y*GJJF?&qP$WLyjM03Dr$HRo8b0YcN`V8_kVAaj!UxM3&u*MpL~&TiOY
zw$=U+KZenFQ!#3^U3c%^9hvsr`{}p`!suwpy_+jI8PjV-3#b$VQ$ZK1m&SGOoN`7@
zzMBg@Ng_YtQya%?U(sPn`NRcFUVo0nMrB%>mv;@8m<(@(^-iC7`@M>v`4i$5<TmT>
z{V5J&=2(z9$3Anffm4*B)O~TJ;*1>4YA+GGfSKQ!>Wcr)1&i|`s6?UxWV|QnxxC>$
zpKM3Vt>nTv4cjh|T7SIH$kUd9nejbk*mmjWNXzgWL>s~!RFZQ)gMFr?WO}HM>7UV{
zc5{v2Xuld<`-3z=N>!N<5|%t_%(Ui!Zh)}nfZ*w`zwb9Y|Nb~obu8iG(Gu_eL(hi;
zE8@ZV<@ClGqTdvhJaq)C+>fY#+dXf4UW1zNW#cKIz3gZ<CXBxU;2yLEucu0Q34Xao
zKAhom#plP_&ikhm1A9}iuJ96bPpwg#_mX!(ZQ)vQu!;s-4!==lXe*T_Y0(%6w>lbL
zZ7=Q#A?(4`K2w);td@UfI`)*T3X%~_<kGV)wU?3JOSVJ4pC0ujKR?ju=C_R=F9R7&
zcy2q*@hw#@^H&DBaR0B=L@690fxaC&!PL(1JSgJmMI-%xu@$3E?9Df0Vq+crZ0Y6f
zKC#OiC2eyfhSA!_lcA?6i`B49sPX|+5i{mnMJL;hq9NeS>^LKs1n(b$&>})yS!&jh
zn}Q1sqb^m%uxZ$yCZ$eLC!$%GMpNbSAj3e=wJTyl)0L_{i1rq3VWl~lxZU8p=>%H!
zNm1va9=}U{@8c-(qdc*?s#+~GIBJoQO>+ILwm7xl^MVJKotdk2X5vnJ+X+9uzvOfD
z>VNVBKg+jnDWDL$iFiBU{;hZ4S&QGNd=4qu&j+ZVCw!EUiEMY_P_l^Tki$#!tC#B%
zoZ`pG`Ix8MEobZ9XDM6XQ7ki|_K-KQ?9)vUDHy$NgenF^k4gj$>omhtL^G6A-7W+^
zz2xFe1NacTZB87>)V86u&zS{`u_-K*&Mi13kB|)rv-4#_5rSs*Ym)0%H7rofIoV(>
zR7)i<q4YkBPda~Ew<5L3GW@p(lmFVS_7XBnQcT0fqs6OUL`JEZ=g5h0R_|r3Xy*=k
zPcZlk>GJ;W>>PUu)r>7?PEiHqb-hV2Nm83aJzgd0v~?Ro!)fVQE$3qoI(&E~kY+T_
zMxnOnU=SYJBUz3wk+jLk$hhev7pzJjyj@PH;*fChZOnFG14n8Op}Jjvq&?b-#+#Pw
z%F$uc1WuY$>5pKJ@d5s8bS&IZ#Bjn=k55;ruFpV);1~HC47L_X7w_KfF$?S{Oe*Eq
zruvk~757CX@(N#ei>AvgZEf)bj&boQZtc2UidCgr&UXS<i6>1<uyt*l$&WdEhR#vq
z9RnJ3nz<)^DA6?3_>Fdk>)CIG!iU{h=u2gs-{?Q?U?1XXWM^mZMT9+xS!Ak0Cbs^_
zVXkWMn5Rh_lfM@kIVq02(1ZNW@mW!kBu~ui`^39=@r`j(VW)Y4?;u8XYc$+?R*w?i
zu#K1(exAaEh<}bT*6KM=<n_#^z)$<Sk?~g0jK7nrVeulZUfz8~lFkq18(J+l7;!mE
zldT~GMF!^|B|RCsH<^y$w|AnXF8LO1Zh`ArkXYH<Tx9O*$tkzJ(oKn8{>iLWu|LIN
zOv~=@S>vx{qgIOt6E2EgP{w|>`1bIUWd`WC`RxyLo+H6d<SV`@QObeqVM*Z#U#|Hc
zS;`k**uzf}H-KSEPAs<CN<rMQ18>Lsd@h$i<=ZZCxZ;%>&RGv^E<>F5wV_D_BI&W0
z0bIgJ)PFLvNuth2(cLW1%!J`QRBd84{!G-nZo@Z)&8%M?0XtEa0Mq}kHmC2*=<$Z0
zj5^<dEb-6Le8C4lgjXkgyWeKM4C*wAU;1$;{384O52??eGazuaO|#(YUxP?Gw23)k
zUyXw3-gBn-LlF}s!szF=tNqr6@MY=j-SM;FJ$H#CxkAXj6J;th3_}KG&R0FBvse%2
zNkUEFzW+DJ+EW4~VFYH*|70B8sXL7nHoNsy%^26SXb)d^q{tx(;fCooK6+qZ7!st-
zA;Liw_$ylkv)ey_3TCBBIJJcFb5EG5lKOk0CH?d&WTb=~7y4wuwk<?|1ITO-!R)p|
zFuVPOw@_~iMlrz}^>fdZnIR!B$vEc8yL(l)$Cjn@S97xUR?j&V6|7NO>4Fljhly8(
zU6G(zk~cWuM8PX($<X9aQCfv3k-m~FYjWMaF7vVKzRpT;ndwBC2rDK2N>*x>Xbc$E
z6vxzA%M@^Golm)R?EjO2|6HGr7(nGQ(QuEa97GM}wg>h0J$o}N`BnwIus^r{rTL}A
zm3><x+_kOP`x4dhr|0fqjX&WiU3g4h>d6Np8SARjRMEYQ%AdbO6ZKS7q<sm<j4%mr
zFeL3kE-~M*!usp?@88=}qrb!<lGe9J7WjVJphLDG->YRgc#HCDNnT``xX*()FrzL=
zpQx1bW9p-}87{NPgH%%@IIiTDhs$cbPCY6RbN{MDAf~Zi#^Rg?@*fMA`ED+KfDDID
z^LgETIs(xO_*CjvR#q3i*DUYfyO#ljOs-Kk*ialGiTM*|33-jf5X9O$*yvr%h+tFk
z`bLO|fk}X2$<N~`dSmXh*z2*Y|AjI{{TIrx_CHVt5q!Ybs691LIVtiz$Ro?h?s8Yk
z_4V~w39nnF2XN$mf`~%d#d6UB1D1%quU~D%?<_Hj-W<V0qDj>kzU(;J63lq=q$<cR
zDx$~Diy(`lSEzeW>Tu^q_~1<EBOMrU@&WO7LUtK6DDNIvV~^F4hYY!M;yF1vKfqaW
zU%s5k=JWMv(fte>%UTGPeO+E&7Aib<_AEXvja`P8XHWazff2#~1B|dk7nwJSzj`z7
z`cfT!)V}*DWw8u!xpD~!X-JY4I1iWV=4r4J!VNpWKy=dqgVydcA!i1_A_{gXZ<i(A
zS?`)39HD#n?%gY}*#)(50dB`n$g}i=E$ajV8CtH?YE2SJ0EE>B`TquGbmO2n4y2}v
zLFeiAdy-`Up3AFcw&HkY+Gj2RQHi<p1|`O}3|({Yo_1n3VNR$6nJ1mG)$y7~&3j9H
zdm!5KaC1k}u!_qQ#O-gN>Yg|a6)XSV|MHt$zcw$`_dYn=u7QL&?FRD?MMwx`L4xQW
zIPqk4a@8^b8>a~wFGna@QPY(*@9`3?L!9h5{mK7?$sS4D^&B4}_{kde9gtDz*NIm=
z&h>tWcFYgg0AUQ&x;0!U{x}BFwix%IIMG2GVuyjv>9i^!eedkHiQK(wzY2h^EKb$<
zHFicq-W;yvb49qM*{h#Rf|Oo>LJo<ihKv2LHg>0@&VPgzaiQ|Ho-=4PP9s%P8EPQ8
z3|tx)RuUjI*Ss@L<@7Q8UhZMB-s|TN(zrIHB~w;)#mfr_L$L5hdU62w%86M###-{T
z&ZqeGPO;j6Yb0Htnn{F_v|1Pj{FGc4*v}4Rwpz*9%cEQ&=h+zRHuL&J!}n%Y*QQP8
z5K_z$c29z9CTNZ5f+dMKn2qGfEm5nIwM%xrsqdIMYcW=JEfIr|y%_lsdguqfIx<?e
zue3v;lP`h#(LlD2JmNK-^+-x3&Ho2QiDAXvx%bahKYaLbleL0>feaf$TPW%Cqp#X!
zTw7|V&j2ucju5;*;2_1_HDP8Sz)71h3%4-v3*gY3MC{I*R8qH*CvD%xT47}^AYF5&
zg~K$iybw9I769wG1(34y;C2aLv<yT%0HWU`0jyyVcovUmB2M9i7CvSwP?c`H<ttlj
z{6NZ_3Dr80+iVh^50b@PH9&8)a(E?0AQ$rZ%~SMdHeupZnLJiTDh?Wv8WrX%MCclr
z5nTi;8L2()c<Kk3UyFQN9jOShI#Qo`^|pNL1_cI%$wCzBEf?0AJA`ZldQDwjxDXSb
z#)BAT4?1WCRyBT#_Sl1vG(DcAG8`MOhl@L<#0F`b?6yah-HP>srPMY}*G_6C?i~6R
z*(kw0H%Z)$;5VM{O`Au1LKRS!<YMh=IQ5CPvRA%1?-C$HihIma2Q45aE%l(3DIDhO
zq$O>*Zbd>xh9E`^6&s0^qRJ_0Y3FH;5ToFqQzBTrl#tkTGnkj^IQs8zxsYN+J&R%D
zO8szWQlX-%dGf_EbMN31M+bYVE^*J5t{ZJE;U6K38C$k~RjTiU7@GP9N)jf2o#n(>
z;$nbb>2c}l82bO1@4b#?aQ$2#C%_B!x7kC@$yMS7R4v^&DJv|aWT8)*qun9c_qMaa
zFG9@#WqKvIoVLP{U+b~f=kcSJ)@_Bcd<KHmf=0$l>z@D(lO3?XWot+hSwM2Ze`8La
zRP05%)ZX3wD@~}r*AvtB2;a81xyG3F#!L%m{cd26Ik#^-v}X=LZCT1x+u3$ZWR_7d
zoa+PA!4B;a$(lbxZ;T!~M2~TD_r1jT?1NK2ZzoRLvVkqmfmL_@3gxo!)0i8p?%1G%
z#gbc}QU4{@fTmxp7}<%GZ*d{7MQOG=g<yOTO#BMGiIX9e@hpbTmP{cps9dH#hBnX*
zk+m>WnqqnJ0sG%-ZYF7SP_ais5i&dI_b;&y+2DG>0nX9NB1Q@3;vAK@>E^Xo8i&w^
z-o~CZ>9mqtoGP)C2~%yab}loWfJHo>NJ*E2Wa#Rhz<gJ#u1S@Sh;kMp(q)boI_EGw
zh`V8!q^Q@W=5Xr*!PJ7vwY~yWQVv4wRS_h#LjvtrTQkFHZy8b}8E_(oD{E6!BkhOz
z`j}#>nW<N-#;xvle9doJdm%w(*L|O&WSy*yfbhdOnXg?#wUGE7L4@mLDcbbz1#~{A
zm=rp{g*cHaQ5Es@M5zYuB7Y&G5f(AeslLPy((hBWRNHa9>LusTTR1lK2?kU5-$TX4
zIJX0>;Ca;MS|^Pqd+)I}a*!zBqUg2Af>xB?oFe&&vVi~!kIC=BuNIk75L-}qT=Z!_
zA_-wMC;8}O(II2`$*wgkT0TYuMtu=6+y^h~=zWAzTZH7@Nv*Z1;2kdig(RXAQkIrx
zL~5<J#0b!s$B3NZ9l6wQm?5vAAatAcihHQ^WvxEaiks!kQ&;_W7|)wanxVmARjS@X
zMJbg(IkY$T)Kyz5QK01f+&GBbYgXjlM3#(0JTLO;5a^JnjC90QOmh!uoe)`^03E!*
z<xf|1fm}6##hYfCjQ>84eg!#4!*`;ED*mFOW4f4W4A!r$lH7oIk_Z>Ioi37o%q=ig
z7n}ndPs$TtI(2+{Zclsl*U$b_t`0OG^Fy|mhDx6PNWm~jHh>K&b=?%5d$cc;84{g$
z5V**^(4i&vqu$ksW^XCC%k9a7^u1XE=n#_Qe)&?%*n88o$4&J0e}=tyMIU*W4iU<X
zo;%V@JAGm*hUBaA8%e_T)kN2}UZ8aO&B6J(;k|w(RLS}nychx7lrMP0HxmVqHI7)2
zvHfd4i6A5HD8I1xXEwB4y5uB<kcGpeTHe}~N%P>aGZ!z$h71oram5Clo@Bj%S|*ah
ztXmPKa~qVVm|;k}Ns6`SG$TY2n&1_^vejd(`EoaW6eWx}GepF?CKKt?mP56M^hS1F
zAT4(7BP*5j*L=kq?tQtKC|;tGEWj!tbns}rn4!m-3>6=F`U{Ayueg&;PRp^NkphVJ
z%YBF<D(i*xW2TANv`pIe6(s%SM;%(C7N=?D4s-N#+m6r<MnU5{O>@q2ni2?hA+M41
zwGGIs^1VZtXWi_OZQaNq=|afjge0@dr;VSBk5w8IthSMbt3IbRTTUS#RTmd8HJjvW
zwDvL{a?5^jPG-68t0<Bjm5S?uL>Fa5TrpN1*bSr#B_|($_#yl)09mQ_L|=R;3FV1Q
za>_w*7jV&5XtZCRDhtXEYZ;EmgwwV`(LM)Yj7N5`TKfopbm<aUuQ_WOk#zASL+tGb
zld(^I-Dzf8Swm<IotcGI*V-cJHRRfit;{X&EcEBmb~0PBEgE%Um5|H=-BrgHXe%rh
z$cD%n4IL~wf;)%>GYL)tX}YN~c_gk)mPixj-^xoK#XLu5kg%&PozkOwJ#hLJd!91#
z7UH;J2R26gS6@ej*mT?lsn^5<AfOc;r9{)BZ>}D0#?BAIMSO7$VhxSAYG?VcGofzb
ze-N)xdCTG@KKVKY-=Y5UH0?)Emn`Y9NO5W({i@%C=y`-@<SSwvSM4%P|6B&0lGyMZ
zx3mIC*F=z$5raMPaZJlZp|8xMEA8H~9M-k7D_`!o*WXtzI73S!8KEtF4QYT%qU0fD
zrFt$g=#KNgp%7y9lHZjxn#q}}r9g<G(m#LmqU0N@bWS>>M%qOAH*Tw(s>}4MD{cTh
z?;{=IwASrCExtESbl#8>w4@PK$3(v9zg3!=HFUUU^-vT!hSh#=%*JyT-yx2CY)E^E
zY`1KZl^7f(?LJZL3--dE3l+t)k}z6ztRdH0QU>Ik^U0zp<{Sj-N`^M;>zkir!gtZH
zY5FJ~6qD%|D2q5vC(Cs?%1*(XZq!1tMIp0|V_V2&Q<AX&Z|!Sblo8482NBX25ItB<
zqV}Wg;g_#E>#G`uyVUVdO)H*a;m^1%L$!RI-xnUYof%@yd;Q7Yo|YvccbI1iWqyIw
zV%aT{&aUskQ)&Q8Q_qA^+pPEYlf5ndd0(l+*4P^>K0n^Yr&)XYD``2a$4?hS4Zx_R
z_Q8AsWi3qC^{BHTC@X3hZ7D<apyl+uV+Rw4bO(2bLNk}Sb_1baNJY2qQ+}z{mjV$!
z$Ry;0V-cnK0Ixbf+BCHADV>|~0@<%A3<-`#pU*^J6_E}lA%vUgXHsjnqkfUn`ZtY?
z+{TVG+pGu-5v!gkwnktLm&>=wx32M@Zs{>)zwSr#Q<5ESD#X?pCjz8)L%;TD(*NH_
zm~9h^N>Wwp!88fUT+sRTO!&MCBd0q0@o^%1)dg2tRSpfa(=;E9-;4Wo3YU?g<zHT&
zb-cx)-s|M(d}`y;+#P727TIb5g4>!o$EFEYN-Qk!oOZb`@^0aFX6={Z#MS%(%>%ZA
z9-lV{KVmZ%)LpfH#;>y&H{^mx#`$)vIneN+ny}qR$A{&_pOB?93SDKy9s|UbQ?I6i
zR5K<1j(&^UuCW|NfG;J9m`^nQ`QNWc_n$!Uv~O&;5UMfG+*gmwfkpSmO4h0Y#CY}v
ze(sR~5e@C{{RQZ>IaD32d&#Gnx1j(G;2@zs00+ryomAB7*(z=tmBFd?dn*3}kpb0&
zDidJ?=l{(_Q{$@tCXm4@l{vY0UZ*XrX=O{T-fwUsS7Vsr-;;7*o?#RNgJVm+@KWaY
zg<Eg;W_8*2I*rl&jyV#yRrH37UreFI=bp9ayMcj;q_=<7m7)ov&tp%WPN*97ug|?1
zFhbU#l7s^_-vu&m_4v;|d@I2yWKoy(qt_+b^IUQF{M)MuAv}jYo&YBMm6p5pP#=^!
z-7Ajv7YRO?>MU`yM~Ea1F^$}3nYf1F9<Iv`^i;WqZ`fQ^DjEQ=X5ieAC7gcK<00n;
z1$9=}ED?|AmrwkoW?<lcY()AY7^)QFBWGO`GZ9H*E0q<)3%AfA^)lBbuUkE{=h<yP
ztP8p}drLhtV$)DbM$}j5;NJJz0C)cf&<<T_hrFoc4S7O4YKz28pCFQG#ME<BRQ?G`
zBf9eX;Ehj*HLbtGW7U51YY7w892_nW4QM@>uF<~}|Dgm0oy_Dap-e)#<dYt2sWMJ2
z;^{dZPbxezxl;ON7`-5Cwx5S_?kI_9{DbfLDd{#}UjC}defIVemWU)aD0w61b5i_n
zjW39YV{8RCEul5kjdi}p$%v#>Pt`dm^<e&r|B})q!~Q0v<<9(HNoivjM8in6gb7@k
zUy3?@B|y)p;yt$+O$ZTcdFk6P)1&)G!+oZ1LzG9anTpXXx}J&vkIY(=>edc_BvJiv
z<6$d{o%w(SFN15!oMCx;QRm7Rq3phem&uT+eJPk5$=USHbs3|M6eg2@axNTT^ga0T
z!j}q=$#m^)ba`FN^%Jxqf1iDb2YtjD=^J*n#rg3O!Jj9$%+h}fGHtKZ=AOFI`^2^S
z;O(zihFCw|PN%Wbmiuq-s1d2fS2Tz?Rr+0gejj0E$HVt)NgZC9rf-Qd^L!Y)K2sB-
z6$FBji?ByPv}j-D|8q3jzx_(I=t$+;SROejV$A8yzJK=g)<mN+tTJ*ShoxP5!-DsX
z)tC2GOhr6A(}5PRZoO^ceHJUhZ@`;ju2MXVGUaVPH#h=GdN*^SmyJ0*OXD9HH)a^s
zJ*W!zQDJxX9>iqbsu&kJ?75yiHckK?n&)JvegK(JWRGUq23(7P9b;o8r=ZAKSXhWH
zASET$HZ?t^;1Vd&kK<3j8MUu$BDebkYkFGaYgS`*42q90csnAVw`^PKjD^GU8^(jL
zzqzN%eo?zA*PI^}sBo>0@KO6ceTT<xo{MqwUAJe=ptjI9wZMx_Ju#zT+kY_57{Du4
zX3%2BTv=Xfp{e;T*x&JT3uQuN7O}pcVx6vO@bmV|^%1Hak6e{rT>D>avu{?|S4SDg
zZn1EFuFHHd{+M2HwSNHcu8J@4qt87H&QK;oY4uz$)I*`@?8%KgUMUkoswFQ^%z5@~
zpGWW2Ye2kLr&#SRK3<8_j#eA0=re`i7o@$;qZE=+D?r3otwY}`s7v3vrT#qTKb1t4
z%QZT|mpJzW+mA@-I~U#!Axe?W(!6tjR4Oj>Qlp)hi60+GKY(u&sVBUcU#yJM2pJ1`
z<X`-<XZHWfFWa0fJky@Q*{M*u$$$8DPWStMLjLtp#O)~`9{0fw#)f$hb>Gl`<Cl^A
zN$hPi!^_)fn`aAM8TVu?YPCyl&Z79?o7u!Bgaz|M)mH*h*D>6kF(k3h9mnp@SYx~I
z?hCl}+8z`L<Vx_~_&!<^X3<=k`wF?+t@D%iyY|mHH_w_EdC;|8<yB^NC6sVadKwLJ
z!(~h=#n>4FXI3L;Qt=EAP)>C;o8292U(o9oNr&A@>nso$QQ4ZW)*VDaM>?faX^@tF
z)Bh#sYTbagtntG<e6FkZ^otuQP3#o*W_o`@yg#$Np!I(W)u6Ypk^c*!Y;?;_K5cU4
zlqx`8lcr-*a%#^-WWR{HDw2ln<wX5<Lm<eID*|2DNNe(3SLqpFti%1dG&+%cVu%6V
zt$Dg&k`pq&K5rDeg+ZJ^doW=|@nKad>4rHIn)EN(E*Nzl?(=;nAs#%TW@RRocb3zE
z-RBMc`&A_u&Z55XjQg=6h@(-d8MUuyOD!v}CG}mp|Dv?Qx<rTmgJRG3e4a2x-(OVt
z(X8fybpmY|LQ1yLa3AoC1S0PNn_zF=$zN=O_B9G`xh~f5#24${;B+17RGBEZavVA}
z;a3pDn<de~YE*zRF;GuV?0l|J5}=@*v7V8;Rm}@bS9!(7b_BE^s^_*8g!>yvD2PW6
z%YM?I9?ZJQ`drM8uXdG=^4rD!STR79Qu*mnFc{`UO^=yo*lb^)o;<A0au%h?OWnDB
zHVh)}=L&Kvk3m*@F6^nGDl@!*!+evxXt@+-)2PVtHa)e4;fc1<%{W8h?E1)EM;3(=
z_N4lPGIo;*EScR(Srm`Eva4UioNsya`V<Zy!R?+CBYUH)nvrFQlz}QKR{;MvjD$}W
z-tORHofbVv44yWPijBp1olD4qvb}>b@kbN%JCd<4EGO`}B|&c#V}EsgI}jJ-yrz~I
zPw)8~i<k@BwK`=Fx{%0{vdI|&uP6I+><faAb(|5)grD`^ykOFaPe$?ZR>kYK{4{qg
zdN(Kp^n;v8AJ&UUf*WnFD5gzbI!aZ~z3xy1z{6soZ^Zh49KjGSq=N{d58|GbA^|!{
z>t=+uL&T$9c~0xbD&sPMEx!z+@JU2@{9?>EvDCw-kA-j-FP~C*xc8{@p7f2%#8Hzr
zKf&CVrMH~(okMPZDk@bqj>*1|yjSHqa)e;YZM~!$PayrSYW=?mD~cl_q}L@FvCLiC
zKO%WXcibxJM|WQ^;!b@rDrnLFT6ip$xZ-)gOR9BrgWsS{^z+M)lRk_fgmFdyeo!%g
zzIsBhW*74OuRbcvg%GZ1`H{F;!u9kc9I}#jRO2v*Wqo#Xd#-Ark(}u!HsIqoijG~D
zoZC@l(w%pK)tmDvcsIwLY!0n{Bbl8>ss0X!`nV0}h_u}}<ElgxARClD|2vDQya=x{
zXn-k5;oohd-1~fF-j!bVm-H)FerG#QOL1J`nSVMTcboCb6?M{&wj(+N3`wxsx^3_8
zHe1@`yme8v;EBuHIZE#FHoK>xBGMl|_p(so9kum%{RlXNiTaH{j#q2}iU6&dTtj}r
z-n!t2cs-UKa*{d^dTMgZJAS6Y4@z!qORWFT(4XSNeq!eZ^Y7`+NJi(UJ`{z63E$sU
z*<ZEh=r61t5Gy2f*q@Dz5}?DjDL_3$8CedNGEUfE;q2_ht{5KNi%y>VW{_SPQ><5K
z$8+8B{>0_*%o=qdc4RLa&g$d5c-GUNoKlV7>18LdWr}6vK~~dNAu}gTT#va_^AivX
z!q<`4f~hZ%az{y2g~HVPqofQ|AblCD7;<n^CwXt}UobVmst`!Hji&s^_CS-U{~^=(
z2aJj{Z|}3Hi>!B>j1lXQ@M`^}o#FA_Fi9ROijxE4B|h)9=Jf2Bg;dlXWwG8X1J_l8
z-hIi%&&{;kF2>&fI5JKklvJ}OY~Dv@Vsg1B$?;*Eh8P*qJ#KV$a<G~+#jPLGlmWiN
zL<3E`tUT*)kCvEW1Afas5*pc^<5ko;X`Yq%O^0;}b~NG{&8|ow=$W&$IDQK_UDGU_
zK3b%=kiDWdV!BdywQN8Wu*-8%ZNH)htZ^u%D>^WgWWi9vJvDuPWlyc%qho6IY<Q2=
zVs^$c!ht%To>wI}w1#>9jYXq=4hl)LHnS12x3?)3dJO0rc+s<J>*u#Z-7jM*VtBX&
zvzmR9tUUv#v0i_@p-qM`xjR4MZ&XhhmNk$980Pe|xUi@`u8YSM1W#fB(d?WYdEGE|
zf0$nsyRdY|BqYo;Ss8$e++HS!?Scbe^PeWq<q*~qN|zkJ&JqTeT_SY%pEh!*lXS^S
z1gf=ehHFEqc7;vtVO^0U{gSBaLvxy2&gHm|>T2ovXA`4Mg%YiUc4hk;0Z$U6%5o1?
z43CH;Idn?UC=AjsxaXyViw+{-;kA`|kB{z7QZiGgBw+BXlQUqmtr{r5<-xPCj`R;>
zFnKe5TEr=4E}#PM7_Y_>36Jo9_J*3IBv~P;?7O7HQ@gGNvz8~pTs+hDxl?Yu40$3?
zX0k@>nS-pK<ZhkNqXCZTjW_rX=^x8djDA=xMRmww@tr*)A6!Kl8K#y>`N!>RnvT1Q
zu?y5Y>K@p^YLe$;lkz?^?#Q?AYDKwqO;?W$6s6FYrDfN?>i*^!Q>cM?6Yj57Z?iPa
z|Lo$LHDOfr-mqOHbh_dsE6^##M04*)jhhKOv^UaF_LbaGwupbW!&IyS9O#wXUm_nj
zh&4FY|LQV}2k#H-ae26BAvd%6<=~0>R0Qn+xXkYwkN6B@7n9>`)nuD2mS|5ac1=bq
ziHei_H-jSYXP%~HBci^^NJYJ(*wNndkiC;eo}XIxf@a0cgjb9B_VMv=y9aCI&d=-*
z$G@0+ycbHV2$XzqW%%G*P(oeq-u2Wp%B^1|PqyYp4$@f8)V*H}a<yMn5mR5S_<s2N
zTN>Z5S7F~pLs#<X`me|m(^ZmlKFPr#Q1{NPoso^NUC>_bAvb#a?#Sa`#wha9ve|bx
z>2Mf%3baiHCo@M>^vR~oYY2`ga}A@T#ArMMMQ(Jn?`Y*n?FT+zIM%{!ERzfZMS;fQ
zJ4jjoKl?bEBdbGkvPLneedw_{T_hbclwbCZ4G$d-L5xNq$wQwYWSQSL9u@ubH#oPW
zr*U`%?j(K^)L$P7#?oWD+LFXF!~gmM2K|o<@#iCS8gOQpHxvi{KBjym95chFl93#a
zNBGA!WdsM6{X`_o-^V0Bis?EXs}_$!{`C>eWw>ZlJtwu~{`vx%jsuPv8uLaQjR;;i
zy0f#M1rD-q*oDaf_Vd!{LVaoSvtRs}v!7A-<z<j7!0CQv*!z&9=ys%$p$}@1@H?0k
z3Q7N+KKJ?eE+CZEz^*2H3lPh#29<amn3RXf0<ayFex^JH@DS2|Z%ublb;oc<m6$h;
zfi7$hvUm;D`I29E$MGeAu=f_Ss&>G{JmjB-qN7oTbq5%2mi23~Q?;caCradAhPaXK
z2@$)4)sbU@rseLlZ%1K`H_bv6A~X2~gW%W~vq=(_MW9~Bwg3X#1yJH!2fH2#1t1oV
zLExbnd;*>`uaEHQ=Ht!k+&fg_`4`<5uP6_-hLDv&IoJHCg#S)?G~3lN_{;2I1qfV5
zF9UxS!^-B8Ra>YlWm0=F>}=*{#wW{ckU~uwd=@Tf<0-<$pH@q^?zlhH;N^N!#O?v0
zO(p=7=j=MsxK7y*`>Yhh>hlup;5J@q8)eqyI|za98|ujy*LlalFs^P5-bOJ9t>i`-
z_JKjs@e$kAN^p%Gl;an7fn+fTB6x}S`t(qfpVy;rU~kZWZl}KdsqQ(jGe-D4=vzQ!
z9y$EA4{BEZVZ&aLZ0_%OY0_UHE@uZ4ausAsys1xKy1DkUKU;Ywpo&zlD<)a&ef|j=
z)ME~K49~^!6Qk&qD2N3uns0)vv-Nfa(0ktir0V&#>nLpr2*roeE@n>q6|h<tG!swD
zu{Wu5umVk6L~o=@k7qsR>%u66whiH5%>0{gw#Lua@Y+BGp$Z<N(QM@>{-q$nk9}_N
zGAjma{?~P-Q=;?1L}bN~x*e)=)JgLIz=iqX6Fhhy-Y7=1%v#rgeXZ;#=w@$=0+QwE
z#bJv%i<(gW0@#S{-BbFH^3-%nZt!k1CeWkq!gH^NiOU8K@XlxjoUY+uq2BMY+!SHk
z`>OAOF)JV!PA#ZX<NC$(@#8M#7;xx)Wx6Q(hOkwh|G4&evbbxtbq8fa*2|jj6iJ0<
zB$SNUg8JKwF~Hz$?Jb6IeMi_$*xyJWK%*wj{&fbkz}1->6n<j`)`6zX+-8u%E8ro0
zDkZF$0`%CmN7Q!jQyhT{w29SSJbA$qM`fhFp>n~I4%aeFOeZ`+Nq86CP6LLNOov2?
zZ1T>n6`&&KiWt&YWXMH~L6*lX6t?@CvTud$=B81xXRgtVH~H0wIt_Fc8L-U2ixpU^
zX2I`d`t1BkN$>J&EaaMWTic;(dS$R29|gcl<6f@!p`gu}@E{oy95dT0qmWe!7y+k*
zVUn<IF^JoOHhYs8RNfFcU=yB0M7tpcQa|HCv_o7Rs!ryi{2J#^zLI|ky-QteC7K+A
z)*?R3ac613t&XxZP%})GN$B3g(nm^ZQcbE!G+&%ewAJIdT@<7O4@PMBix&CRU2Zr<
z2{{x#T>O6irL~$$*ID;5?SZYCTDKX~R8R|+;%d@mnf;TJQt$;aTp3i>CJmk?s?%^{
z0g^8)pXwP{oE1GU8=qhE#79RQ`q3Qw$Q|gP`sn(seDtbs_g!@uiyzqK)yu!lDgWH=
z-Azbf2YQ>22Rjw2MYBo_^_s!c)E)H1yP&LE3XC;N5nug&E=+x7PEn?sBM-d^t`GBf
zl*z=!H%BX*kBmX;8@5?YdX(|46E@iM=~%uNre=UuS~{Bu(T<<I>7{je%f%Vuk`j29
zrK%6}oW+|(%XpnHl4B;FQRF9FNuWm$zD(!6`y+?yA+LJ99KS=M-6C~D_2F4_aX(R;
zE`0AQH5IQjm_;i=P4^q#-~PUT3@;v)BVr~lH<T_zWKwR~YTy-3BD*y!{BtvFZrC86
zMUFn#!-8HsIxPjSJa^V2M$)V^<MQBb{o<hChk>bTCQrdf^79Kce9=Akis*LD+#s{S
z5fmM!%bV=aaC5%}*gFTpqkyL3^b>N{rqa<<AI}*hjpHXdHhic<H&)$~dUfC6SpU+p
zy4m7m*n+S({K0VJ?~59#5t!o?njBO&h9Xb=J&q_5#*sJ;W}?5xk>k+qS@p08{dXMU
zfpH}J;~Q(jj}t~C@-uMb9vGdm`+ICUtpG!`uDB8P-vgl4SsXr0$hn>R?_*|@qir6m
za76|GJpeu+KBTIfnKZ%EdQ2b?2s#^E*=xcI3Ni{}LNam+in1bNmlT9A`)kAhA(Ry~
K<V$5O@BSYq@|7_F

literal 0
HcmV?d00001

diff --git a/apigw-lambda-durable-tenant-isolation-callback-terraform/example-pattern.json b/apigw-lambda-durable-tenant-isolation-callback-terraform/example-pattern.json
new file mode 100644
index 000000000..114d89a93
--- /dev/null
+++ b/apigw-lambda-durable-tenant-isolation-callback-terraform/example-pattern.json
@@ -0,0 +1,61 @@
+{
+  "title": "Serverless multi-tenant workflow with external callback using Lambda durable functions",
+  "description": "This pattern implements a multi-tenant workflow API that suspends execution while waiting for external confirmation and resumes processing when a callback arrives, with per-tenant compute isolation ensuring workflow state remains private throughout the suspension period.",
+  "language": "Node.js",
+  "level": "300",
+  "framework": "Terraform",
+  "introBox": {
+    "headline": "How it works",
+    "text": [
+      "SaaS applications often process tenant requests that cannot complete in a single invocation — the workflow must pause and wait for an external system to confirm before proceeding. During this wait, tenant-specific data from the first processing step (cached configuration, validated credentials, computed results) remains in the execution environment's memory. This pattern uses Lambda durable functions to suspend and resume the workflow across the wait boundary without losing progress, and Lambda tenant isolation mode to guarantee that the suspended environment — including all cached in-memory state — is never reassigned to a different tenant during the wait period.",
+      "The /workflow endpoint starts a durable workflow for a specific tenant. The function checkpoints after its first step and suspends at zero compute cost, logging a callback token. When the external system confirms the operation, it sends the token to the /callback endpoint, which resumes the workflow from its checkpoint. The resumed function skips all previously completed work and finishes processing with the confirmation payload. Multiple tenants can have workflows suspended simultaneously, each in a dedicated execution environment, each resuming independently when its callback arrives."
+    ]
+  },
+  "gitHub": {
+    "template": {
+      "repoURL": "https://github.com/aws-samples/serverless-patterns/tree/main/apigw-lambda-durable-tenant-isolation-callback-terraform",
+      "templateURL": "serverless-patterns/apigw-lambda-durable-tenant-isolation-callback-terraform",
+      "projectFolder": "apigw-lambda-durable-tenant-isolation-callback-terraform",
+      "templateFile": "main.tf"
+    }
+  },
+  "resources": {
+    "bullets": [
+      {
+        "text": "Lambda Durable Functions",
+        "link": "https://docs.aws.amazon.com/lambda/latest/dg/durable-functions.html"
+      },
+      {
+        "text": "Lambda Tenant Isolation",
+        "link": "https://docs.aws.amazon.com/lambda/latest/dg/tenant-isolation.html"
+      }
+    ]
+  },
+  "deploy": {
+    "text": [
+      "cd src/workflow && npm install && cd ../..",
+      "cd src/callback && npm install && cd ../..",
+      "terraform init",
+      "terraform apply"
+    ]
+  },
+  "testing": {
+    "text": [
+      "See the GitHub repo for detailed testing instructions."
+    ]
+  },
+  "cleanup": {
+    "text": [
+      "terraform destroy",
+      "terraform show"
+    ]
+  },
+  "authors": [
+    {
+      "name": "Annangarachari R",
+      "image": "https://media.licdn.com/dms/image/v2/C5603AQHDdhBrpBtWsg/profile-displayphoto-shrink_800_800/profile-displayphoto-shrink_800_800/0/1651409742725?e=1759363200&v=beta&t=7-EnqmtXjWlH2uA8oSMCwnLfFFvlWtf42-aC8NSZukw",
+      "bio": "Serverless Enthusiast",
+      "linkedin": "https://www.linkedin.com/in/annangarachari-r/"
+    }
+  ]
+}
diff --git a/apigw-lambda-durable-tenant-isolation-callback-terraform/main.tf b/apigw-lambda-durable-tenant-isolation-callback-terraform/main.tf
new file mode 100644
index 000000000..4a9ec0ea3
--- /dev/null
+++ b/apigw-lambda-durable-tenant-isolation-callback-terraform/main.tf
@@ -0,0 +1,271 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.80.0"
+    }
+  }
+  required_version = ">= 1.0"
+}
+
+variable "aws_region" {
+  description = "AWS region to deploy resources"
+  type        = string
+}
+
+variable "prefix" {
+  description = "Prefix for resource names"
+  type        = string
+  default     = "durable-tenant"
+}
+
+provider "aws" {
+  region = var.aws_region
+}
+
+data "aws_caller_identity" "current" {}
+
+# --- IAM Role ---
+
+resource "aws_iam_role" "lambda_role" {
+  name = "${var.prefix}-lambda-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect    = "Allow"
+      Principal = { Service = "lambda.amazonaws.com" }
+      Action    = "sts:AssumeRole"
+    }]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "basic_execution" {
+  role       = aws_iam_role.lambda_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
+
+resource "aws_iam_role_policy_attachment" "durable_execution" {
+  role       = aws_iam_role.lambda_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicDurableExecutionRolePolicy"
+}
+
+resource "aws_iam_role_policy" "callback_policy" {
+  name = "${var.prefix}-callback-policy"
+  role = aws_iam_role.lambda_role.id
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect = "Allow"
+      Action = [
+        "lambda:SendDurableExecutionCallbackSuccess",
+        "lambda:SendDurableExecutionCallbackFailure",
+        "lambda:SendDurableExecutionCallbackHeartbeat"
+      ]
+      Resource = "*"
+    }]
+  })
+}
+
+# --- Workflow Lambda ---
+
+data "archive_file" "workflow_zip" {
+  type        = "zip"
+  source_dir  = "${path.module}/src/workflow"
+  output_path = "${path.module}/build/workflow.zip"
+}
+
+resource "aws_lambda_function" "workflow" {
+  function_name    = "${var.prefix}-workflow"
+  filename         = data.archive_file.workflow_zip.output_path
+  source_code_hash = data.archive_file.workflow_zip.output_base64sha256
+  handler          = "workflow.handler"
+  runtime          = "nodejs22.x"
+  architectures    = ["arm64"]
+  role             = aws_iam_role.lambda_role.arn
+  timeout          = 900
+  memory_size      = 256
+
+  tenancy_config {
+    tenant_isolation_mode = "PER_TENANT"
+  }
+
+  durable_config {
+    execution_timeout = 86400
+  }
+}
+
+resource "aws_lambda_alias" "workflow_live" {
+  name             = "live"
+  function_name    = aws_lambda_function.workflow.function_name
+  function_version = aws_lambda_function.workflow.version
+}
+
+# --- Callback Lambda ---
+
+data "archive_file" "callback_zip" {
+  type        = "zip"
+  source_dir  = "${path.module}/src/callback"
+  output_path = "${path.module}/build/callback.zip"
+}
+
+resource "aws_lambda_function" "callback" {
+  function_name    = "${var.prefix}-callback"
+  filename         = data.archive_file.callback_zip.output_path
+  source_code_hash = data.archive_file.callback_zip.output_base64sha256
+  handler          = "callback.handler"
+  runtime          = "nodejs22.x"
+  architectures    = ["arm64"]
+  role             = aws_iam_role.lambda_role.arn
+  timeout          = 30
+  memory_size      = 128
+}
+
+# --- API Gateway ---
+
+resource "aws_api_gateway_rest_api" "api" {
+  name = "${var.prefix}-api"
+
+  endpoint_configuration {
+    types = ["REGIONAL"]
+  }
+}
+
+# /workflow resource (non-proxy, async invocation)
+resource "aws_api_gateway_resource" "workflow" {
+  rest_api_id = aws_api_gateway_rest_api.api.id
+  parent_id   = aws_api_gateway_rest_api.api.root_resource_id
+  path_part   = "workflow"
+}
+
+resource "aws_api_gateway_method" "workflow_post" {
+  rest_api_id   = aws_api_gateway_rest_api.api.id
+  resource_id   = aws_api_gateway_resource.workflow.id
+  http_method   = "POST"
+  authorization = "NONE"
+
+  request_parameters = {
+    "method.request.header.x-tenant-id" = true
+  }
+}
+
+resource "aws_api_gateway_integration" "workflow_integration" {
+  rest_api_id             = aws_api_gateway_rest_api.api.id
+  resource_id             = aws_api_gateway_resource.workflow.id
+  http_method             = aws_api_gateway_method.workflow_post.http_method
+  integration_http_method = "POST"
+  type                    = "AWS"
+  uri                     = aws_lambda_alias.workflow_live.invoke_arn
+
+  request_parameters = {
+    "integration.request.header.X-Amz-Tenant-Id"       = "method.request.header.x-tenant-id"
+    "integration.request.header.X-Amz-Invocation-Type" = "'Event'"
+  }
+
+  request_templates = {
+    "application/json" = "$input.body"
+  }
+}
+
+resource "aws_api_gateway_method_response" "workflow_202" {
+  rest_api_id = aws_api_gateway_rest_api.api.id
+  resource_id = aws_api_gateway_resource.workflow.id
+  http_method = aws_api_gateway_method.workflow_post.http_method
+  status_code = "202"
+}
+
+resource "aws_api_gateway_integration_response" "workflow_202" {
+  rest_api_id = aws_api_gateway_rest_api.api.id
+  resource_id = aws_api_gateway_resource.workflow.id
+  http_method = aws_api_gateway_method.workflow_post.http_method
+  status_code = aws_api_gateway_method_response.workflow_202.status_code
+
+  response_templates = {
+    "application/json" = "{\"message\": \"Workflow started\"}"
+  }
+
+  depends_on = [aws_api_gateway_integration.workflow_integration]
+}
+
+# /callback resource (proxy integration)
+resource "aws_api_gateway_resource" "callback" {
+  rest_api_id = aws_api_gateway_rest_api.api.id
+  parent_id   = aws_api_gateway_rest_api.api.root_resource_id
+  path_part   = "callback"
+}
+
+resource "aws_api_gateway_method" "callback_post" {
+  rest_api_id   = aws_api_gateway_rest_api.api.id
+  resource_id   = aws_api_gateway_resource.callback.id
+  http_method   = "POST"
+  authorization = "NONE"
+}
+
+resource "aws_api_gateway_integration" "callback_integration" {
+  rest_api_id             = aws_api_gateway_rest_api.api.id
+  resource_id             = aws_api_gateway_resource.callback.id
+  http_method             = aws_api_gateway_method.callback_post.http_method
+  integration_http_method = "POST"
+  type                    = "AWS_PROXY"
+  uri                     = aws_lambda_function.callback.invoke_arn
+}
+
+# Deploy
+resource "aws_api_gateway_deployment" "deployment" {
+  rest_api_id = aws_api_gateway_rest_api.api.id
+
+  depends_on = [
+    aws_api_gateway_integration.workflow_integration,
+    aws_api_gateway_integration_response.workflow_202,
+    aws_api_gateway_integration.callback_integration
+  ]
+
+  triggers = {
+    redeployment = sha1(jsonencode([
+      aws_api_gateway_integration.workflow_integration,
+      aws_api_gateway_integration_response.workflow_202,
+      aws_api_gateway_integration.callback_integration
+    ]))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "dev" {
+  rest_api_id   = aws_api_gateway_rest_api.api.id
+  deployment_id = aws_api_gateway_deployment.deployment.id
+  stage_name    = "dev"
+}
+
+# Lambda permissions for API Gateway
+resource "aws_lambda_permission" "workflow_apigw" {
+  statement_id  = "AllowAPIGateway"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.workflow.function_name
+  qualifier     = aws_lambda_alias.workflow_live.name
+  principal     = "apigateway.amazonaws.com"
+  source_arn    = "${aws_api_gateway_rest_api.api.execution_arn}/*"
+}
+
+resource "aws_lambda_permission" "callback_apigw" {
+  statement_id  = "AllowAPIGateway"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.callback.function_name
+  principal     = "apigateway.amazonaws.com"
+  source_arn    = "${aws_api_gateway_rest_api.api.execution_arn}/*"
+}
+
+# --- Outputs ---
+
+output "workflow_endpoint" {
+  description = "POST to start a workflow (include x-tenant-id header)"
+  value       = "https://${aws_api_gateway_rest_api.api.id}.execute-api.${var.aws_region}.amazonaws.com/dev/workflow"
+}
+
+output "callback_endpoint" {
+  description = "POST to send a callback (include callbackId and payload in body)"
+  value       = "https://${aws_api_gateway_rest_api.api.id}.execute-api.${var.aws_region}.amazonaws.com/dev/callback"
+}
diff --git a/apigw-lambda-durable-tenant-isolation-callback-terraform/src/callback/callback.mjs b/apigw-lambda-durable-tenant-isolation-callback-terraform/src/callback/callback.mjs
new file mode 100644
index 000000000..f4c9928e0
--- /dev/null
+++ b/apigw-lambda-durable-tenant-isolation-callback-terraform/src/callback/callback.mjs
@@ -0,0 +1,34 @@
+import { LambdaClient, SendDurableExecutionCallbackSuccessCommand } from "@aws-sdk/client-lambda";
+
+const client = new LambdaClient({ region: process.env.AWS_REGION });
+
+export const handler = async (event) => {
+  let body;
+  if (typeof event.body === 'string') {
+    body = JSON.parse(event.body);
+  } else {
+    body = event;
+  }
+
+  const callbackId = body.callbackId;
+  const result = JSON.stringify(body.payload || {});
+
+  if (!callbackId) {
+    return {
+      statusCode: 400,
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ error: "Missing callbackId" })
+    };
+  }
+
+  await client.send(new SendDurableExecutionCallbackSuccessCommand({
+    CallbackId: callbackId,
+    Result: result
+  }));
+
+  return {
+    statusCode: 200,
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ message: "Callback sent" })
+  };
+};
diff --git a/apigw-lambda-durable-tenant-isolation-callback-terraform/src/callback/package.json b/apigw-lambda-durable-tenant-isolation-callback-terraform/src/callback/package.json
new file mode 100644
index 000000000..d5508b037
--- /dev/null
+++ b/apigw-lambda-durable-tenant-isolation-callback-terraform/src/callback/package.json
@@ -0,0 +1 @@
+{"name":"durable-tenant-callback","version":"1.0.0","type":"module","dependencies":{"@aws-sdk/client-lambda":"^3.700.0"}}
diff --git a/apigw-lambda-durable-tenant-isolation-callback-terraform/src/workflow/package.json b/apigw-lambda-durable-tenant-isolation-callback-terraform/src/workflow/package.json
new file mode 100644
index 000000000..aee1af27d
--- /dev/null
+++ b/apigw-lambda-durable-tenant-isolation-callback-terraform/src/workflow/package.json
@@ -0,0 +1 @@
+{"name":"durable-tenant-workflow","version":"1.0.0","type":"module","dependencies":{"@aws/durable-execution-sdk-js":"^1.0.0"}}
diff --git a/apigw-lambda-durable-tenant-isolation-callback-terraform/src/workflow/workflow.mjs b/apigw-lambda-durable-tenant-isolation-callback-terraform/src/workflow/workflow.mjs
new file mode 100644
index 000000000..0d5775173
--- /dev/null
+++ b/apigw-lambda-durable-tenant-isolation-callback-terraform/src/workflow/workflow.mjs
@@ -0,0 +1,27 @@
+import { withDurableExecution } from "@aws/durable-execution-sdk-js";
+
+export const handler = withDurableExecution(async (event, context) => {
+  const tenantId = context.lambdaContext.tenantId;
+  const body = JSON.parse(event.body || "{}");
+  const envId = process.env.AWS_LAMBDA_LOG_STREAM_NAME;
+
+  const validated = await context.step(async (stepCtx) => {
+    stepCtx.logger.info(`Step 1: Validating for tenant ${tenantId}`);
+    return { tenantId, requestId: body.requestId, status: "validated", environment: envId };
+  });
+
+  const callbackResult = await context.waitForCallback(async (callbackToken) => {
+    console.log(JSON.stringify({ waiting: true, callbackToken, tenantId }));
+  });
+
+  const completed = await context.step(async (stepCtx) => {
+    stepCtx.logger.info(`Step 2: Completing for tenant ${tenantId}`);
+    return { tenantId, requestId: body.requestId, status: "completed", callbackPayload: callbackResult, environment: envId };
+  });
+
+  return {
+    statusCode: 200,
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ validated, completed })
+  };
+});