From 26ebb1cf2d1c310c4a0dbf10f8b0e1cfb47494f1 Mon Sep 17 00:00:00 2001
From: longdayi <13477510+longdayilongdayi@user.noreply.gitee.com>
Date: Wed, 28 May 2025 08:23:14 +0800
Subject: [PATCH] 05280823

---
 .cursorignore                                 |   1 +
 OIDC_ARCHITECTURE_UPDATE.md                   | 133 +++
 apps/backend/README.md                        | 287 +++++-
 apps/backend/package.json                     |   9 +-
 apps/backend/src/index.ts                     |  38 +-
 apps/backend/src/oidc-demo.ts                 | 134 +++
 apps/backend/src/oidc/config.ts               | 109 --
 apps/backend/src/oidc/provider.ts             |   6 -
 apps/backend/src/oidc/redis-adapter.ts        |  86 --
 apps/backend/src/user/user.trpc.ts            |   2 +-
 apps/web/app/auth/callback/page.tsx           | 120 +++
 apps/web/app/opengraph-image.png              | Bin 98947 -> 0 bytes
 apps/web/app/page.tsx                         | 179 +++-
 apps/web/app/test-oidc/page.tsx               | 248 +++++
 apps/web/components/login-button.tsx          |  31 +
 apps/web/components/providers.tsx             |   5 +-
 apps/web/components/user-profile.tsx          | 251 +++++
 apps/web/lib/oidc-config.ts                   |  27 +
 apps/web/package.json                         |  11 +-
 apps/web/providers/auth-provider.tsx          | 130 +++
 packages/client/package.json                  |  11 +-
 packages/oidc-provider/package.json           |  60 ++
 .../oidc-provider/src/auth/auth-manager.ts    | 157 +++
 packages/oidc-provider/src/auth/index.ts      |  13 +
 .../oidc-provider/src/auth/session-manager.ts |  83 ++
 .../auth/strategies/password-auth-strategy.ts | 304 ++++++
 .../oidc-provider/src/auth/token-manager.ts   | 205 ++++
 .../src/auth/utils/cookie-utils.ts            | 121 +++
 .../src/auth/utils/html-templates.ts          | 341 +++++++
 packages/oidc-provider/src/index.ts           |  60 ++
 packages/oidc-provider/src/middleware/hono.ts | 335 +++++++
 packages/oidc-provider/src/provider.ts        | 932 ++++++++++++++++++
 packages/oidc-provider/src/storage/adapter.ts |  44 +
 packages/oidc-provider/src/storage/index.ts   |   2 +
 .../src/storage/redis-adapter.ts              |  69 ++
 packages/oidc-provider/src/types/index.ts     | 342 +++++++
 packages/oidc-provider/src/utils/jwt.ts       | 252 +++++
 packages/oidc-provider/src/utils/pkce.ts      | 153 +++
 .../oidc-provider/src/utils/validation.ts     | 314 ++++++
 packages/oidc-provider/tsconfig.json          |  29 +
 packages/ui/package.json                      |  10 +-
 packages/ui/src/components/alert.tsx          |  66 ++
 packages/ui/src/components/avatar.tsx         |  53 +
 packages/ui/src/components/badge.tsx          |  46 +
 packages/ui/src/components/breadcrumb.tsx     | 109 ++
 packages/ui/src/components/button.tsx         |  91 +-
 packages/ui/src/components/card.tsx           |  92 ++
 packages/ui/src/components/dialog.tsx         | 135 +++
 packages/ui/src/components/input.tsx          |  21 +
 packages/ui/src/components/label.tsx          |  24 +
 packages/ui/src/components/separator.tsx      |  28 +
 pnpm-lock.yaml                                | 673 ++++++++++++-
 test-oidc.ts                                  |   1 +
 53 files changed, 6687 insertions(+), 296 deletions(-)
 create mode 100644 .cursorignore
 create mode 100644 OIDC_ARCHITECTURE_UPDATE.md
 create mode 100644 apps/backend/src/oidc-demo.ts
 delete mode 100644 apps/backend/src/oidc/config.ts
 delete mode 100644 apps/backend/src/oidc/provider.ts
 delete mode 100644 apps/backend/src/oidc/redis-adapter.ts
 create mode 100644 apps/web/app/auth/callback/page.tsx
 delete mode 100644 apps/web/app/opengraph-image.png
 create mode 100644 apps/web/app/test-oidc/page.tsx
 create mode 100644 apps/web/components/login-button.tsx
 create mode 100644 apps/web/components/user-profile.tsx
 create mode 100644 apps/web/lib/oidc-config.ts
 create mode 100644 apps/web/providers/auth-provider.tsx
 create mode 100644 packages/oidc-provider/package.json
 create mode 100644 packages/oidc-provider/src/auth/auth-manager.ts
 create mode 100644 packages/oidc-provider/src/auth/index.ts
 create mode 100644 packages/oidc-provider/src/auth/session-manager.ts
 create mode 100644 packages/oidc-provider/src/auth/strategies/password-auth-strategy.ts
 create mode 100644 packages/oidc-provider/src/auth/token-manager.ts
 create mode 100644 packages/oidc-provider/src/auth/utils/cookie-utils.ts
 create mode 100644 packages/oidc-provider/src/auth/utils/html-templates.ts
 create mode 100644 packages/oidc-provider/src/index.ts
 create mode 100644 packages/oidc-provider/src/middleware/hono.ts
 create mode 100644 packages/oidc-provider/src/provider.ts
 create mode 100644 packages/oidc-provider/src/storage/adapter.ts
 create mode 100644 packages/oidc-provider/src/storage/index.ts
 create mode 100644 packages/oidc-provider/src/storage/redis-adapter.ts
 create mode 100644 packages/oidc-provider/src/types/index.ts
 create mode 100644 packages/oidc-provider/src/utils/jwt.ts
 create mode 100644 packages/oidc-provider/src/utils/pkce.ts
 create mode 100644 packages/oidc-provider/src/utils/validation.ts
 create mode 100644 packages/oidc-provider/tsconfig.json
 create mode 100644 packages/ui/src/components/alert.tsx
 create mode 100644 packages/ui/src/components/avatar.tsx
 create mode 100644 packages/ui/src/components/badge.tsx
 create mode 100644 packages/ui/src/components/breadcrumb.tsx
 create mode 100644 packages/ui/src/components/card.tsx
 create mode 100644 packages/ui/src/components/dialog.tsx
 create mode 100644 packages/ui/src/components/input.tsx
 create mode 100644 packages/ui/src/components/label.tsx
 create mode 100644 packages/ui/src/components/separator.tsx
 create mode 100644 test-oidc.ts

diff --git a/.cursorignore b/.cursorignore
new file mode 100644
index 0000000..6f9f00f
--- /dev/null
+++ b/.cursorignore
@@ -0,0 +1 @@
+# Add directories or file patterns to ignore during indexing (e.g. foo/ or *.csv)
diff --git a/OIDC_ARCHITECTURE_UPDATE.md b/OIDC_ARCHITECTURE_UPDATE.md
new file mode 100644
index 0000000..a95c80a
--- /dev/null
+++ b/OIDC_ARCHITECTURE_UPDATE.md
@@ -0,0 +1,133 @@
+# OIDC 架构更新总结
+
+## 🎯 更新目标
+
+将项目从混合认证架构改为标准的 OIDC 架构，确保所有用户认证都在 OIDC Provider 中处理。
+
+## 🔄 主要改动
+
+### 1. 删除客户端登录页面
+- ❌ 删除了 `apps/web/app/auth/login/page.tsx`
+- ❌ 删除了客户端应用中的自定义认证逻辑
+
+### 2. 修复回调页面
+- ✅ 更新 `apps/web/app/auth/callback/page.tsx` 中的错误链接
+- ✅ 移除对已删除登录页面的引用
+
+### 3. 添加测试页面
+- ✅ 创建 `apps/web/app/test-oidc/page.tsx` 用于测试OIDC流程
+- ✅ 在首页添加测试页面链接
+
+### 4. 更新文档
+- ✅ 更新 `apps/backend/README.md` 以反映正确的架构
+
+## 🏗️ 当前架构
+
+### 正确的 OIDC 流程
+```
+用户点击登录
+    ↓
+客户端重定向到 OIDC Provider 授权端点
+    ↓
+OIDC Provider 显示内置登录页面
+    ↓
+用户在 Provider 页面上登录
+    ↓
+Provider 生成授权码并重定向回客户端
+    ↓
+客户端用授权码换取令牌
+    ↓
+认证完成
+```
+
+### 架构优势
+
+#### ✅ 已实现的正确做法
+- OIDC Provider 包含登录页面
+- 标准授权码流程
+- PKCE 支持
+- 内置会话管理
+- 自动令牌刷新
+
+#### ❌ 已移除的错误做法
+- 客户端应用的登录页面
+- 自定义认证逻辑
+- 重复的用户管理
+- 混合认证流程
+
+## 🧪 测试方法
+
+### 1. 访问测试页面
+访问 `http://localhost:3001/test-oidc` 进行完整的流程测试
+
+### 2. 测试 Discovery 端点
+在测试页面点击"测试 Discovery 端点"按钮
+
+### 3. 完整认证流程测试
+1. 在测试页面点击"开始 OIDC 认证流程"
+2. 将跳转到 OIDC Provider 的内置登录页面
+3. 使用演示账号登录：`demouser` / `demo123`
+4. 登录成功后会重定向回客户端应用
+
+## 🔧 技术细节
+
+### OIDC Provider 配置
+```typescript
+export const oidcApp = createOIDCProvider({
+    config: oidcConfig,
+    useBuiltInAuth: true,
+    builtInAuthConfig: {
+        passwordValidator: validatePassword,
+        sessionTTL: 24 * 60 * 60, // 24小时
+        loginPageTitle: 'OIDC Demo 登录',
+        brandName: 'OIDC Demo Provider',
+    },
+});
+```
+
+### 客户端配置
+```typescript
+export const oidcConfig = {
+    authority: 'http://localhost:3000/oidc',
+    client_id: 'demo-client',
+    redirect_uri: 'http://localhost:3001/auth/callback',
+    response_type: 'code',
+    scope: 'openid profile email',
+    // ... 其他标准OIDC配置
+};
+```
+
+## 📋 验证清单
+
+- [x] 删除客户端登录页面
+- [x] 修复回调页面引用
+- [x] OIDC Provider 内置认证正常工作
+- [x] 标准 OIDC 流程可以完整运行
+- [x] Discovery 端点返回正确配置
+- [x] 文档已更新
+- [x] 测试页面可用
+
+## 🚀 启动说明
+
+1. 启动后端 OIDC Provider：
+   ```bash
+   cd apps/backend
+   bun run dev
+   ```
+
+2. 启动前端客户端：
+   ```bash
+   cd apps/web
+   npm run dev
+   ```
+
+3. 访问测试页面：
+   http://localhost:3001/test-oidc
+
+## 🎉 总结
+
+现在项目已经完全符合标准的 OIDC 架构：
+- **分离关注点**: OIDC Provider 专注于认证，客户端专注于业务逻辑
+- **标准合规**: 完全符合 OpenID Connect 规范
+- **简化维护**: 认证逻辑集中在 Provider 中
+- **更好的安全性**: 用户凭据只在 Provider 中处理 
\ No newline at end of file
diff --git a/apps/backend/README.md b/apps/backend/README.md
index 6dd13e7..e11cbeb 100644
--- a/apps/backend/README.md
+++ b/apps/backend/README.md
@@ -1,11 +1,286 @@
-To install dependencies:
-```sh
-bun install
+# OIDC Provider Demo
+
+这是一个基于 Hono 后端的 OpenID Connect (OIDC) Provider 演示应用，使用了标准的OIDC架构设计。
+
+## 功能特性
+
+- ✅ 完整的 OIDC Provider 实现
+- ✅ 支持授权码流程 (Authorization Code Flow)
+- ✅ 支持 PKCE (Proof Key for Code Exchange)
+- ✅ 内置认证处理器
+- ✅ JWT 令牌签发和验证
+- ✅ 用户信息端点
+- ✅ 令牌撤销
+- ✅ Redis 存储适配器
+- ✅ 内置登录页面
+
+## 标准OIDC架构
+
+### 使用内置认证处理器（推荐）
+
+```typescript
+import { createOIDCProvider } from '@repo/oidc-provider';
+
+// 使用内置认证处理器，Provider自己处理登录
+const oidcApp = createOIDCProvider({
+  config: oidcConfig,
+  useBuiltInAuth: true,
+  builtInAuthConfig: {
+    passwordValidator: validatePassword,
+    sessionTTL: 24 * 60 * 60, // 24小时
+    loginPageTitle: 'OIDC Demo 登录',
+    brandName: 'OIDC Demo Provider',
+  },
+});
 ```
 
-To run:
-```sh
+### 自定义认证处理器（高级用法）
+
+```typescript
+import { createOIDCProvider, type AuthHandler } from '@repo/oidc-provider';
+
+class MyAuthHandler implements AuthHandler {
+  async getCurrentUser(c: Context): Promise<string | null> {
+    // 检查用户认证状态
+    // 例如：从JWT token、session或cookie中获取用户ID
+    const token = c.req.header('Authorization');
+    return await verifyTokenAndGetUserId(token);
+  }
+
+  async handleAuthRequired(c: Context, authRequest: AuthorizationRequest): Promise<Response> {
+    // 处理未认证用户
+    // 例如：显示自定义登录页面或重定向到外部认证服务
+    return this.showCustomLoginPage(c, authRequest);
+  }
+}
+
+const oidcApp = createOIDCProvider({
+  config: oidcConfig,
+  authHandler: new MyAuthHandler()
+});
+```
+
+## 启动服务
+
+```bash
+# 在项目根目录
+cd apps/backend
 bun run dev
 ```
 
-open http://localhost:3000
+服务将在 `http://localhost:8000` 启动。
+
+## 当前配置
+
+当前的 OIDC Provider 已配置为：
+- 使用内置认证处理器，Provider自己处理所有登录逻辑
+- 支持标准OIDC授权码流程
+- 使用 Redis 存储令牌和会话
+
+## OIDC 端点
+
+### 发现文档
+```
+GET http://localhost:8000/oidc/.well-known/openid-configuration
+```
+
+### 主要端点
+- **授权端点**: `http://localhost:8000/oidc/auth`
+- **令牌端点**: `http://localhost:8000/oidc/token`
+- **用户信息端点**: `http://localhost:8000/oidc/userinfo`
+- **JWKS端点**: `http://localhost:8000/oidc/.well-known/jwks.json`
+- **撤销端点**: `http://localhost:8000/oidc/revoke`
+
+## 测试客户端
+
+### 机密客户端 (Confidential Client)
+```
+Client ID: demo-client
+Client Secret: demo-client-secret
+重定向URI: 
+  - http://localhost:3000/callback
+  - http://localhost:8080/callback
+  - https://oauth.pstmn.io/v1/callback
+```
+
+### 公共客户端 (Public Client)
+```
+Client ID: demo-public-client
+重定向URI:
+  - http://localhost:3000/callback
+  - myapp://callback
+```
+
+## 测试用户
+
+```
+用户名: demouser
+密码: password
+用户ID (sub): demo-user
+```
+
+## API 测试
+
+运行测试脚本验证新API：
+
+```bash
+cd apps/backend
+bun run test-oidc.ts
+```
+
+## 授权流程
+
+1. **客户端发起授权请求**: 访问 `/oidc/auth` 端点
+2. **检查用户认证**: AuthHandler 检查用户是否已认证
+3. **用户认证**: 如未认证，重定向到登录页面
+4. **生成授权码**: 认证成功后生成授权码
+5. **交换访问令牌**: 客户端使用授权码换取访问令牌
+6. **访问资源**: 使用访问令牌访问用户信息等资源
+
+## 配置说明
+
+```typescript
+import { createOIDCProvider, DefaultAuthHandler } from '@repo/oidc-provider';
+
+const oidcConfig = {
+  issuer: 'http://localhost:8000/oidc',
+  signingKey: 'your-secret-key',
+  storage: redisAdapter,
+  findClient: async (clientId) => { /* 查找客户端 */ },
+  findUser: async (userId) => { /* 查找用户 */ },
+  // ... 其他配置
+};
+
+// 方式1: 使用内置认证处理器（推荐）
+const app1 = createOIDCProvider({
+  config: oidcConfig,
+  useBuiltInAuth: true,
+  builtInAuthConfig: {
+    passwordValidator: validatePassword,
+    sessionTTL: 24 * 60 * 60,
+    loginPageTitle: 'OIDC Demo 登录',
+    brandName: 'OIDC Demo Provider',
+  },
+});
+
+// 方式2: 使用自定义处理器（高级用法）
+const app2 = createOIDCProvider({
+  config: oidcConfig,
+  authHandler: new CustomAuthHandler()
+});
+```
+
+## 与 Next.js Web 应用集成
+
+1. **标准OIDC流程**: Next.js 应用使用标准 oidc-client-ts 库
+2. **认证处理**: OIDC Provider 自己处理所有用户认证和登录页面
+3. **令牌管理**: OIDC Provider 负责生成和管理所有令牌
+4. **回调处理**: Next.js 应用只需处理OIDC回调，获取令牌
+
+## 技术架构
+
+- **框架**: Hono.js
+- **存储**: Redis (令牌存储)
+- **JWT**: JOSE 库
+- **PKCE**: 支持 SHA256 和 plain 方法
+- **算法**: HS256 (可配置 RS256, ES256)
+- **认证**: 可自定义认证处理器
+
+## 优势
+
+相比之前的实现，新API具有以下优势：
+
+1. **简化配置**: 只需要提供配置对象和认证处理器
+2. **灵活认证**: 支持任意认证方式（JWT、Session、OAuth等）
+3. **清晰分离**: 认证逻辑与OIDC协议逻辑分离
+4. **易于扩展**: 通过实现 AuthHandler 接口轻松自定义
+5. **类型安全**: 完整的 TypeScript 类型支持
+
+## 开发说明
+
+- 修改客户端或用户数据：编辑 `src/oidc-demo.ts`
+- 自定义认证逻辑：实现 `AuthHandler` 接口
+- 配置调整：修改 `oidcConfig` 对象
+
+## 快速测试
+
+1. **Web界面测试**：
+   访问 http://localhost:8000 查看完整的测试界面
+
+2. **授权流程测试**：
+   访问 http://localhost:8000/oidc/auth?response_type=code&client_id=demo-client&redirect_uri=https://oauth.pstmn.io/v1/callback&scope=openid%20profile%20email&state=test-state
+
+3. **Postman测试**：
+   使用以下配置在 Postman 中测试 OAuth 2.0:
+   ```
+   授权URL: http://localhost:8000/oidc/auth
+   令牌URL: http://localhost:8000/oidc/token
+   回调URL: https://oauth.pstmn.io/v1/callback
+   Client ID: demo-client
+   Client Secret: demo-client-secret
+   作用域: openid profile email
+   ```
+
+## 完整的授权码流程
+
+### 1. 授权请求
+```
+GET http://localhost:8000/oidc/auth?response_type=code&client_id=demo-client&redirect_uri=https://oauth.pstmn.io/v1/callback&scope=openid%20profile%20email&state=random-state
+```
+
+### 2. 用户登录
+系统会自动重定向到登录页面，使用测试用户登录
+
+### 3. 获取授权码
+登录成功后会重定向到 `redirect_uri` 并携带授权码
+
+### 4. 交换访问令牌
+```bash
+curl -X POST http://localhost:8000/oidc/token \
+  -H "Content-Type: application/x-www-form-urlencoded" \
+  -d "grant_type=authorization_code&code=YOUR_CODE&redirect_uri=https://oauth.pstmn.io/v1/callback&client_id=demo-client&client_secret=demo-client-secret"
+```
+
+### 5. 访问用户信息
+```bash
+curl -X GET http://localhost:8000/oidc/userinfo \
+  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
+```
+
+## 支持的作用域和声明
+
+### 作用域 (Scopes)
+- `openid` - 必需的基础作用域
+- `profile` - 用户基本信息
+- `email` - 邮箱信息
+- `phone` - 电话号码
+- `address` - 地址信息
+
+### 声明 (Claims)
+- `sub` - 用户唯一标识
+- `name`, `given_name`, `family_name` - 姓名信息
+- `email`, `email_verified` - 邮箱信息
+- `phone_number`, `phone_number_verified` - 电话信息
+- `picture`, `profile`, `website` - 个人资料
+- `gender`, `birthdate`, `zoneinfo`, `locale` - 基本信息
+- `address` - 地址信息
+- `updated_at` - 更新时间
+
+## 安全注意事项
+
+⚠️ **这是一个演示应用，不应用于生产环境！**
+
+生产环境部署时需要注意：
+1. 使用强密钥和安全的签名算法
+2. 实现真实的用户认证和会话管理
+3. 添加适当的安全头和 CSRF 保护
+4. 使用 HTTPS
+5. 实现客户端注册和管理
+6. 添加速率限制和监控
+7. 定期轮换密钥
+
+## 开发和扩展
+
+如需修改客户端或用户数据，编辑 `src/oidc-demo.ts` 文件中的 `demoClients` 和 `demoUsers` 数组。
+
+如需自定义认证逻辑，修改 `src/index.ts` 中的登录处理逻辑。 
\ No newline at end of file
diff --git a/apps/backend/package.json b/apps/backend/package.json
index 6bb44a7..b4e4930 100644
--- a/apps/backend/package.json
+++ b/apps/backend/package.json
@@ -5,11 +5,12 @@
   },
   "dependencies": {
     "@elastic/elasticsearch": "^9.0.2",
+    "@hono/node-server": "^1.14.3",
     "@hono/trpc-server": "^0.3.4",
     "@hono/zod-validator": "^0.5.0",
     "@repo/db": "workspace:*",
+    "@repo/oidc-provider": "workspace:*",
     "@trpc/server": "11.1.2",
-    "@types/oidc-provider": "^9.1.0",
     "hono": "^4.7.10",
     "ioredis": "5.4.1",
     "jose": "^6.0.11",
@@ -18,10 +19,14 @@
     "node-cron": "^4.0.7",
     "oidc-provider": "^9.1.1",
     "superjson": "^2.2.2",
+    "valibot": "^1.1.0",
     "zod": "^3.25.23"
   },
   "devDependencies": {
     "@types/bun": "latest",
-    "@types/node": "^22.15.21"
+    "@types/node": "^22.15.21",
+    "@types/oidc-provider": "^9.1.0",
+    "supertest": "^7.1.1",
+    "vitest": "^3.1.4"
   }
 }
\ No newline at end of file
diff --git a/apps/backend/src/index.ts b/apps/backend/src/index.ts
index b9374a6..4681878 100644
--- a/apps/backend/src/index.ts
+++ b/apps/backend/src/index.ts
@@ -1,17 +1,16 @@
 import { Hono } from 'hono'
-import { logger } from 'hono/logger'
 import { contextStorage, getContext } from 'hono/context-storage'
 import { prettyJSON } from 'hono/pretty-json'
 import { cors } from 'hono/cors'
-
 import { trpcServer } from '@hono/trpc-server'
 
 import Redis from 'ioredis'
 import redis from './redis'
 import minioClient from './minio'
 import { Client } from 'minio'
-import oidc from './oidc/provider'
 import { appRouter } from './trpc'
+import { oidcApp } from './oidc-demo'
+
 type Env = {
   Variables: {
     redis: Redis
@@ -21,23 +20,25 @@ type Env = {
 
 const app = new Hono<Env>()
 
+// 全局CORS配置
 app.use('*', cors({
-  origin: 'http://localhost:3001',
-  credentials: true,
+  origin: '*',
 }))
 
+// 注入依赖
 app.use('*', async (c, next) => {
   c.set('redis', redis)
   c.set('minio', minioClient)
   await next()
 })
-app.use('*', async (c, next) => {
-  c.set('redis', redis);
-  await next();
-});
+
+// 中间件
 app.use(contextStorage())
-app.use(prettyJSON()) // With options: prettyJSON({ space: 4 })
-app.use(logger())
+app.use(prettyJSON())
+
+app.route('/oidc', oidcApp)
+
+// 挂载tRPC
 app.use(
   '/trpc/*',
   trpcServer({
@@ -45,10 +46,11 @@ app.use(
   })
 )
 
-app.use('/oidc/*', async (c, next) => {
-  // @ts-ignore
-  await oidc.callback(c.req.raw, c.res.raw)
-  // return void 也可以
-  return
-})
-export default app
+// 启动服务器
+const port = parseInt(process.env.PORT || '3000');
+export default {
+  port,
+  fetch: app.fetch,
+}
+
+console.log(`🚀 服务器运行在 http://localhost:${port}`)
diff --git a/apps/backend/src/oidc-demo.ts b/apps/backend/src/oidc-demo.ts
new file mode 100644
index 0000000..5c28e89
--- /dev/null
+++ b/apps/backend/src/oidc-demo.ts
@@ -0,0 +1,134 @@
+import { createOIDCProvider } from '@repo/oidc-provider';
+import { RedisStorageAdapter } from '@repo/oidc-provider';
+import type { OIDCClient, OIDCUser, OIDCProviderConfig } from '@repo/oidc-provider';
+import redis from './redis';
+
+// 示例客户端数据
+const demoClients: OIDCClient[] = [
+    {
+        client_id: 'demo-client',
+        client_secret: 'demo-client-secret',
+        client_name: 'Demo Application',
+        client_type: 'confidential',
+        redirect_uris: [
+            'http://localhost:3001/auth/callback',
+            'http://localhost:8080/callback',
+            'https://oauth.pstmn.io/v1/callback'
+        ],
+        grant_types: ['authorization_code', 'refresh_token'],
+        response_types: ['code'],
+        scopes: ['openid', 'profile', 'email'],
+        token_endpoint_auth_method: 'client_secret_basic',
+        created_at: new Date(),
+        updated_at: new Date(),
+    },
+    {
+        client_id: 'demo-public-client',
+        client_name: 'Demo Public Application',
+        client_type: 'public',
+        redirect_uris: [
+            'http://localhost:3000/callback',
+            'myapp://callback'
+        ],
+        grant_types: ['authorization_code'],
+        response_types: ['code'],
+        scopes: ['openid', 'profile', 'email'],
+        token_endpoint_auth_method: 'none',
+        created_at: new Date(),
+        updated_at: new Date(),
+    }
+];
+
+// 示例用户数据
+const demoUsers: OIDCUser[] = [
+    {
+        sub: 'demo-user',
+        username: 'demouser',
+        email: 'demo@example.com',
+        email_verified: true,
+        name: 'Demo User',
+        given_name: 'Demo',
+        family_name: 'User',
+        picture: 'https://via.placeholder.com/150',
+        profile: 'https://example.com/demouser',
+        website: 'https://example.com',
+        gender: 'prefer_not_to_say',
+        birthdate: '1990-01-01',
+        zoneinfo: 'Asia/Shanghai',
+        locale: 'zh-CN',
+        phone_number: '+86-123-4567-8901',
+        phone_number_verified: true,
+        address: {
+            formatted: '北京市朝阳区建国门外大街1号',
+            street_address: '建国门外大街1号',
+            locality: '朝阳区',
+            region: '北京市',
+            postal_code: '100020',
+            country: 'CN'
+        },
+        updated_at: Math.floor(Date.now() / 1000)
+    }
+];
+
+// 查找客户端的函数
+async function findClient(clientId: string): Promise<OIDCClient | null> {
+    return demoClients.find(client => client.client_id === clientId) || null;
+}
+
+// 查找用户的函数
+async function findUser(userId: string): Promise<OIDCUser | null> {
+    return demoUsers.find(user => user.sub === userId) || null;
+}
+
+// 密码验证函数
+async function validatePassword(username: string, password: string): Promise<string | null> {
+    // 查找用户并验证密码
+    const user = demoUsers.find(u => u.username === username);
+    if (!user || password !== 'demo123') {
+        return null;
+    }
+    return user.sub; // 返回用户ID
+}
+
+// OIDC Provider 配置
+const oidcConfig: OIDCProviderConfig = {
+    issuer: 'http://localhost:3000/oidc',
+    signingKey: 'your-super-secret-signing-key-at-least-32-characters-long',
+    signingAlgorithm: 'HS256',
+    storage: new RedisStorageAdapter(redis),
+    findClient,
+    findUser,
+    tokenTTL: {
+        accessToken: 3600, // 1小时
+        refreshToken: 30 * 24 * 3600, // 30天
+        authorizationCode: 600, // 10分钟
+        idToken: 3600, // 1小时
+    },
+    responseTypes: ['code'],
+    grantTypes: ['authorization_code', 'refresh_token'],
+    scopes: ['openid', 'profile', 'email', 'phone', 'address'],
+    claims: [
+        'sub', 'name', 'given_name', 'family_name', 'middle_name', 'nickname',
+        'preferred_username', 'profile', 'picture', 'website', 'email',
+        'email_verified', 'gender', 'birthdate', 'zoneinfo', 'locale',
+        'phone_number', 'phone_number_verified', 'address', 'updated_at'
+    ],
+    enablePKCE: true,
+    requirePKCE: false,
+    rotateRefreshTokens: true,
+};
+
+// 使用新的内置认证处理器创建OIDC Provider
+export const oidcApp = createOIDCProvider({
+    config: oidcConfig,
+    useBuiltInAuth: true,
+    builtInAuthConfig: {
+        passwordValidator: validatePassword,
+        sessionTTL: 24 * 60 * 60, // 24小时
+        loginPageTitle: 'OIDC Demo 登录',
+        brandName: 'OIDC Demo Provider',
+    },
+});
+
+// 导出示例数据用于测试
+export { demoClients, demoUsers, oidcConfig }; 
\ No newline at end of file
diff --git a/apps/backend/src/oidc/config.ts b/apps/backend/src/oidc/config.ts
deleted file mode 100644
index 09c71f6..0000000
--- a/apps/backend/src/oidc/config.ts
+++ /dev/null
@@ -1,109 +0,0 @@
-import { Configuration } from 'oidc-provider';
-import { RedisAdapter } from './redis-adapter';
-import { prisma } from '@repo/db';
-
-async function getClients() {
-    const dbClients = await prisma.oidcClient.findMany?.();
-    const dbClientList = (dbClients && dbClients.length > 0)
-        ? dbClients.map(c => ({
-            client_id: c.clientId,
-            client_secret: c.clientSecret,
-            grant_types: JSON.parse(c.grantTypes),         // string -> string[]
-            redirect_uris: JSON.parse(c.redirectUris),     // string -> string[]
-            response_types: JSON.parse(c.responseTypes),   // string -> string[]
-            scope: c.scope,
-        }))
-        : [];
-
-    // 管理后台client，通过环境变量读取
-    const defaultClient = {
-        client_id: process.env.OIDC_CLIENT_ID || 'admin-client',
-        client_secret: process.env.OIDC_CLIENT_SECRET || 'admin-secret',
-        grant_types: ['authorization_code', 'refresh_token'],
-        redirect_uris: [process.env.OIDC_REDIRECT_URI || 'http://localhost:3000/callback'],
-        response_types: ['code'],
-        scope: 'openid email profile',
-    };
-
-    // 检查是否与数据库client_id重复
-    const allClients = [defaultClient, ...dbClientList.filter(c => c.client_id !== defaultClient.client_id)];
-
-    return allClients;
-}
-
-const OIDC_COOKIE_KEY = process.env.OIDC_COOKIE_KEY || 'HrbEPlzByV0CcjFJhl2pjKV2iG8FgQIc';
-
-const config: Configuration = {
-    adapter: RedisAdapter,
-    // 注意：clients字段现在是Promise，需在Provider初始化时await
-    clients: await getClients(),
-    pkce: {
-        required: () => true,
-    },
-    features: {
-        devInteractions: { enabled: false },
-        resourceIndicators: { enabled: true },
-        revocation: { enabled: true },
-        userinfo: { enabled: true },
-        registration: { enabled: true },
-    },
-    cookies: {
-        keys: [OIDC_COOKIE_KEY],
-    },
-    jwks: {
-        keys: [
-            {
-                d: 'VEZOsY07JTFzGTqv6cC2Y32vsfChind2I_TTuvV225_-0zrSej3XLRg8iE_u0-3GSgiGi4WImmTwmEgLo4Qp3uEcxCYbt4NMJC7fwT2i3dfRZjtZ4yJwFl0SIj8TgfQ8ptwZbFZUlcHGXZIr4nL8GXyQT0CK8wy4COfmymHrrUoyfZA154ql_OsoiupSUCRcKVvZj2JHL2KILsq_sh_l7g2dqAN8D7jYfJ58MkqlknBMa2-zi5I0-1JUOwztVNml_zGrp27UbEU60RqV3GHjoqwI6m01U7K0a8Q_SQAKYGqgepbAYOA-P4_TLl5KC4-WWBZu_rVfwgSENwWNEhw8oQ',
-                dp: 'E1Y-SN4bQqX7kP-bNgZ_gEv-pixJ5F_EGocHKfS56jtzRqQdTurrk4jIVpI-ZITA88lWAHxjD-OaoJUh9Jupd_lwD5Si80PyVxOMI2xaGQiF0lbKJfD38Sh8frRpgelZVaK_gm834B6SLfxKdNsP04DsJqGKktODF_fZeaGFPH0',
-                dq: 'F90JPxevQYOlAgEH0TUt1-3_hyxY6cfPRU2HQBaahyWrtCWpaOzenKZnvGFZdg-BuLVKjCchq3G_70OLE-XDP_ol0UTJmDTT-WyuJQdEMpt_WFF9yJGoeIu8yohfeLatU-67ukjghJ0s9CBzNE_LrGEV6Cup3FXywpSYZAV3iqc',
-                e: 'AQAB',
-                kty: 'RSA',
-                n: 'xwQ72P9z9OYshiQ-ntDYaPnnfwG6u9JAdLMZ5o0dmjlcyrvwQRdoFIKPnO65Q8mh6F_LDSxjxa2Yzo_wdjhbPZLjfUJXgCzm54cClXzT5twzo7lzoAfaJlkTsoZc2HFWqmcri0BuzmTFLZx2Q7wYBm0pXHmQKF0V-C1O6NWfd4mfBhbM-I1tHYSpAMgarSm22WDMDx-WWI7TEzy2QhaBVaENW9BKaKkJklocAZCxk18WhR0fckIGiWiSM5FcU1PY2jfGsTmX505Ub7P5Dz75Ygqrutd5tFrcqyPAtPTFDk8X1InxkkUwpP3nFU5o50DGhwQolGYKPGtQ-ZtmbOfcWQ',
-                p: '5wC6nY6Ev5FqcLPCqn9fC6R9KUuBej6NaAVOKW7GXiOJAq2WrileGKfMc9kIny20zW3uWkRLm-O-3Yzze1zFpxmqvsvCxZ5ERVZ6leiNXSu3tez71ZZwp0O9gys4knjrI-9w46l_vFuRtjL6XEeFfHEZFaNJpz-lcnb3w0okrbM',
-                q: '3I1qeEDslZFB8iNfpKAdWtz_Wzm6-jayT_V6aIvhvMj5mnU-Xpj75zLPQSGa9wunMlOoZW9w1wDO1FVuDhwzeOJaTm-Ds0MezeC4U6nVGyyDHb4CUA3ml2tzt4yLrqGYMT7XbADSvuWYADHw79OFjEi4T3s3tJymhaBvy1ulv8M',
-                qi: 'wSbXte9PcPtr788e713KHQ4waE26CzoXx-JNOgN0iqJMN6C4_XJEX-cSvCZDf4rh7xpXN6SGLVd5ibIyDJi7bbi5EQ5AXjazPbLBjRthcGXsIuZ3AtQyR0CEWNSdM7EyM5TRdyZQ9kftfz9nI03guW3iKKASETqX2vh0Z8XRjyU',
-                use: 'sig',
-            }, {
-                crv: 'P-256',
-                d: 'K9xfPv773dZR22TVUB80xouzdF7qCg5cWjPjkHyv7Ws',
-                kty: 'EC',
-                use: 'sig',
-                x: 'FWZ9rSkLt6Dx9E3pxLybhdM6xgR5obGsj5_pqmnz5J4',
-                y: '_n8G69C-A2Xl4xUW2lF0i8ZGZnk_KPYrhv4GbTGu5G4',
-            },
-        ],
-    },
-    ttl: {
-        AccessToken: 3600,
-        AuthorizationCode: 600,
-        IdToken: 3600,
-        RefreshToken: 1209600,
-        BackchannelAuthenticationRequest: 600,
-        ClientCredentials: 600,
-        DeviceCode: 600,
-        Grant: 1209600,
-        Interaction: 3600,
-        Session: 1209600,
-        RegistrationAccessToken: 3600,
-        DPoPProof: 300,
-        PushedAuthorizationRequest: 600,
-        ReplayDetection: 3600,
-        LogoutToken: 600,
-    },
-    findAccount: async (ctx, id) => {
-        const user = await prisma.user.findUnique({ where: { id } });
-        if (!user) return undefined;
-        return {
-            accountId: user.id,
-            async claims() {
-                return {
-                    sub: user.id,
-                    email: user.email,
-                    name: user.name,
-                };
-            },
-        };
-    },
-};
-
-export default config;
\ No newline at end of file
diff --git a/apps/backend/src/oidc/provider.ts b/apps/backend/src/oidc/provider.ts
deleted file mode 100644
index aca144d..0000000
--- a/apps/backend/src/oidc/provider.ts
+++ /dev/null
@@ -1,6 +0,0 @@
-import { Provider } from 'oidc-provider';
-import config from './config';
-
-const oidc = new Provider('http://localhost:3000', config);
-
-export default oidc;
\ No newline at end of file
diff --git a/apps/backend/src/oidc/redis-adapter.ts b/apps/backend/src/oidc/redis-adapter.ts
deleted file mode 100644
index d62fe20..0000000
--- a/apps/backend/src/oidc/redis-adapter.ts
+++ /dev/null
@@ -1,86 +0,0 @@
-import type { Adapter, AdapterPayload } from 'oidc-provider';
-import redis from '../redis';
-
-export class RedisAdapter implements Adapter {
-    name: string;
-    constructor(name: string) {
-        this.name = name;
-    }
-
-    key(id: string) {
-        return `${this.name}:${id}`;
-    }
-
-    async upsert(id: string, payload: AdapterPayload, expiresIn: number) {
-        const key = this.key(id);
-        await redis.set(key, JSON.stringify(payload), 'EX', expiresIn);
-        if (payload && payload.grantId) {
-            // 记录grantId到id的映射，便于revokeByGrantId
-            await redis.sadd(this.grantKey(payload.grantId), id);
-            await redis.expire(this.grantKey(payload.grantId), expiresIn);
-        }
-        if (payload && payload.userCode) {
-            await redis.set(this.userCodeKey(payload.userCode), id, 'EX', expiresIn);
-        }
-        if (payload && payload.uid) {
-            await redis.set(this.uidKey(payload.uid), id, 'EX', expiresIn);
-        }
-    }
-
-    async find(id: string) {
-        const data = await redis.get(this.key(id));
-        return data ? JSON.parse(data) : undefined;
-    }
-
-    async findByUserCode(userCode: string) {
-        const id = await redis.get(this.userCodeKey(userCode));
-        return id ? this.find(id) : undefined;
-    }
-
-    async findByUid(uid: string) {
-        const id = await redis.get(this.uidKey(uid));
-        return id ? this.find(id) : undefined;
-    }
-
-    async destroy(id: string) {
-        const data = await this.find(id);
-        await redis.del(this.key(id));
-        if (data && data.grantId) {
-            await redis.srem(this.grantKey(data.grantId), id);
-        }
-        if (data && data.userCode) {
-            await redis.del(this.userCodeKey(data.userCode));
-        }
-        if (data && data.uid) {
-            await redis.del(this.uidKey(data.uid));
-        }
-    }
-
-    async revokeByGrantId(grantId: string) {
-        const key = this.grantKey(grantId);
-        const ids = await redis.smembers(key);
-        if (ids && ids.length) {
-            await Promise.all(ids.map((id) => this.destroy(id)));
-        }
-        await redis.del(key);
-    }
-
-    async consume(id: string) {
-        const key = this.key(id);
-        const data = await this.find(id);
-        if (data) {
-            data.consumed = Math.floor(Date.now() / 1000);
-            await redis.set(key, JSON.stringify(data));
-        }
-    }
-
-    grantKey(grantId: string) {
-        return `${this.name}:grant:${grantId}`;
-    }
-    userCodeKey(userCode: string) {
-        return `${this.name}:userCode:${userCode}`;
-    }
-    uidKey(uid: string) {
-        return `${this.name}:uid:${uid}`;
-    }
-}
diff --git a/apps/backend/src/user/user.trpc.ts b/apps/backend/src/user/user.trpc.ts
index 4c2dcbd..b3e7d82 100644
--- a/apps/backend/src/user/user.trpc.ts
+++ b/apps/backend/src/user/user.trpc.ts
@@ -3,6 +3,6 @@ import { publicProcedure, router } from "../trpc/base"
 export const userRouter = router({
     getUser: publicProcedure.query(async ({ ctx }) => {
 
-        return '123'
+        return '1234'
     })
 })
\ No newline at end of file
diff --git a/apps/web/app/auth/callback/page.tsx b/apps/web/app/auth/callback/page.tsx
new file mode 100644
index 0000000..2888e70
--- /dev/null
+++ b/apps/web/app/auth/callback/page.tsx
@@ -0,0 +1,120 @@
+'use client';
+
+import { useEffect, useState } from 'react';
+import { useSearchParams, useRouter } from 'next/navigation';
+import { userManager } from '@/lib/oidc-config';
+import { Loader2, CheckCircle, XCircle } from 'lucide-react';
+import { Card, CardContent, CardHeader, CardTitle } from '@repo/ui/components/card';
+import { Alert, AlertDescription } from '@repo/ui/components/alert';
+
+export default function CallbackPage() {
+	const searchParams = useSearchParams();
+	const router = useRouter();
+	const [status, setStatus] = useState<'loading' | 'success' | 'error'>('loading');
+	const [error, setError] = useState<string | null>(null);
+
+	useEffect(() => {
+		const handleCallback = async () => {
+			try {
+				if (!userManager) {
+					throw new Error('用户管理器未初始化');
+				}
+
+				// 处理OIDC回调
+				const user = await userManager.signinRedirectCallback();
+
+				if (user) {
+					setStatus('success');
+					// 延迟跳转到首页
+					setTimeout(() => {
+						router.push('/');
+					}, 2000);
+				} else {
+					throw new Error('未收到用户信息');
+				}
+			} catch (err) {
+				console.error('回调处理失败:', err);
+				setError(err instanceof Error ? err.message : '未知错误');
+				setStatus('error');
+			}
+		};
+
+		// 检查是否有授权码或错误参数
+		const code = searchParams.get('code');
+		const error = searchParams.get('error');
+		const errorDescription = searchParams.get('error_description');
+
+		if (error) {
+			setError(`${error}: ${errorDescription || '授权失败'}`);
+			setStatus('error');
+			return;
+		}
+
+		if (code) {
+			handleCallback();
+		} else {
+			setError('缺少授权码');
+			setStatus('error');
+		}
+	}, [searchParams, router]);
+
+	const getStatusIcon = () => {
+		switch (status) {
+			case 'loading':
+				return <Loader2 className="h-8 w-8 animate-spin text-blue-500" />;
+			case 'success':
+				return <CheckCircle className="h-8 w-8 text-green-500" />;
+			case 'error':
+				return <XCircle className="h-8 w-8 text-red-500" />;
+		}
+	};
+
+	const getStatusMessage = () => {
+		switch (status) {
+			case 'loading':
+				return '正在处理登录回调...';
+			case 'success':
+				return '登录成功！正在跳转...';
+			case 'error':
+				return '登录失败';
+		}
+	};
+
+	return (
+		<div className="min-h-screen flex items-center justify-center bg-gray-50 dark:bg-gray-900">
+			<Card className="w-full max-w-md">
+				<CardHeader className="text-center">
+					<div className="flex justify-center mb-4">{getStatusIcon()}</div>
+					<CardTitle className="text-xl">{getStatusMessage()}</CardTitle>
+				</CardHeader>
+				<CardContent>
+					{status === 'error' && error && (
+						<Alert variant="destructive">
+							<AlertDescription>{error}</AlertDescription>
+						</Alert>
+					)}
+
+					{status === 'loading' && (
+						<div className="text-center text-sm text-gray-600 dark:text-gray-400">
+							<p>请等待，正在验证您的登录信息...</p>
+						</div>
+					)}
+
+					{status === 'success' && (
+						<div className="text-center text-sm text-gray-600 dark:text-gray-400">
+							<p>登录成功！即将跳转到首页...</p>
+						</div>
+					)}
+
+					{status === 'error' && (
+						<div className="text-center mt-4">
+							<button onClick={() => router.push('/')} className="text-blue-600 hover:text-blue-800 text-sm">
+								返回首页
+							</button>
+						</div>
+					)}
+				</CardContent>
+			</Card>
+		</div>
+	);
+}
diff --git a/apps/web/app/opengraph-image.png b/apps/web/app/opengraph-image.png
deleted file mode 100644
index f2f8ff45653e1656d66187b1f71a05acbd54f1de..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 98947
zcmeFYg;$i{A2o`I0wN_!Hwa2d2}mnQNlJH(bhqSCf;5733DPOu3?U4SGQiLcBRSNN
z6L<Lj-gWOEao@FIJ%?GWXP!B8&OZCI_x?m{sw)ydqJ4yegF~#W^j-@G=K*$z8$$39
zd+9%$DZpL`-INSHad3zz?tbs#WaUs}U%cn3r6`M2GeN(L{R7YTo!UDboVr9Jq~!yg
zdtubd@89WszIU+fn_>d<gP{ThJreMu--qDc&uDn@SEoK_s|X>k(<U;l*XGdTaQR#k
zZi#VE?ecSmFQh$ROm?=nj!ssJvEs;3#$$!O&bY@h>Dhgm>A0i%larO0c6HJv;GvMz
zGN(2S3iV!9JA?7jt0%K7-~G^PdH$c#^smP_&;NU^=%EeHi~mOK!u<E&{%=$sN`v#^
zfB#B6hNJnvk%Ps<kpGRe?hE03|3A0PxcB3Kqv@Xid&~bjm;ZMWCA0tkWB1Hvu`6eN
z@jF|9nEaWZ{thA`CFR_Wq@z_;t3K0m1aC|?yXiXEJM$%shra#;$$W_KKV{+SOUw9A
zqu>68`xXfdld^$%nw8A1R#IBZr=0v+8w)Q**|Wte=~JiMqmX9j#na3Dz*A*fdV1Bv
zLr=Dx>1tcIAEMr4=4q5Qb2%bQXQ_=&<ICm6#Zrh%AIkMLO>_{v*t7h0Y2EAQc(Htc
zslaP}tJJ;>_(E8;bXwZ=or8<LirRR!yxW^Q^eU?C#X_4GWbg1$ZGW~}#T;`3Jp+Ld
z)vm=-0T)FzH8s<-vm!<eFHHI5!ck&9*&r`dBhcY><4Fyt)-Ce;&F!GWtv?@e(OD^J
z>CaoU4^--KHCxiIRDbcrlDr!2@>*CR?E&cfR8R4SH$lBrBo=VJw(mevly@OG{gr9f
z5eS2B3`X5}A+JuR=jSuk^CUC-Ww`D+6VH0j=v<tW5R(-3cE`&9fSS{XJC}oe-OgV=
zy%;xdm0a#VB(k@Iq?E%~%+;wT7?l(+yE868mzQm_Ze=Ze-aJmjsUg+`|J-@7pL6~W
zt(SEOF4{Xfv>hECT~Mg0^zQFI2Xo&<Tvu|qF(gdVInp=(ej=9&3Ro&}YAM2I35>I|
zT~EXYBMGk~r`9aYY3W~Z<Kp8F4jwo-I4C<G#!iLFt30`8%&vrO$k`8P1x)o>x0Ft7
zGL-;2fXVF>jH+@$R9eQyiZpm4Ex!s<u=D+YzTihJ6q`t1lUDv9^jZGoJ?6vi*0Tu-
zh#aZZce5bGj0xfAlMQ+B{Z0}B<mX?m1g5Ts6{Gb=u5U_1`h{gQw&9WZv2Wd85EI8?
z5F^5iQ-#lg8SN5@r3v!;Q=yljl=jI3ZuF-gfnn?U*!Q$4FRrdeVN{aY$2A=tRocl}
zE!q#87pH15H?^g;L5GfFfiVJ@o$>5+^?d2v3;1e2Xd+)`m8-|`E2>w-tp1a-QKQ|*
z6)L&58|UM+r6alfQsqItF^z5mC5=ZDwvZU%Z0%cQ$wr2=+PE4o+q#|P;A`QQqS*~<
z7w7!^1sJb}ik_3Yik>TP-b{|T1~Bd6?W--Qi_0Oky-=E0B`r0zD)!O7W6w}~y&7K}
zrHt47{7IEJ%}(>l-8VC}JI9H$t7tSD=_y;PmMyXkJ6i4#JzQ+zi_(sG6&a#WwfOy4
z;v<zlko9O<@jxsU>~IMJN#V3>duALO74<Nd%+=E2&>)AB$1vZ>i0T=bGbO}?E9`IR
z^wd<AaaguJOiiu)rN>(?WBeP)agW8sWm>giuAXx%-?(wT00Q9ytH3Tl+gQ*GZldfg
zS5+Lo-NC!HG#>f?J@7OXnjZdqArN#D?^+aa)W)fgJ~^|Kcpf1RL<fqyt-TE<dvw~m
z4KD5&DLVzwD;U-JH8wVG0UP*UnYMoityC;_Msp4IqF?Jo_@GeB<)yc(C$27Y*;?R2
zYx@=CEGxCst3KIgQr=!U`z0q({}{*8_r(Y*9<yxm9ln<d>+4?Y=iT(UB%}x`pbVdK
zyYL-zvFXR|?AP2-2^@A!)=!0na8clyD8v;t>sl=AIJ*@sV}<*uV)9CA(zrX&FYnps
z%cEtnq(Wf>ebU8j=MRY0um?m6#trkcl4T=K=Q#X>KZ^uY5xh+I%WGRW5hjxPuX3bv
zCKxd6xl*TQ;=t3NUKhs_<!4)Y(|#99?OyAF4i5Gjhi8;ji5D9KR&gM~Ax8Rx$y$(w
zyQ0xAFVB-!HVs@^I{pSc(hHw$uAUu9m0y7SA6lMZ>DQDK_1*Jt`{Rd1e83A%lsr|s
z*)~USORg*GU|5U-2`$UsFaENW6ZhCsT4-|AcOgv>!1cCfwX+V;x>meWq~n(<6;Gkb
zx?UI(;@9UCV{uB@Q*4$q4p4O9YbH)idz}>NKUus|1K8~wPK4~rxfWC0nyZv11}C+P
zCl;m6Cb0Hwx>A-D^m+sc$LruGFiv*e7o#`nbkfZNU5TL6jrVrNQ(t*A@}BnSf$x8J
zd3Oie^KO(D%2R5g7KzFn!Ru7PEK(=GDa72?ZJWvlS--BgN%$VAl1g7$_;1FGPJJPw
z(o$4ZByn^(G<2v{b&{yS%ndqe{GJ2ig~Y$PN3h?2GAOQ>C^0C#RcAF26BtMy!|EDK
z1k<vGU3;BwMNiMqNSspT?k??amhT_*P6wbh#ar!y+ELxL#oosGYAX6QD$}YLrnD~-
zHuF4kK%HH&Zok@us|`SG;Bb^w?(W8ypY}g)y=ea(eyC=M)f$t=VkG+v0Ly~2AOz<G
znFNLe=<ee$d`0neqB}If*QQc<nmPr`Kn!ZvHyGyYVR6<+#JBb5PaRIJYSRrLhk<1P
zcn&CVt;mKKQYANLHx_Q;hq^)h6k@D3X%o~C?}zGE>TNqH4gUCqB9tY}m5`9|<QCuj
zm?sq=k}K_9akc!#>tgz(@$#@=tVJSV<EK|00Up#TSdiDWi_Lq?`1`^F)l;yqxm6k&
z2kCB?0p8*nRZ;5x(TDy-bnr>Xir2wUcyWWGPjQ{$m+FVulT9n=?n@Di#ff|y?a*+0
z)WIipy_F(Hz<!lo6_fZU5@g)r<LrO_R}rESe46riRgCTUpw5&KGshHBUdKR)v1{P4
z8+WcEt`9OyBuFt-oDBdcFzm*fBdr#iosCH_Wysk1r0Wj`3_^N}ZeO+Kk9|+KhR<h>
zU5iCm1KCiGZ#X7>^Iznx=1edJ$sF#&)j3JKGMgole2~Eo(09sL_8O+J4Ba<;$|Sh>
zH#cXO5g~MNw8x%whfJ=-wS6AT8{%hRZx!RaT4PV(4sHxTnkuxOE_qIF*I~-)3%fij
zKx}b^T8`LLyUqCub-AjMA9P_@(^vRGMTml;`WN3^aASu;#)r3qpLhbDBaRc96TMlc
zKS|NJCU5?mx6N0(TnTXX-zzVj+MB7gZLHC$4x_2MzAeoU=0I(MWz=sk4prcw7H;o6
zphOen=N5wNcE~^j{!|)1P=eQ}KC4(66+}hRyNW#*Px8j?gB2Z(KnPE^l(6&S%?_Xr
za{0@&PyGG2%|yK%mM_d<d)+&&>_0fF5-7cE*i0x`lX406hgRi#q!!n43;kbne9ipl
zedUJ-?zF`lItgs{MxvS)RytjD4hL^18)I6Gct=l9Q3$fdMEu1>Fru$J{)fzL%Sv#K
z%i<guIact3T^X8v2gvF%$BBB{eN<dH_8|7}nOrz{q9y_?4|GF7SFxasZq%VGjEkod
z$M%)%J>0r7oVaW=*+-1X4sxR^fE0lQA*SpKuwx(A(Hfo4%TZt8kObX0>4FFGfmRFp
zqaejc6J8$h(Ou+;MhpPR><rxUh4ekIJT(aE*SQi-UA)-%k~cj)l_hd?6}Ttu$?ToC
zl-qveOEpQulQ-&FGhWBA_+{30YzF72zYDm{tYg(7z3alCEcDVzo?kv=$Xy5JcX&IC
z=0T6cuZ$<!{DA?yzfX0bKym2E+yr^29x#}9#s!qgbLOP8TG?Kcf)afmOa&Z;w))(x
zvM5g>KHcqKPpiHM6(fb)r+EQKG{os8bZhb|T(u`xn~A0A=D~jF2;zICiP^fiPs0cp
zKi0iR5Lxm7FlxGn-a=owN<3i`+gyrVion|zpalL9spN5wo$!2WH-5oAQlkaJCfAO`
z=JS3gG=C5#zdL&(M?7y~BKHIS>aCv3;qt{FkP^3RhZMq#v^W&4B8ErL@zs%q-a(mL
zL^5O6<rd2X;p$WxaJA|~qFAyd&5b>LzKGq?bUqE=C3i)}OSk%pQo82}<3hF*ML!i2
zcVf(&ucwMtAno4!r~1L>Qf6#R3401Qq_FTXYM_^h)f8(p#Y|zuPN!m%;Hxm@36>gf
z>?T!#P3BL+={8dZv&Fy!m^`~N$oyAFrrQKk-Os?ms!tsQ_?)4aHrIe=xW9o&MFUM?
zXaUt#w@*-QGXcF}@L<GpSAee>>F=m#k~QbzOc<${0vucz?rqdrC}O)8U+*N3hicNc
zqdt+8iUm_37j;_qjCHMRDn?s5x#Yhi7v=_`7WKvR1)b1=zE$F6YO(~2LZB>of#_@4
znHqI3j;PJjFTZ|a;b!vCX9WgMLe0FQ14~O!a8?cg7<q1?(8u=%Ymp<hTgPxm^V<dC
zN{20PQ7lJAkAtp7caJ*Y6Yu`EfKZ~l$a%<aPn3+ZX)ajXaS{0%I1Ex(>yMCU81RAH
zT0;I<kazot7C*0SE|FlmQP}HnlMM3laHVlF|2ZE*_`2+CQC8ZX{Kah(iJwgj3M_DQ
zvtL^Z2V!o;{%jyiAKX@&qa3<PG<yw<<;PCOZ^+T;ei@`3iTxYK&(-r5i*ED+L}L9^
zzg+zi_a0Btd*V69kt%;igfk(T@k2UY8(BP2x5ef+#eqlit=>)KS9Q4tmlT}pTb@}6
znE$8<%X{m#IU77Z#Dr(C;v5asP*z~JnwH&+h=+7^)B}V?r?z70*)NCBz;+RxkggT*
zRsP>WH6<`QjxdBE8Q#8M(}*Q}f$GOXjL1AdBq;IH*6^y`7rxSHJDDf>^Z|<yhS<sw
za1}vNn_KoF*{k}FQ|!>Yw6@l5M#iiqauK;yw0_L8w*a5DiEYC(-(4;HuBzdaGSU;{
zRJUgsMU)*-gb`k7;Drd(EX<T8bo?cdAc!JpMfU@*NX34)GKy|G8HW{mJX|k17hOf#
zw7Xp?(f*UpRX+kguWmgIZS+{~vhPi{_7hoSU3g`@70d624jZt)-s^~6b$&5bJ6nI7
zo++1AGwz|i{`+7-N6|xiq6sGn@I7eg8nu({x|3fQ*Juh~Y7>$|okOnMwTL0CU)i<_
zAMv4&K5!kq;UtK60iiDFH{_Z1h#CFNn>m?29CwJWd<L8cvHfCYMk8S|`S&?-+Z<VB
zYsx~l=2(BR>aaE5lmc%`&o^TEc9@gSI#;ND+{a6dPQEEJ4nJEoF&8VXd7j2L$iUvn
z*^1ms(Kr<pS|{msh$t5lORv-gc1rK}{gyGmnM(H<8peA&hGa-#9q@@3K$Ag-uSR^L
zS$GU;G-Ob(QJXSofZ4<q*%yH5pnfX*uET$fnTCAO-BW#lgyp`dNn@&fz>ZVJSnKXa
zNq*WWmKiZeh3Le%g;RyE?0eL8we?!x%HQ(IY(}P{bgJ#zY3if}Vg*>pSx!J`C`Mcg
zdECF5=UZ(w2r!XKaK{ZRVChTGJEsC($Y@V~5wgFeTUD(-jMZAy#)$Kp+}Lp$2V|c?
z*WaN<o~^G|H2N%3O_j5`mL8?#Qv!Vjn|ydw^|kSyL`XLBc&Z*}R1&PbvH2;OiW5cp
zguq$Tb)InZO3ae3=5++iV=K_0(_f2Bhm+e)aH9D|C?5EMuD9fsbQ;Q^wW@F=-VwHn
z9A7O;l)ibP|5zc`)qCviZ2F@&HOqBX4b?w#cq>lq=3(5aK6eP49gHpiV3d|&t<fB!
z<u&;Gs>fjWxBQbgo-U_Z8j>gPNyJJ$dCL+|2C-zhzmi8*%S-}cxxOA>n4g6UOmLC*
zW4ZE-)g9;yvAS*a5=&NpQbqTU&!vuu)3Oj*GC3QM?R?M$hu+7xkzCxaX6F$6dQx5C
z?2cz6`FUd81O;wCwvZwaL(hP2^!-X!jD+kZz+RQ{4*4zK`)QKv1T*?Fs9}w%%m!P?
zE=oqD)CKs0*U($v!P#C7D<S->?m-0&oKnFCD;Am5T2@grjqr`kY4063a-1ifCS9B2
zv-v1swb92~jx>QmN5HBFYRy)l+f2&DwyZw3d4{{|)p7Sp7G5X?0|k#hkMZFug#vj!
z_&qa}?%h+S-;!rzLSkQ$DKgh7CYE4#&5ocq7l0twPrCfK=^rL1gN{6}L2Nu=6~3<T
z#?_n-mNk)10vt?Cxco@GXT1?Xcd1UJxjfKKB`B-=G_`h%|F{;tSL?C8QCZual`d9;
zEr(5c|Ko^kT&L8I(b=^D@GepP3Aat3;`?ig1aBQ_0S+JCd*gXTy_UB8e+rx71qj5x
zGzZx1WFUO&W3sXz?DrDO%t%MjNAyPsr(`-cZ<ZU4lxDrm+(eC<qdlZWRs-P6OFr}7
zN1Ed2!--Q<-j^kaY(@=U`8R)|a;*afA=VFePMhc;BgCX7;c%2Q?V4i$u94cqKuFde
zJ!mQuxZh>g1?LP{aS8@j4-^UGK?2E+%`y8xHJO{giKmw{G{8!iEkS)STX9g9W^xFk
zV-@AHEO7Dp6|}xg8YaidH3>X~2J_+r8!gR=>gXF$TEf@yu7Pa&d}xF@#(Sk3DH^ly
ztaJZn^@Z|Os^A^Xq=^t{9Qqr1ji?1mwb1I>nsz?<*!J53sT0Y6^aKz@K6K1Tu{^X=
z(K;XJPTh7dp3b3J_puSMK?8ZOg4%wU&1*9wR&RVbto=%C#;}o6LE<&(peLIu^Y0Sk
z<m><=6~AS>>>Q;|PB1Hl-j+ZgdR=07t>9-lydPe=y?><44LwpiqpE&U-(`~(a;Dnb
zi03<|Vt;ZfF%@R*Ta=an_3&P6q9)=WEa{*zm=Ey&Sa-pP*#?a<P4nwnsXpx!kfxF!
zV6<d}J%I*J%x8=h-AGOt&W5L%N8&KYZGvQ=6xC~z)Q(9b10c*TNW&F`@<B6TP#zv+
z|L+9+6;ViKbk5L`nx2^TD=u`1-;*8mzB%qEJ-ae~7y__LGjApo9XN<0C~dvweBF_p
zcF@K=`2CY9p_n~Q(J7}Y%qDxj=uSb~j($Qw{YDQkb-$URcC^*A^N0^~$_Lx@uXol9
z(!j-$9mawL|KW0rOfiw|9k<r<wRNxZ;d$xNl_rR!d-;f#-XeFw1LqBJcwyr${N*XA
zcY4|bala?p$PV_T85BA^14i3wQ7q_X@@DEGGUFbI={`7cQhhCLi;P><9#+&9+XOu^
z(!1YtMfP>X+{gn6zYON%HSd;Oevxwvy6pgE+luZi^x;4L`|zkpH@S%05(_2m1%;@X
z7(uR**0xVS5O+!e9kXm|CCzL1pNd0QclAfMeuY8VLc3my<dTz>gj+a0g%sJ<@5cpr
zCV|@}*EWo|i3rPU!reDJc9>ij{&&W&8Vb?JQ8KEl81yCN8=K;34+^1)06+evs?_7I
zb}Ob^rfsQUG1wD`n1N1d0B<0#CI944(EIT*tYXesaZGY3`BpWn-jh%7JnGqSB*zgv
zTCHDXR8k@7$`nuR%mx!W*|)X#`glKnn-IP`flJ>@3fAiq8S|f0>|9kHG>e@#%PeEH
zY3zD7v7eC|(7woZfuHCfdi4ICY2fF+xDK7tzZKFH$e=jzkQjx~)&%?0xXpM+3QI%e
z;iu8D$A2`W5IPGWATanh89w=f5DmUA5OcALUbN56Z~Dv-S+Uj{yU9D4yN%dWLu+Z!
z*ETX>{xYFHN=Mq8?u1tib3FUTZZH0y;;9qYF%Zv8;l;lu?yR}=eTL2s{b4}u6iaWX
z?vqL;EmljTuQvb2{4(xxcwuu^bjoK01e}syC^w>44i=*k%sD?FeRs!Xba`<J4Br!q
zMPFjjtB_kbDBl&?Hk@y_^tSm~$~b>GR{=|bi1T+y=HJxq#k$QSFHF#7NjUyR$(e0J
zQ40Qw(kOH#C9S%<ivTr;AAa37aHL%Ad^VM=YmC(|>88H?gr~7Mx3`xmEMSSSODX$-
z#j==4NuOt#Ma=wX`{=xXO9^!xq>Pdo{kjwLyLt?#l14R|)oDMP$p_1GNTkOsK)<R>
zw8!c1Nf$hU%5tq(rNMW{;wGfGKHi!^%GEc;`-Ia0|B%;b5VM`Vde1<&$K*>wKaX?@
z1ost<gS`b)ui!-B#}v6_=#$mF-B)sW-)tvxh8spHBBy8>Hj4)@iciyVk}nnUY7sgu
z5=`{SUMA$b8coi|xc%dCWN$3{?%*AiExY}VX~R-PNjnKq%a7JRO#{RZW3R_<-8WT<
zI7JI}%$7%Z^~fK;$Dv*<6v647Uj)uWs~{JLi)THz6c0jX9tl>Yb)V(Jw~k$*HKt;n
zU)KsndcNvOt%T#Jmc&sF;b4&2Wc;|H(P6e1_fwTGmq9|g+<jGDx1>cvQ7h_Qmw~)Z
zO{K5@m?OtE#TLPTEb3Mlc1o?eTZ#u%Ts0I8FYNI=g?a_vrBdAc$6ebgxbRRq_w37B
zQcvUv#{$p%4#gLLf!o7GAac_L^?sBCw(a#^o-UNSfDrmEyTJPTgS#YpHy>?J^0OrC
z_rs4bhtL3!2hUW+#8u_NPlsElF3((LPrFL%9LbAGRW}|o94#pogfR4b=9tHrpga1>
zxgg+GN{Smp;)#Ugfa;D;s{W)lu2a}M>CYSRYk2P`Xw#nG$gR*ve9ZEX>Ws56eCW{U
z_%fg82c?ga4pqp8MDnVzi)6e_+P(YFBUOu$6UkgsZg%Ag@SUF^_uj2XjaoECXTzPM
z*?WIBQ0@a_qUrr}N>Q!G`j6J{EqaKTs%g;!YMi1&e{V)F|K>5QGp)~zGnW09=6JeR
zl9S|I=w0!Ur4fl9&POVfl-TWV3j96DIccyHN}$|JH}ijqA4(qpyov(8u@@#Y=*H54
z`SaderlRxt&}nZ6jXi1L3&iC|F^SjWGz5p;)zxR(;E^x(>&c5+5dQhK8L2cv6T8Kt
z=YA#Yl8fPoYBRimx|0m0xZ#Tl3HVkt8LL-bbjGrT4W;Y(qqow(nR7TyvUl4RX853H
z72_F?ZLxLcwJ${%<zhPQ%#!$?LB>QtgU084Y}LZoG6<H=+7;Z~PB));Cpjwk5r^6#
z@%~CW*WfA!wK|y!)8>_H?10ZVaOQ)7*Xh8_#E<A(a+n*!B*8jPKsWRK7Y9I}<RD&k
zwbJ7m>#ZD15i1+KonD^~N~SpFWEbK)&O#SS$L4ZQNZBf2^>C0Nr$*QXZ8urC7tTdw
z6IR^EJs8<BGk8A^Cy7oAcW!UoEiOekrEYFV(B%iAWEr{u<zDeN<xdJFh|26U%W8-|
zXJ3Yk1^r=&lVYEZ%@3Om@&#n;aBY;c+Gi!}gU)Z6dQnj~S{l&u4R-+zys0HEyrgi{
zz+`L?#0anTa2)F{uuT$sG&LNQky!iL(#rl?iO8!W?LGCH;7gE80NX+Hq6zd|Q_nIE
ze~06^l`L{Cd>||#XlvupdO)3`K21?QD^$Kzxnc5^3o!PH^;=IHSU8*1r9{YB5?Z&g
znf52i5{CfBp;e7!vqRk-_FFhf%t?S0#8*J|%0-NiC3;cTLaCDf@Ni6I4BtE@`jHy0
zdIj(Gn!_=d{>6u67l!|4jCIg_V=(32Ht3?Mb~_Vj&)Kmcgi$|7Fa7q|99}!taSuGp
zULBj^S(@_*_pj8wuTV+9&jesq*yl?uub6RpD6qoLTdad2!_fok!yo23zwKb!yc&31
z=-wcc3t-Q~3bw0m6dD;y$H+wxYEk>42%V@4J%f<jXFFz7Ng$7RzD)8CpINSvQ97jz
zgOUJ)+c(0UI-G1{!$B|Ifs0JF2QTgsTmJR3g~dC{sqP6Z5|X*3;_w^g190;*zt(M+
z4es1rVheOwv^zl_=K{2osdpOr&BDK=kTnhLBz+z|Y}tcwsNa*y1B)qsHYa{Wh$>Tx
zcL0BOITYw`KlNO=!W>MZc~Ar9NO_WD)|_nh&%>UEis)B0<vgPx%q2!Tsv5D<apPL?
zohjg;&g5_?qi}qDr4MT#9nCWCnk0MmYlecyiABxv+#={d(s)T3<yc)<8qt<lU5)5>
zCx;I?jKZo5#Vw>*)E<{jN*5M>tv%_?Hf`J_Zzspmxt|c-$Lg}ww#&i3lM(#~P_h^f
zqoDkiONd*>6-VP;DqE~&Or)zYjx`s!5f?cc;rGdH;&{RQrRwA)jg5RS`g+p7F)2}0
zK2+1OA5`s1i6(S+;D%dim6rd0FBjo^;$4A1^YbJXWLYIQ$g%}uN{J5`suyHrPxZxf
z{ffEZ4^<LQ%KJy#(>8gPi#aC6B!z2D09HKPpCvg_OawIZ?f3X;5S?IEmBYaJ>dTcG
zpmw$D7fB`q)h1W0!~2zqNjbSj!o{g@B(biCV3qoZl+C{`vqIrmIx(ZFR+>+NLM}tC
zZMn`ff5+K5D%KRz==L4F>2Aa6X38e)BOEFSa16~Wa7sPzYs@fhUJOJqBFCK)A$EMW
zaVoL{yE+~98gCS+`0~<!cCV=9mS1knH@cnB&c0~DhzKX*LFHGVI(Q-D@;GzTQ{qpK
zzEgZDb9Xm+GB|+81$p+Y?yufR+dFw$z^$5I`S4kJMYc<b>A-b=)GIurxNuR3^4p%)
zy2eRu8bxj?3@U?Q|D844;kZCE4~%)81saIkR!+uzdf9kHA+6A~?NoC=@Q*y%a0G8{
z*M(7DXvT-%!_A^{I={LM9)j=cgEXwjy4xPp6RjDZt!nfBlY*wKsLKmiJeQERdqGES
zu+w<P!@M~7>*cx;7n>?`)eN%D26<{S0OkaqU5rRyJc;H2S?H$$Hi;9Pff_RtBc5#^
z6Qf@c9M`ZHB}C)Bm0+5A54onpO&o|#FPf<7W<^Tm`?pV~JqsE8A@yEfvpA-l0G(wF
z+peA2dn^2^rWDUmV0J^NaF5TZz5MI;8-Nyj&9HV;v8Ob@4RgcQ#M4pbi~$c1BzP_v
zVroN1f4WK<R@W*rldYERcuVKn`3-#pN5AUApl^Tf5ASPwtJ9%BIgfR6j4Bzw22O%D
z<&x*k@IPY=%x&b*KnxtSP0B{V&e<nz)of)$(XGo_fh{A&?mR1R3V<3p&)<>v2qs;6
zcOmbeE>2c%pN&FjY<Fk$%^7^dm&&k8bUD6g<IIRm^Me^66d;&Z=^PSm9Xa@LnDdnd
zoSf)24DZ+D)hxxn&Rx7tig@BTbTfdLeP7CdB@&b^E=t5a+fxfiNxmvx|MnwoJ_MpU
zk{Z%BTWkLb_i-iKg(hNNKz-{Ig;4~-GC|svL?0(dKQj{WB&pnuLB{{wF7J;`N$M02
zH#Df?!e((|B;Zthrl)o#>gin(bOVt=LFm^`L}y^XBNS7DT6?cYqGTg-$(PJ`5zI9m
zfpdLPIGq<>HeHD)4_#B;d7mrm=l{19qW5I_itqdtjgVhh^%x1Ko1c9uTChYQbcKRR
zU$&Xd%c?A=HU~~v3y?ob1<s66H{(|a37o;lz53e<o1}POGV<bO+Iu-XrnT1AsOyH^
zzA8Q{37r-dJn7L9a;QJjf&I!Y47zgo(kGOu84eIg9C)+z9em+PlbK;rW{_x!J6Te2
zy6;w()7T7VCsZT34CMat<y;0;iupb{zdMFYKjRS*633_bPf_B)tH1M3n3?>l5~7y$
zj3bM%<szu|6YjTN3nzV95C)l#@x19J4Nl@7D=)0h>(F6V7Y@arwC+^r>J!7SEkd+#
zNq@F{2pGh*4*OPqyz=+~e>P3ZbLFuAW`f0F!{!^EK$r}dI>B-w@qq#xnbmyvc`@I1
zcK01)(Z?6rGYBDn>&~V=L<3mT<-}yTq%OrjWm|IB=ypdJp7$hg+gmys@9`3C#;i6K
zN!y$p>?<?n%A_WoUl!NIE{m~eOnkQAz6yw~{UC2AthsFf@JKBG#bhu$F>xmE@#mZP
z4zKzlL#*c)rbCbpy0~PW9%sj@CzQ4I)vR#K!<N_RH)-(>?Jx%L)9R|R1qnKGq(&)m
z`hI_R(Ct(#Uw1|&#^%fndcSw!viq`&9@oP;*1Ia}$U7G!a<W=OfT^WSi`J|YpV-qG
z?QP0ht8eh!0q}iDzH=SgcUWJqD@4tj_klR`0|oK9p^mewyUdTRGV_8i<|XYUt9!I{
zzb?nI_OQlnM<&+_G&6`6k)xM+bQAlpF~V3+>&W02vs8<XsgdE*xj9clW$*gV^wM<N
zD-x2@`||&wrV#*J|8^~3R}GT9Qb?H60I{wX-b1HSe?YvNexq6avKUo~@p%7xc2iR-
zNZ$a1yqyX+Ab><F%HyA?QkJGucmaJF3Gqeodaug%q_JNbZ@9K@iLUARrZfj_mMYJp
zQ-5*BK!EtY6(_Tfb`#{St<0@q9&vg_6ScTSjb&A5EfBSTeVdO#!mj<*J9sxq2T#>u
zAc>iRmo)?agIl~1l<Qj4!enxharoV0$cm+V(Jgp<<BHyKEwRn><5)c>6B&P|V@Woq
znL03*?AnFUBe_SDAI+7_or_~t^R*`=+j0TOHoal<T{G^7NS>!Q^((oaZYzegr=h<S
ztW~Dkug|ogJr?9RBE@MX3DdfGA)_&?hlk=RKEBPRfZS5Zx1WlhFZiETu-n&t3RD{0
zFKqvMD58x=Ko6$}s0Q{Q<m=p1|AOibxFCL9`bB;SD&T7G05?dsMKdt|<JIdXxQ8F*
zx$kO4-@}SSPfNr0=cI2ik}-qp6U(%<xkd|b0M|!LiJ5(Qr8m^hi)<wlulAa%Dk>Re
zR3pz$NBK(cgtn1TTJVXN&7ZE7xwIVpySX~^yEt?ON}#UuF@FB*U#L!-W1L6)21N1?
z#KAXbMsbxxXEi(cvOJuJ3&=|w@xwnnM7%4a4)r|BQ{$7NmRM8IWa+cEy~50YNhqEK
zcZh_(o9ECe8J-{q<vrr?8Eu+3i@kd=E*FmSmFSCB0v4<<y9dgCE*Uc)gde*N=VgpT
zK!pr~51D9Rg!Oj6=ASkX+!M>8+=?cR!CXV2`RepC($(4a&HY&QKiBq^b-;Gr)zlbw
zm{p)WI?prYt-H8TvyYG2(6f-Ch9s;^%y5=oQeqjl80zsPNs>rOyG`H<YN6w{vT)Br
zhpAz?)U&!R>zN)PrA2kwffgV+tB1Q%=J`wH^VX`&HC9Sx!kjQAHqT6Oyy!}sSvgsl
zaaQOVOd^?-!33g@ql3tMxfXN4IxO6Wn23;*cf&JRWG@CO;z@H#=x|Q&^_krKQBC&p
zti#2YSZeMNSzQ`Yv$307ZqO;WUuQ+DGF=Wp_X7{9E@if;t2)*?f=+>%fH^CEu-w0H
z$Nuq_-qmi9;dqHui6yVWEy{?T15TG$fU3%D4xF(=P~$D-J&pno@^j+HC)8HoJ6Wmd
z)W@PbY=Q%fKo-Fct}ih#()Cr_{Gc>BoW9-YSy3*WyYfXW=w`R{+VzdX6<t`;u1=b~
zqcFVpMB_zo6(nWd`?@1h2K^#eLVx1P!fZD`uSsXgoG*9GW*uMRW%{%I*VC&h{vF0z
z@PP*Q5M_I>ulJf!I-64UGMSlaze>e-7FBWc_mUnS_)7n?$bk$`JYR|3w0||;Zkqe}
zU)SY|%3U<>W)*V_ggts2_91M4-h^q6ql!DV(ZpB`|0i#-IBRF@Bbz=k8~z=ChT4zL
zC-FhYw^-$`E$rlOXDV<mS(vDCIbNgQv+&jq`+a!MQaw3yD747TUxV)yb(iD;{`q~X
z@ddOV9^%2XoWQO;rFxgGsVOh>vZxZWf&NE%E<gGSLuE_ssMya74rAA%vKs;5gl(U{
z*?tcPTm3j13%{iHu*r^7$DwU9uYT5WEQH`|PrfC`Z6-}zDk_x}VP@N^w&Uvy@f&DQ
z#KtEsSFmt=C+i$xO|F-VG?{H#fQ;iXe#>@%uYA()TXGJvFq!i|a@uHy+nAn{WnbTC
z>rVQ?@efpHOA{V&Ydd;6((?3yEV;BZ$D5j-6Q5JvbGbb6synmGLtWaCR@O!m9JQ^y
zZ<YFHH~$<j?yX%3iw5FaCx6*z(OFw>WZ;y%2l{GKb;Y-RRD5|etmpg585)eaV%m)t
zT~WHdgfr!K`4(DdPYCiC^^pRv`jPFb&F_!JQliu5qD(qkr72cWH?<i5n<n$yrbcY>
z?><>s1G_=&d;UX@aMy0p#2Kn{2#8@B3FD=A;br0n`w4vx!+C6u2YsCyNUc+?v(<j~
zg)fjrKTG3_^>duYYV+jRSmiaj$dRM(wF`AyZyT1aovG1^wnuP!(&$p+S;y%rA&64h
z@Cfii^tDj#Yy+zKRaE=$_{oJ#JSZ4LXVqxvx7%K2O$~(hdbO8|^18y6oO#v!DA(rn
ztL5LeRuPQMHcfIj%gsN!`U_@)Ju2OMTtU$!1ChPL2Oi`5(FqdbRwvPqI@M+{M>vnH
z4myoUvTBx`V&zo$r3W^!_U7AXAY;JA!7$tty)@rw@%OaRZk}PF+t^6`SU^%U;Wk|#
zBu0F0s+wyn&5hf`)){lpg0}J#TPNpQp8Ds$2)+mvJlzA(Tq)$EGx>9a!W&mEdZxNS
zr1L>brU}4GFghB|f!pUWB&C}zV+kP*J`O*xb`9bN`IubRc=1eAJAVJr2`SZ>^!G8n
zAcf(>7%}nJhpXtrPB@47QF%R^+wHCfFbgy8G>CVA6pjASH_XqDcaIhN2>tM2HS;Tf
zR?zs()XnHG+{gI*x)0cI!!E4@{)>=}-ibMCzvD#<XnM_cqz1<4om_8fs4C126vDD<
zgAtW&riaJt{Xd_@iyF5+sRrQzmv|bGk_2z;<N-3vV-z`!Pst5bJXOT!7gJUwd|&bM
z%7%`|QWlwoC4PfxGPD*E;4qoB3mzJ}zha<n%~<jG)%QOcpn|X^N(%bRnZsM-f+ogq
zm{5P2w(EGxkE{was6~@Eb2lRom0rAiV4xE>g`OzF!~3ekt83n%*C`YFC)>3<bH&eA
zpO*HYa;2zb&aCri9xUpJ5MP+SNd6xB_a0exwh^SKm}vLlo9QmHTxz>>h!;I6$u%&?
z8AZY{qT6}E9V|jK81U)gJUsZa<GM5P<Y-Qx!nA?)YO`w&X0jiALIo6HV$)uCwd0n-
zCeYBAPJ_%_axr%lFMkv<m=f#bA?sA3c`dFh>{-RP&$w769zE!ELYqSu@sobDZrmm&
zNSR+jml5{VlD4{?!Zh1YV>akcP%=VaEV{y!^YXB<oR{H7VFRmI@vB4Y3@JYjR=One
z&kic*)KhfjPuH#`qsY?sds8%|GozkmOhm}ylh7;Oc|sm`eoY+Z-`JP^k$hjVEM)y*
zyk^86VIOI?N4Pk25LL;!(Ae7h^LbLXiV@fj#r~S@X=~>Dx!>_V-t+TRGbevtb}H)9
zHZsIlq1hxp<}bQmsa221YB5<3C|UIK^q$3NIxTJt*aJ@HJWC`HUS>+S7f0ivJ)d;_
zW)5Wy-u_UVVHS$j$~;?-V%l*F!N(>uL!0HoC>MrkV6h+A5{mt64P(zDq01e<<|{Je
z<8t=vg){a86&+Jye%uO!Xh2sCl$xtAiWNyueV}FvODM{#p<pXmQxl9m6aIZYdOadi
zv=Ij{eUx1`jl9bibZW?4t%V1=kcE)%DF|B}I&}%O5wXz0s2aXf9FftheX;l&lDzjS
z&s-vH*~`uO=FUv)Owi$*-N^VPRTlCyIi5cjAe07L2_XM^W|ANmCW!kX&GnVeTmAbj
z)V}T&%4Tm?%h~}9b1M;vc#cR>doF>{XNQ9at9NOlq13hm?gXM>nU8LCql33@NHSUU
ztSd^-1-0E@H!Qo|s=#l?G7|+(WSWF~6T`H={jV=zO1PI;H1!1@<I+FP%wFQ>qJp9n
zF8>H$wOMZN#OhhN%n_2il*F{zp{(<Nt2Rp#Jg`dJ%x<eMYHN)?deQd_AeBC~m}@(g
z;;2_DU+pY*4nW(u)CI(5AIm#e?}oDCe8%*RoX=hhMSp}!Beyos$6bSkTFQl1*f=UC
zV)H4EPJXZ^)%~@T|3ojEK%OTz^j7yt!97uA6CiLV0JS$+cFywYYJSpe?0UOUo*S~)
zbomtaXK;F@nHh2JyX}r9Ko8+$$G{$&?5R?z2WPcUGN_;J@HOD_$Lm(rITHrVX+&J7
zd~wWKoRq$GlIF`e2>bQ*kwnF~ooV$$n-eLhNR2l=smVTi0CYv==Ml5}BP$L^+{{&k
zMH0-A^31)fFw2cq=d~8$urM!fPjvHx#ZWGVFu?_9LY$vj&V`^%b-Us2HCkHdNt37&
ziF+Ts!xDS^C9%GV*iw$uqC0WXOv}QNO6&0Fh(>&k>4)?%>$vqcf5aX#&qRot^gEP!
zsWMke3Vr+5LNS#IN-6!=g5IQW-C@SEYyTZG+wsh?wkvHV=yJJ}$zWn-1$}qmUxOY$
zSBBz=PJX-wkJIejv;q-s{Tdd{*lITrpwaPSokP?*r3r81nY$eAy1DQcK&sWf%N~rX
zwBRGd^&v)-0)nJ=Re|PvOpGJK9(CAAvh!cPDp(&Y-cq~U$M%5r`e{?VNUE41BnEw*
ze<r=sXs=zfl5H0-jm`lC_D2%8<&w^XuydfxE{#%9aUk2N2Vv22_@pJN+|bgdeK>db
ziXmQ5cpF1&beeV;XgV2u{{SwQjt!`)1*NN(7QCBnZ{KODp>9aP@1<&((_#^wDI&_@
zj4;=6_L#ujMKwsQGrty84LLDF^)#;De?89zU1zu5xQeF&b-s`@YAfqi%Vv+`6Xh&M
zr0S3h#-6+<5FmV)`8a%5zptv?sL)<NXd{}_<Ig}lg_jyaG{rKzuJa^RQ%7y$J<t8a
z#)u|!^l5sj(`L0O-RlCW>J^={CnGbrWJMPy+gFw{5H2(d4#dh2GAM27=Cbapgj8xw
z&{{YSqmHRy4jwdP0g?O9UruR+|NhupdT=h_E*t#6gURjwZ{nAtwo7jZnGvGdt;4X$
z_&rjWthP{g0_GPRzMgGQ`1@YSK5|K`Jp7`w{Clh{-c5U$mh9S;o>mDzMibui<>)o2
z`nh-G>(cIC!N*(gey*8fWhcHG(|q*{b5(ercwT#q#a4byQWRH>-PwKc;U_@-0KBHi
zzn-?|2@htAQ$`sB!^#G%^fx>R1Zj!i8CCJ3h@@78utW^bF9K@(n4|&%(U-(dF1hKE
zF>nbDxUy|RSN4s+cr0^cyS&SaJ3}pHGw*H6+J1iQk92-4IT#+a+<G@8H}K54w-H0}
zBUjv;3tu0}049Qpbw9Ba=%&ZysWuhHRlEu_<La<`o_pwLfa-`g3%}g_{M?EC5BvEI
z3hOic?fGS9%{Hg^pUc}na(5Yp5*yju3ZA(=gR1rURIn5B5T2Dt5V`4io+8WYw?TY5
zX6i6kK=U^BViHQJb<mM)>B(2Ud~;Xh!IQqEdnVfDdz;>3A_h#d62Ic#_*{*MYu_7c
zuIjcqJkh_+<6)v8aaa5L2XYrW|BtOz#$<n|7EPq%s@Q4m-5UJrwrTUUK~HP@>@I<@
zy7sqTKljA*RSehnjHEEKh<y1`hIbqVJhzn}UAQC+(l_=iOEroYB`Av~v2pz7r=shq
zaO*2c&4Y#`D-?9xJSmU6FFahz)E@q2!b;-2B){{@YLDweXfd(}Q19MVQ{u3VRT8mT
zC!o>NIk0rj{A?=5nj6B<B9k^-+a<%B1!DC!7uT0`EptNg&Neociy<gkcB1ds7WD@J
zb8Z6oikcIyhmT!VbMAAh=L}hr&bX@H2!8ao;pI3jQ{U+gW<6NHTI<XjKMi^N%_7QS
zGGq9{Xv6;*g*t!U5(Wjrh_=)V<~`?lL~f|j422^n;9Fd82kGM6$!&#R5){k<5~b4a
z3)EC=k1LqOViJBa;#JSA1yy{osabFIfIONAsE2>%#r+s&d2s^mzG$MqnRN*_a(6D4
z{jP|BMTA<=l!|vd0GZ&!J_Uuxce#Qy;ZRCf+?_UbXbQW%%U#~eRCuY=4KOs$Bl;OH
zL`TUj#an2#@wXaRD*aO9)CEl{wP#yUnsq`FtIKyo8{D@pk=F}$yw=WY+ud`Jnaq`a
z$!tc$CP7|1do|dU0b-XdRYk4e-m*@O(WqWBsNG8KrflCt++#hk=E?0{O|>+ua_iqH
zZkC7|drt(sumz?`qyKGA%kXC`NJLIWE;4?|hJO|x-+wXjv%7|MmTm-qD?&_l%ZmY7
z&BwT%^<|=Vk-Jjm#cfRlyrueT-rUhK(zvd;qFnH@wU{$2j@xu-rd?<2u+D0DQYLEr
z3ixr}yQ`K>M-Y8pDl@Jdt8-r+feysMW_<#m>k|v5F+(qQ^^SB0czSf6gAIZqT@MF<
ziiOo37v7xx!0f{KZ2ou{81c;_#WOMAJ;-)hwhI8L7a$`<+lZ$D4g>f_SU1PflbCB6
zPq*>r`csW$ui`rwUtg^;Sx{k$3UoCP*f69<YY7=oAWO<Nt$3e7lR_iAijBwzQmB2|
zG|8Z8;958<yV;EVURwtwV6r+!DRh)O(HQ1?2BlBkQcV;micgmE5>f8tH`M6hq*eFy
z`^hFvRvV?LUtSao$$$0PTFUgQYMn=evC9}qtK+AI_}!dcr3U{{CsX$Jra|WR?A#Z4
zdFWM6z$Lz53_09C((rXg$+kO>2Mu^!KD)Oz@Ox2YdsrssM{N_EX}cS1?wboeaZlv(
zv~RftwuQ_f!iYhSaOSH!zt|2<OMFOF&?ugKhW(XD_OBYF-QiYGY}5!<i`4<+<CxL@
zhoZR86I_kP+e%O!z)Sd^9<yGe_kz!zo5HVOLY`6Ja}`oP5xa0AP#YON0p6P|pDPN=
z-1qU$nIO1VKFChZ!M+t(q?WVJU1I#)$h#Q)5P<%O0CyK?rJy{jE9IUmw>-QP(sg^|
ziDrZ!|DNE<zFY+YYckl79W-Ec<-oXA)u<e{LyD7Nt>oKYTpM-s?|AM4>&AMmXc{56
z!At1R0fd6x%f7Co-q7>GUC3?%>(j;VPwrXzPKg=hpDpZKKR@0v42#N&Ji}v==Srq*
z^4&^%%Moi~0c>XAO`eIVt$c=-w|==<hdN=xxclE8wv7JqF$-AGi2(Y#-k2D5ohNKW
zOAQc;d{56lt`(cSk@&p@!qyNPkZ)alB}YWySWvb(a)Pqge~u%ED6km!KvCxAV-3=(
z43`7WOx7_ApLCZalSk0&mguaW!0kr6@^0hbM(_9ZhU0q@D3g8Y(GQR+lbWS*OdN4p
zD5IGTC4EvsVWiqb0^PVDRc^!1F?~DX+nsWkVmB9=WgQ*$8;W`ps1YE<dxiH!C(5Hb
zUoHF6>5ur>;|a_m2-R}lf=wA-gLrwM<I?Z2uyDkG2MYo&npO&iVIVAjHXos|`5kho
z-(j_<P~cB6wlOppIkqyKp_SoK|8+mwdVMFA4w~^-#D@3z?@#8!Bhr}!fO~m#|5W($
zq`x&ky*FyAl2(+klO`$TW_;4rH1sk7aao+Mk*l;S;qxZ<V1NCsdhUQUBUj(weol>|
zvjO63;4L5Kc_Pgq&rj8-Zo(}z&lDqqfe3wI>WcsExYx~e=4;npWTX9ILZj#Ynf>8j
z2PEuz6yiqyY3gS2yFwqRWcKxMr=B1xNE;+zD*C5uX{;$&+fyZggh1E)Kw?5Wj8FCr
zZoyqTu&u(kA~Ur1X~C0TlGJ_~^hu)U8ilT1L#`&Ex#C$AUPv7NP=>!io~g5n12X$p
z;@g}bdy^RCq^FWD@$}Au@E6DR|F_cCht$FMbs+=I7E*?yHQxf~&X8x5Fb5ym4aaB)
zRj#M2foJ3AcYOlDE1Z5AY$)?TP25T+h5XG&`7>;gc4zO+pyto^;*T~N@=HHFwH2O^
z-Ng}iC@qYd%LJqA@^^4uMhqEUeCF|&2o(4EMi=Y=n3*hnJWHto@%-IGRT*h-$z>7X
zJAbEvk;cxSQV3Gw(!`EeMfthnndqHk^f|f>VsB;~(C+%TzOmv>WI*g;6Q=Ll>&D6#
z>u3NoR$hgL`>yzLYCM*`8l|>$lBvKgrMvM+__ZAH3Q+{HRfnxz-8BS4h-89U80LV?
z@XFLt{SxOEsqf9JXoH2uqk`8<Q)!&Ye+>U<2xE+1;;B|+4axZ+@m%o+35ErX)?T|C
z4>8Gk>8#Z}%pbwDPtIFQv3?1)!cChK(b08(r5W9VO=q7kIM!~D)ZWSIZDDsULf1x=
zn=%uWOkaOZ5_-<9HZoG2l4ZF|{(j>nK!S~m>X$Y!*tAz$ahRIr_r&5P;hZO;|0V7<
zcj;l&M)|9IR8@Od3l<gv*an3jS5fscK*gE`s%KY`JECXO9MhZk$<t~tB%`-&^N%m_
ze&d~W_#A#<3Os(-J?rVjzt7KN=dFO4=V2QK3n)E%4rYD^j_8jg92TGeN6vI&n`4LX
z^pAnoZ|fylZlACnG1ohG6?BW)G`e0(O45jF?d!qh4>fJC`vpW1e{bkSzwt1MHvjeU
z=eBcp`EVBFTz4yLdo!^fZa?0c(CEIt;B~N3eExwP9R!=}ZG=sInbwnxdMV7vjoZps
z-NBp7-3(c!pUXGnmTl_p4fU#nX^~H(-r$R=ruE>7jy?S#&n&tJ=^gvK^iPP0HxxJY
z&yiFIWVfMI%Q3*wXs+&!vpGm;8MM3GXxF=E<wxKg03qWA4FEDC%@>}<=C@Gx%E61Z
zch}JQ&n&0#2c%t8)SP)egB2Wb)5=tHc_i2U@Z3Hc`ZPgfp#ZTB@qysy2bNZ3HRk51
zJ^iz)mb>=ghJmI;{wSR2N3Xl@qz{sU9o?{n;aT26-l_>NiEs1G<qDdL%<}R=V2+tZ
z?FXN8@ImN(P+quTO(?b`=<SbxgwrMh*%<dz7+AeCoLVHH-E*rcmOwYBdXg$q7S8H^
zoxRfnN+vg{<DUE1?*_J<$R2C&f)Q)Q>1HGEUKj8)Wz?Z)?e%<=r<VQ;J~y?Bm0DSD
z4#u~A2-6dHaRcnEDs+Cc3^G*g!(G5{yI0bc$o$#{zni>JEwMtz#exlo{d}{e;Ug!y
zEXv@EW@7UyMHdxB#r6i`Ote#~Efr+1;cI(yR42FFKhe;(><g~f-R&*ro)SHp%V9L=
zmPDMVZ|*yrw!c9kr=z_(D<v4j0^i6iP`*;C?YdT2=yncRaEF@y+yvKk5jt2&zHSx*
z-w!2S41#wD?H+&Y-$jU;PYQjz@VVTARhu<)NVQsH<#i|Rh4zb;M*r)b*P1+mG5`t^
z(s*68FmY+Zg?zLU>bzWP7qX1WAz|?EB9NRY`a+aOHR(uWxZf7-+%IB@ODIcPLy9NZ
zM1e;h;uh@Q`6TYWfv@m@cl71P67y%4e=JFss&8$=IPlnx3pQf6ixyJOUWN^qv9cL#
z^a`G(LJO;}mfAdjzH`;dXGx%t&7)>4(2LM<Vv|)K<Ysr;XmWJ#taFO+ZOAMamo-dF
zZ2nZkFe!CuQsc(aSkn?15&v<yHSqfM?>=E|uSn69zywjAC+}~3)f_;h)>*1E<7WMn
z&icb^=?ciao_3QFxULsn%}7U2;Y24Z-v=}*_B+0ZlVWxfXqK<2li(rgHr8NzHBwJ5
za`t26{7-?LpV%h-8bYku%I8xhhFw|T7=pYeLe<8y+Yj!HJ2G_{ZYX@q9>iQRVE~Mn
z#OxA<8l3k!f**(9?Nc_02sTrRx{EsS^bp{*zD%SPWOP3pCiZCDUH*`<_Op17#J7=e
zD0J-`E19J5pKQvftCQT)M5w(5#O{8Jt7>AEL8kca?der0RgAO3^R-d=kmCkcJmilK
z0;(8Lf!?pSoET9oQ`iK3+D&f!{CDFoO+j0EsZ@>|wxHp^HzsXz5Q_9(E^M*~kRuP5
zj@^v9KFQ^Ewb*7D#u!h%CI9ykC2AlUS+>E0US6nsZA$x39gb~JkYK{d)tU2AvV3%P
z?=&^6+(VEx*m+L;kyVp;4pVkYCxa3v7*>o@)A2@9x2CZ=l_yw(Cka;U2uluAj}v~y
z2aWknz~?~+juU)gE2!H`SW?Q{3ZpKA+Z%0OmBxQ(y^pHf=xqfa+JE)Tbnd@>qD3w~
z-t3(jREL#G=vT-c)F@Z#0%tC*>D<OGH#nQA7AscJU0O4!e)rys(ha_e21nsMD@1?Q
zXV=+pAsMLt_A}Q6s)Uo)hdPPGeINVY|3B=#XEa>>`^GCGN{AZ01wo?s-V;O!(K}&u
zMjO4?h%Sj5Eh5o-8NG+WC_&WG8KR7Cbk6py-#YKl>+^qSEf(9Jz3=Z`uIqCr#LpS_
zu6Y)g7H)3j8mNBpxG{VHSQN;e^%_@J*^+24*>ilD8zL1EW-L*`pQ;OrFt6_wM5Tdt
zWNRClV0V@h(UM8dF`Iq?t<dgww)q;@{3MtyUCaiOCRoAYuN3VB|K>`>d;lM}DsFA1
zIF9o!K$*Zi-7OmhM@<nB)mU(2Q9XBHUSro%qpO9)Jmh8Ij4u!UOXq(}oX-C=Ot;l~
zUZuFMz0ux&p^(>mOt~@Z$BRA%(zooF@mbhSt7Y}l3)KOEb5&MgBN%AwvaTvn#i+>#
zylt16h8^3n%Sh87OnN9+f#GDY0Y>3ZMB^)u7b-8RT@l_$d74Y<MtqC=>J7QpXu=K0
zRj`X<CCJz{h=Y2X>>LnHE`Nrw8X+%S!!e?wKj8W`wfE`=jY9G<llFaO?h=T3OBC|U
zArjM(J`6-9zi}H2BwRqgwzcJ}H#3Vmg^HZpucuvu7<PKmt1iF*Cz2hp<5!2F{OB2z
zaapkNQ>28?uQf4dDA9hG#L*{E29fTJtfoc3SL_{jjg#gBD)JaQ+GU?*P4GqiDp1Xo
z|JUJXb*3uz`;ht@nAMommeVwmJ6kng#8EUxG5EcZ1{@eoG)Yrp&gjPKmPO|0pEA{N
zhmTxejgHa;t|mqkE57%f9&Pk{*Hhd!LkRySIS$;9afsv8FWc#|cZL4`?!AnDz*PB@
zGF4->SbGDHSr$9ttbZOSinIG;Lu!r+jz3SqM4)uB?I*pn<mQ-;wm;?(B)w=QWmRLN
zwryx#QD6{|0(r(tQv6Z`A5Wlw0T%)=l&|iDCG>7-9iA;<;RjNV%T@3=y`+HR8n_c1
zN_{h$=*@v_?M8yO+8**2CK9!O8}ZH^8s)UTM!FqmxnzmbWlnY$lw8)@rL-}uyb+d4
z{PRMl|AV3ZPQ0OIX_rBk_F>9#`yyBEA%kFVy;aG|Q=swBpBc@vdJ$nz=2%y*;aOhP
z&U^Jz#`P1}Lt4i5Lm;T&*pYRLML`m(E&O!-@@=Dj_9+92k`gO=Qbq)jkG;GvYs!A_
zw#OxU0)ca#zt&Q!(^y5PbN7GluB{Y(vjK9xX$Q>kf#1U-dFBK*jG$z<e7{mcE=K?F
z;)?j@ZxyeT{W2^XW_TVdHY(4+eli6x8ry$b%iyS^>-$w_Y36VAXYLCpW=l-c0duV{
zApz3$U;$z~E?JmZxUf)oyi>Vn@P)y=R(PT98d}#FXhGx5HpAKdB{kvi)LTy*lIv5?
zUqwt#%-3t#u_0exe@5DK+!ho!3DdU$u0fAo)XCxJ1}ztorwO+_yj#QMbZWK~%i9pQ
z{O->V2imk{laACCL2X7pOIteCrtx51uyoEIA9nqYv5T>(s;I-8@a?#RufrU4&VSwC
ze$lbMw=9wOnOFvJ%$aB4hQAf#V6xmTHGUMzzH_x(JG!x)NX<^&LO}AxjF&`AX~(cm
zSWA9=*p{Yzn?*36=HUH)@5z}m5rzEXhi1swYMtlU59Y2n_8}i!Kkz9#-pu!JW?m#y
zP_8T;t=a@bR2>hE$`yU4vv{76BnuT@4AXC||5DwmRo!&|(CDz(T?d)HJo)#H+uq_T
z?60%|R%9<e`rx}~wa;k#s<f82Y7R1Ox$<Shvk3(mUVRFNeW|Pj@9ejXbb;)FUfXLP
z1v@_9%v<#!+Kz+-F3<zsc_)khc#}oi!^K+PQ3nh!&PY>ie*o$d4d_Dbr;09tv3z?f
zj(nl@t{%ZR%Paxx;H7Gias`$ZS|vz*a^aM!qb$dvboG=famS`>Y*xY1mL!LMza^cJ
zZs%<jubG;;p}#TkR=BB3%xTe*tFesQm~^^JL75wAt^5heEf(dRN9k!cCg-&LRs9{f
zF<YTy{8+KM?hFK{g|UGP_EqO|x^(!j_?wg~P8~<cV%|S^lLe!S)H!+b<n&i)*M>*Q
zmDOC}>e|W5;n_r2?bY!PPgaA~&ut<o0YJmDzr62()OMFe#RZ=I)z&~7GE$3fE5-SH
z=j$4`iGb&lVG2Jn4<aee`X@t&sQmKTutFzarp5NnJ}?T1!XA$@-JIxM3H3PF(r>l}
zM2x)V8Bp?2o~D=J&NQn0#OmdbaP+eKgn+)w;r>S6-$kh`#)!znxz_>Q@18y-JtJRP
zJb3TGa3Ovts~lHHf1EW1ooC4UW<1eVF=4-SK{RnyDD#fJC83avGU3;4XwKiMIkVQB
zyV`evkG^*8?h7Db99&D3&3Pz?{hIw6MC>tN5=thhN!l!po&f>f7t<CmB(-p*H?1q*
zc_!5ZdgG{QkyP?LVN~OOmTa~RYFF)y$K)H@!~0jEUZn~gF*h-ofR?iFzfPU{J2js5
zu*-xb-P~4e`arlabd~X;_&Tk>r$R^9{EK;`fTbxRlj|h`f}cSD5%=nnj4a{g*U0VS
zU*SKwJOn4?T}yi>@`p42&cTEPcsCo~TpnLA049Se$$!CP-g_y~e)yZP__`(WN&5Ag
z9$^j@My?@4ae`IA>oCo}wb%?bVVoyqSR#dy<=|+0VZu}Mx9sY4YWwD5Y0we#EC%y-
zfrTa?w`PcnzmZl%Xxl>o<bivc&K1Fz#L+&+(IF%fiu+9|Xk_0wb1*mg;f-)%0<#Gq
zjjL!^-ICiZ_V~V|Gl%efPT%TU=9Ad|cWj*h$Zz;#FmPj=E$@f(hIzyP`OgTObfEJB
zi;NGJS9+q3y_l%1vCW1}ty_3fyoP;kmTMoj6>n;pOZ-{Lma&)3m1&tt*)wS5TWJ3v
z-&{V^fNwlEUV=`jE1GGDjk#(2k<Y^I=%UIQ18dzV7{iq7duTE>^-a&SZUd+rCNg=R
z5dMPP-1O%2dIE)Kep>VRZ2R6k+JAMm$zy$Wz@xZBbl4?3O~S~f&CBopW=j5dr5BsQ
zx0_>zwz`ankK3}tf&9)uy_hOg2@1M3bRofO4_xu^EA)9E+W-Xz%?Slt%vJl?8yQE0
zN<q1d(y>2M{;Xi0*`cSS32Y0^%kyyi&YQi{l8zmfIT2cc-+LCg^`7JfL(|_3FUm^a
zM%)|h*gH`n0q8T`V5$FrOXc>r*O7}&fUw%h$A|Cq?2J90G9`qbp8legX=}KUu8S9`
zB76A}`*=DpZ$+rGNthdC(h1y>#&T}%@0e9>(%jB2s@ZKf_U0r<sE)tcA2UBr%%LAC
ziZya^qtesZX~icHnSN2&TDHOFBoycZK}9~FybgA6EN!Nl@xNb;GBdRyISjwo6vu!2
z`IT{{Js-{jA`@_TRKEP}{B{p1y1&ei_c8kZtN(+U{r?4K_J0h-|ARmNf8q8SI0Eru
zT1Q)3JBWaYs1QJOt&T|^Wp4Z(8_St0GtAs;vQ?e~X4%a*Xv74d|I#)#c9ihkR=Wf;
zyck&f$yQ;@1aL;g0+J7gmrn=?er{}RTqoTJpMiT;gGW5cwQ0pmZlgNDbYAluywJ=F
zAbiNS7X9~Cy%&HY4Ujb!*Vl8?OZ#yFTELdxwKlqw)02~XXx()RMpb?NB+$JB2KdSM
zDND0b(Pht{KkqB9S#X@3H*AL$4;mVAulCdd^oYOTK^M-1e)|!!F7OIn2b95M9ZOKK
zqfxzsV$jHHZ|w07>Yh2a6#U(%yo(u&ZiMN-fcdVk1sm{%d=|i<Qx6Z1@C>}L4G({(
zh&!W&6{0!;0M#Y{AwecX(0Lv+K`UpuLG^0Q^s=w_ViUKgmlraob8m0Y<6t@Oy5%w@
z@;=lG<=hA2>3-w`Q*FYNRBq!`<3Ps1lg}s1;Y9yo#mbH9Ib>P-&@7Vcqj)4~+{WL+
z75Xr()H+jBQ+=ZDgSCqGJuGO8qq!C3?PHZC(|2v0b<em1U}{;2AYf+2TL7Tbej(v$
ziMP_DtXNhxiK(emV-!omj(U{A%Bly0@V=Wh>D9n{FlzC=*+WHNQy8NRdLtq%TnJzZ
ze*y@$f_u3?YW_lQ4vHFaTQPt3C;ze%8s@s#il)P*LEm4-H#{J1`BL%258R=e#={xb
zZmqaX3GN{J1(@t@J%(gCZgEdnUF;9b1GC%P+dWo)7yq4{M9ti%6JKn81E1SZPMz{g
zmZDPV4Ub9Vi-o{5)26_*!`qzT+Y2d#3mCy0Ou5uhUmst3luz%ozbI{gwx=;stX+6?
z^#=GI;~w|Ltw&_ZgXQH9cl~Gli2W~hZfku~(Xf&1vqCTeid2y+`SF9dU9U&h?D%&y
z*%lzC0t6=u;uuzXD_Y0aqiOdKq7jfUJU7h){tI|oWk0wB=%CyB?N-Cadx&I{*)gJ_
z<_fJ22l|rL$}@mN_}(NwF&cz^dk-a(@H;VZrtW(k%yNG}bnk!BumW)1=F}~T2QFP<
zk-lL>-5uGI-UXYvcaiY9pbLK+Jf$1x(u&8wKY1sBQu1fRQV=^%$bQG2{4MQbX;YKu
z`i)1u?!yJYHEzALuajxh>R{_#AGI>UqwK5YkDpK@w=3U%PltxyN?FNY9Qy_L+<`~F
zQoG%7R9al$%u`L*HLFjamUwgZK`sWvcN$?op4;=>4~p$6N<?GE(2{(7$%r6IUNhiH
z*$3VzIt)NL3^jRTpxc(Wu1R~FEe>G|ygp>#0=}nlue_D;+BIl)T~TNsSl<AIXd(LM
zr+u=wrku{_r4K?Xa%OPI9`SwxGi-)jEnk)f;dbX=%Ylv#Rp1L^22$Qt=U2WL;fd}`
zgau8{D<0@L5D{v*N&CuCGxochrarf?IO@;>Zdvzha7W#_^Zm;Yh<vsHP>DK_3VRzh
z)i_<n(<0BW{2nmK7NXMl@63FWwp*LBcfJxH|6C<}kE{r3qN0qIOKm+)bxVB#UE}wP
zc8A88Vh#*XkPeJ1p6K~t?vrWXy_vJ!hJu2P>+9-6wat&`d>?V9XU;oWgY<Qc@pe7s
zzX(m=KTAUIzSiH2<aRs*!p@Y`01N<b<pO}ECaEizdK93XyPBIbI*xb!1YOcM4-{^@
z+VdB`_CFqOa7Qwhdmb(xo=rY}X)3+OIeK(Qe?t$GyJ#u+{H!PQ)-exy<g)s9Xa;95
zYKObRTIcXEUDU<QsLfBeeM9q6o6q5w)ytVI&WFA{)6KWH?bjCAi4%pRKaV#@k-5`^
zp|1I_k>&yY-R|`b4T*JUBAchtj&gN4WR~dD(@jT@p$#6Dag+OL)VR>QLe$wk6Dk9B
zHUhV~il6>O3!6LGKLIAC6B@GI-5uT&%8Y?o_aICONy*qvA_~!*@_h5Pi)M+EF6RL5
zGm<-+3c<Z;gOq2HVUyd8XYgIcDlM1m`a^_pSV#5S8h2SWlltOPUN(VmvcW;y|LjJm
zTUz#-CC#tyNi`lY`i4ym6cA2}3k%uJTbi4jkF1pLhcVlG?dc;qzc5|-WL<cQ2nRX^
zs-0sgxJPy<Cqvw_NF7ocu}?Qon?1IE0P)CP{l7={8}qXgJvtz!3X}tYIq+<a_&slL
zYfPE(rE}Q++fu!9nw!iy=#qoK{k&Qbde*iHb+#!R%-VJ`KI(q%z4|+vPKcCGD^kn4
z-|h4@t)<SDhlj_y1KaIz`w!A0zlqV~Vh7+aYPGLy`ZK6w^7*?Z{60^uCYoX7hZ^lZ
z?6X?C*u_W7ySOa<3km^&%ozDa7_L695J8<@R)*da3+LKzMwl^LS@!YK0Evb117GS(
z`PsuY_9Gd>`nB(iFG#kz0msYz$z~1{b(%@);C<NTE8f3O(^(B`Cb@NMlkwcvsm@sd
zqEOS|eLz&v;cOX%E_KoMTP(I-*dK2UD=s%k1Ga_0t)|WPB-k|&E8QQ`=`v}`Ydv}4
zW9rOc?vJXUN5iLqI3k%X8{F<wS<}nIk%z0`bk){u*-?{QylS;nZrW0S%PUd<#P)S!
zhp``uzPV?oryH~ZB^gCi^Bs3`?OV3p6h^cexZm3Xopl5joN&!%D4q6!pWmn!5(Uqt
z_juY&0+diU!VkD6MK9KNBJs1gIzu0B{Tl=2ui#&O{`2P<dafkl6y_OyY;(N9y%mbH
zH<}2LCE{e#Zh(Vn{94+=u*qd(L%58_L2K-dt|*x}a8)9VnOLF68=mWqN&xkc8EaRC
zT_b03l>Mm`FnIzx5f%3)e|u7r=gGD5=)?fotWr5#RuSh`&`(s_Y!I)@6>DoO)SRJy
zg;9PSK!!rj&wz&mi6={ST<LTMrUhTo)B3CHYf~4E4;o-AbLw%8=I!0f3&Q34_(7y;
zP$-&Cir?8#U*9&TDDqFtvydt;A0NBtRl*oq@imWY>HOn6Jr|li#dX-Ro)Z9w%@8J6
zi+M2x0}d<SAoC@;!`hM0H~ppc?52`#(xpEv6Ea5d`e)edrzOz5YqzMyHg=p%ld~U|
zf@a4`w2Tfw-HuPW@mQ_`r%sUUH6-vmcVj~XJI)<oXNq<F{ljF|2jJrZ2b;-#mOlQx
zui?i1m1LI7WBrQtK38o&z=JV<FDXI<=~tRbUy4r7a_7g_NwhyTKSLqXWB~Nx$#HJS
zH?x4l-m%#r9PCSuhii$E)Yu{VOEV($BM&|p4%EGDaCe!jdl{t>L9;7}*->jdx^WPe
zOE2jq70f6oK!!PzqSu$H(nK_P90ykUu7w?PRsfvlynt=sGGL_lw<y;7!h-46a##2k
zFimR0j2(cKRBp;NdO1|SLasBGLg4!V>Ebxz4OU%5SZK&DaD={fX+8Aw+sroYZI{%E
zuxqogP+#nh;<3i)KOoE;pDH(o@V)bNpfipe9jq2}G4sDXnONxEr({$4vLSGvUpV}A
zyy9l3qEe@)KX&(jA$U#tJ^&ypX-InQ79r5I;Fi<5phO1gZ)U+a@lq?Wd%LGg3><ie
z#x{RD&Z7MTt179|;#?DBYM;<Lb1HOIyA94HV$rMN%AHb&hM)@c^~EK<{7Krm`qvyQ
z%sZS-Bwr%F-SmV*;$n<3i*PMGZ`?+RlNW-n=zWif=752c<j9kf8!=n-?rbJ!PI1n|
z^3zEb59goT!l`RXZ|?!Mo1UwhoC&XFb}a~gJ1oBhKF{?R0|0rGUt~q@?v4NE@*5yi
zG1*c;>;ngktOdeF4VPaN!J86{bm|yGBZTMBsxvclb2f;5&%PkG#_xX7)q@g}ym6)L
zSRHGdNHLGV-u+?|2%{-CQd~6MR?nJN+oE@xW8@{8hzPArE%Job)c;f_?im)ZE!<Qm
zqQM$0k9y6uTN_K+0y%(%AJWW@PO5y~psDDn!_>ERtSmH%s*cVB^10G7;B6~bs@F}+
zlx;V!ckryZwN$IQ*I8^G!WiEn8eAC5)nlkFU!C@eD9Gj1dhfTN0N+3k$OK(Z<ZkFS
z0{#T@U{y&INPDQW0}cKi0Y+smZm!+CxPxfd@IRslf?@1I8jom3y(t0KsISumkj602
zx9B+S?6tO)PU>D~Vnk<HvjEmKcXksZ00g$F7#wW4pw=St)vC;(+NthK;*M!t@MEL;
zM0&~3>`oR(1PaGpUC`?@h+_TY&!8j`$Q&Ga7czsD93{9r`TLl99=LKbh`I7*i@6B|
z^ZxJ6(khuoOTND@vtGApU}*?hfQ%-10J+dl!1h#d?zi7KD0|yZ5dKkljta32y=lML
z$g~IGAQznEA)6!d^*2hah7pksKO7DQSlBe84^Io`c#zIqFvp*MQB&{D1kt@i4Leq&
zE`$5}f$xmy;chHZeUHLHvkDMrf2*b<niw=JgG>L^ARY&179m)_A9%5p1|MPRD~yYo
z+;$vQLfvwvIl6j;Mf%KEqsD|JO1(~n3pNMSNI<ZegMK%!3v}s%O?BJqj>lr{r5R`~
zf-tdlZwBkBiT4b9wfU+P6$19k^GxG{VmKd82@CSfuGHbe0Z-#o@(iwsfrO4$aLGgJ
zN8_I*mB@1B;tg9$U--tw8!hl4FSJdk3dT@63q18O2UO56iH5R8hLU1pdW3nJ3ugt{
zs|zWc?%X#2v!D8AhVLUna*?yaKqC1KcFk$~U~lMw5YtMIbjvZ0IFQj<->1UypHdgP
z<T)+|XD#e|e{F{wKBL}oDMNX0HFlIQ?oO#IbarTDOJw83u%BGrXVpNR2=OFa!QJng
zrXt$WBfRTA$FTn}SE=dTEPzEzN5^<;O2nTDzCjL-_IF{GzWoDXeeh2BId`c>;WV}+
zG=BUIKE%G+V#*^eemcjlsZY<-XI{X>MTal}+)+(jp@$NoWnf@b7#70%+3mJ^#*uh7
zM?_pO2SW-FCU7myH0Fcg=@pGe!rek<nI&p{x5iEG);SpYUbI!MQi-X)92mT&%?1}$
zAg8ufPq^M*m&#Hu^-O8k&g)IJCUYF+N+el_SyTC-*HY?r*ON`Y2g@0Pg|Qzhiw*Wv
z^HIZb4^$sL8;#!9=6IAyCvIf2_5`R{A@@8}m6!3@FG1jrS4}8y)SR$AAavL|&J7m1
zPllUNX<iL-thlQMbw>6SqD2G&=D;JF6Lh`CxS7h&VR?D!cMkuoqA;g?x2N|6qZDwW
zRA=Ee*_(LI8T@%)o<oDLzv@l0rxP6H$xd6ep#RQy<ImxwM-R)62!+@0YP~12HZ>+|
z#(&{!JZvn*3wmk#TJcLG`psPRtNUvvAG(trh=HCzZuir^sMyC{j)B+uiIJ%kBOUHX
zY0(Yl6V`~b%k%^v=cacO?vEB;BbuO?6ecVso81OtRQticNGH$PiYXE9hpj8EQUt+O
zfmcwEvjy)$gmVjbr9Sy|-|?noERiH3(s3EcnzZf{t^Lv+O@9K7pUuvo&C8kn)q0;<
zcd^J~^UBLlkTlR2l?>dAksN8k8dT<SwSb6>li_C-gEwysMjQY;>HK{^v)Q_Lm`T(P
z>Erw`e}z%-v-3<9Q^U2u3QTZR>MH=&Y=^U5f1(|W22Kq|*__3ot8yv$zOhSN$|9iZ
zoX6I0^DWmSSaeu1Zwn;O!<Q`_PTJ0N{}LLh=qeCgXH-a_p6O1mp+ija9B4yqWV-dy
z>})sd*w;UQV?QeY(59sv#3-owXf4RJ@sIdX<_et;Kg)~SnVKOw<?HM5UpZ3FAH<{I
z*xpLAkwmYBY$|qY^BTmQS<%C8E9TXQht<?;#X8t^4Pz;JsROw&@i|msMsIMAy$UXq
z!B6262!!Aq+km(nLK5L!l2qD!=hKG!Y0zufeLU+PiVl_+qhTU}cZQ?f_vU9U5y@+X
zDQlcwo9|f@LOF#G`BQ^46QdphV$@1N4K?K6cc{ytZ{6AB&VTz1ZrH9DOvnuf)p&NN
z9&gY1l3)OQc$c5OqVap2IX(Wp{=b7P7;DVMDU03|U}glG?B!Ogh)`*L&w7SbSZt`4
zbu?}(g^MhJ4Zy?5B@_G$S1TZSy?8}3RUCs-^6@%9_-t~hhVLr;Ja)&7i*{2)5VzJW
z!n@iGd3ER)o-c2#v(&q!j|gE2NC4AU4v26Whvm};is5`|rMRk*3WD`HB5yuM`5&Jl
ztN#cHynHiZ7wM=Ich60H!1=%8N9%10bSZBPy5v6J;Xgi-O*V=)rtd)=L6@|Bp-ZMM
zeRDzZ*`O$QVns(z(UgXx^x#h@y(inNobrExH4Mk$F)ZEG-I&hX_An5_4Uh%1oP+3i
zj0o}M>}t7iHW(35DHoqc@DxJI%gvBgh>!I33CsoZ=9O!!!(_}Vl~L-$%px}CbJp(`
zzPJxdLmyY_KEYt0Q@36=0e|J{Aqe9%;`ily*%S8Y__$i}88vro1U(n$%J{%nb_nhp
zN4C3)gwJ~PAZLm40T5jHeXYsMD5%a@&7FZrw;Ytrf_#6}YsJOB!Kw|{!eGP>zrEy9
zW-*$IGwmxV^dLE~-eI!D@~V6^lmkWyqhXq#t=)8gKNz&u%7**=q*(9K(HvQQ7VP|c
zE5lU`Mj}{C{RMwkI4dS+yRGqiZkT^>(25J5=5(21b|P=ZJ1l3CKdIcMwnsk|fNZ=U
zt_BBRgMG{1El3z^v~}{OMx7coxhpPK)|2@i<j@)OAM;+dF5)n9k?nLlRukb?v#7;U
z=lH4{#(P(Y*^D69B9;`3sP`%F*yPq{*8Jof;kVpTMpTYxHpXO&5cL`tJW6p{F&8mP
zJR(Di)L2jCzId(=z~jEUf;(bV%5(C;BA%;2Qh-3Ym8uJV6nA)KcV*fUWZJxz5D!#E
zGPyYcM+0?0yN9kM!tP4ZQz7IK3_JipnVWo{6Q1NVwj~kLi6yz10a>AtR>ov%M{e1m
zgTxAan2TeA8S6tJ-W%Kxc;wC<fv>80_ug>omA&XrbT824C@)GkuKG@Z(S)}t|4+V`
zRrFX2y|<8-KqsEngM&$qHdd1$wiq5t^Y(e}N;lMnnfJU>6}R&&j?8d`uuXzja7Qkk
zoC!A+0VEcBT!=*}9xLkKp7A{TI>M72;iY2E6ziK+@q>K!hI2L6sxr>L8ko#s$uk9$
z{BYcu^Z@{+bX7yZg+FP?#Yk>!{cKX;GUqF}aQik>wu25Q;ZLNsQL~3i1@T&!JHI9t
zJg&%960+fR&vPUB$gK)^4dL)XNO1xSaVw4BwceTc5ZjQK#S(F{lHFiOvDI2SNPKhD
zJSki}45?kHPH|Ns809czMGKpaCS!O1L``m0edo|qLv@^(lz2AN?5TSDJ{0+3*1!eL
zy0njIs66jn&Ue!d&w5xlSK~sR=yAO9?&2Io>qfnHni1`FcRP9nI5cK~h8dwD9u$|X
z7%MJNWC9hn?bcc29tV^l#Xj?&8<=2vr{Tm2qHHpjcY8p!#H;U%;xb-iA!fB(^RdVz
zZtrV)b)Xz+CzXi0-YU$c*c`p3J4y>ZKKNJGs<YcG7K9bFGhI1a3r!PjtQ<tdT3a<4
zD51$22VJlCmt@l)Ub<5_$b2`<O2iqlAK{)#1Vv_q%ra`;80%H#z^~%g(jcn;tGqo_
zi=hwQ1r5Mgzq-RS`v7M)FOE2Xx%J370sVk3)qpEK!=OtI5TLgwd-<<NDu4Z)qZD|~
zknX?6prT<RcC%SN#8>XvlLjB>_@_2X;Air|i#V#O$-0_AFSx$ZZ7J&&6Gt|cc^vKK
zeTncs`V`5QmD*)D7Dt?bQhW1?mbE-u$C0Ea@SrP7oS11H=(z=$C7{v1f`kw7Xz+q?
zt8l*#S}!Dr(<xvte#K!j&=IW8(Uk5JAjJ@Xa7-F824A}oIu`k{$Z>E!K)`fGQdSmz
z>3pO|iDz;2^tC|Je~Yk4F$ukVH86P*i1!wzkAdDm{apy;#|dm@pVYyk)5)fn@OTk5
zg{2Zfb92+?+wuArYYB)b72IJR%P|_eEuI?N8G{jd`rITxCG+?bxSK5zs;cl5Q<OnD
zfo=fQcj%Aih0jiUUi>Bz6dxHB8C@LP{tYw`Hjx(o)r;1V(={f)`enEpP;+!A$vX?l
zcR8r88uZBt5>%4)0BxB=pIVh`y#(|ks@0JqvEbj(%7jM)er{RBq`(blX|ha4bp~0A
zi=~Pa%@CR>cZwhU%TFwbVhj?y<0iKsbC(p!KX|{G77?!V!!1tJcc@zNLtnM19#}#w
zAJ2T-R5hI>4T%&pX>y<Z*Q}S)b=EY-_a%he$ZeL9WcN^Tgi^-CLamG2ScDQb{PEhK
z<D{Rn_#epswJ_@TX02z)!J4ZQ7GzBeUJBADkz4v)$!;P!6TGlMd35B?6MVjcBmRsP
zx6&-vkSAf%J*x*L?qgbGrD>+$ZJ)4oWHg=<E(_(I#`<4LJI>8H_W(51k&Y6b3o5?O
zEJHO+86frxw}3tmJZ~cJl{LbpRe3&O+C`o_9Frr5$ECQ;*5@Z?k?;KaBT-dJHv%XT
zlt^?w!ZuMFZBTvVy#YYrT*J7D|By=kj=&ugfIGg%?RR|rLcz8Fop|2z55?HychaNL
z0BH={HY_CJL(D<kA7&$C`|!AZ!$n+cmZwZfpKjFO_qi!5n&@nh$Pt^QlD`ShhYLex
zVI@^Ql|a(O3FyQoeEr89S}l6O`QWbstacontU%}0cvh)8+viCbRhS|sTL}U{D@xYz
zeuQ+AUs+$f$1Md<{)wn2!n*_ZOpF!+eL_xN9K<K(xB-ea-aZ3IE}||Ti(x<+bL``W
zrRda9Q&M5uNA6f(60Gq;#qJ8wo{)#my~;-wWL=S1lISV9K2H6-7E|>NQtOn#Q%MUv
z^D1Vt3B6z0HIP#fn{Dn=3RqtQzK-irK#B0$W%sQuwV1QzDgoP*RiD)+fO9Wbp~Qyq
zlRV`^JaLJWB0cSBLQ+;pOi6D%E#5CUKa-&u=90Tw%gPwUnGF`CmPBHy20LnGkkl)+
zbf*N0rT6~+yzy9x!zt5T4Zc|a=wgi<oQGGqf=Au@Z#iMMCQ0G%&>E=cqR47-q2~Bv
z4y#;JwDWwUI8H2ZrVPO(A6Qajpf^K46E{eC_a*Gt{O}A~#POc5X5!VR_Nf>y@5Ktz
z33gv}HI?-__&|uss`3qfKh|nUh9iQaAhA>yB)Y1Awk-1GWI_XpZXK8lTH9!nz@`E_
z>m;{cY#47v$zE%=8zODK(k`7#hK2bAfipjF(TW~miO!oqAVdC#wT)vHdbmoG4ydv`
zh+zaVumwX%ufinzRfjTzubA}RHDzpN;#1K%e5F_I=Pksj&zg!)YfDHwdyny8a-CWU
zyn5Iayd5U$0bP#T)xu=fy;_bz(j4_gboumOF-i#*jM&P$<8sNaNrcG0ki0n*)xjK>
z>8~aYru_Oixzg}sYlM<hK8(R%DDVOffD={J3^W(oK}$sOI;i-{^OB%Z$0IYk%CVS1
z)qv~6sNU&<&mudwV<puyXr%bxZ{gdgJ1%heNz<tG*R<H_xU&ogf8tN1gCy6Q++NF_
zdCYHih9=|6XyrH56eT_D<RP~;3wXCcc5ul2^IBms0qHAsGdMeUC}Z!k;R#gqqBV@N
z11Vu;_%PFm%23aj;l-!Ew2BD-RtDIn^x1BIc`est*k3?Ol-dr=)HdV-O046in{LpO
z?mmsq3*Q2=Y6+|}&t^@U40zxtn4RgURBKk9b<RmY6G6PdHEEW(#A(*QY){un_6={_
z#Z#!)58k|4{4$-n7IGXGBbgwdT;7R9TNv|2lTK#TuW?N|gZc<rt3cEZz#OmC1CBoF
z^$iYP3ny~&Axfy-wy~zi#n3M^$Z0@Mm3wc52&BeNZ*-xpPK%E=F8)_?|NN-mfoiaS
zF6A)HG;%+eL<9jdoakn7$0xVn+x0hEPZZ$$lKaW!9XbcD5OK|an&4k?^4A#)<kmYj
zFgtu!-4|R$q9;<hA)%SR90<Eu7OS}THZ_lXo0!qB#IGC-sg+gPu0p^Xp0uEw$&w0f
zo#Sc^2U~N(L&3%H_o2`aP?GX5b&9DVpLZSL#13v4CnvkhvL~K9(B?BfyC6e_3ly28
zgg@g*N}!j_VJG=8)QuafnNTc}9M0FRlz?OND+rj<9(l!J*w>ta9llAdTbTO1N4`FF
zoMjGhwp#rdn?D)Of9!6kGLy?GfG0h}wkv2e(0;W?FaET&L6&Wfp_Of?FP!fqaoSpD
zjBtW~$)OE%pEoVl3s@%0Pv)WfjRO!ll|O2oqes(Mh^^M355Cj_-^--vhbHZTO)4#(
zVC1?%uQAL{*b3!O8nNIxjULm}<G^6K&fF6?k^zuA16Oe(4q+S>Dkg&O)%}FpP&ABU
z#Pe>gZqlpiyf6nkMn6Ris;^&&BlKXswC0|YA_(t`JZ1l&oAj5>UV*a|*3YCa_=hLp
z)3MP~8`DoZ*3OVoT*GN??6R@jug&tkOfSyD9!dL}9~lXjv!y=Y^1GjeENI;qFVr@m
zA7RCFLHEr<&`=7vqXi(y1ScW7r~-1&mJ6U>&}F|8!R{j|X9<uN9tWAIQ=@dbd56f7
z6{!g62hD0lx!0M`!^hKVTM6TI2u2n%$7&SQ2I!3-t_t6)zzB3J3e?&WU3F7bW=V=+
zL~FQIqh;G`9jsqo_QTr!cq9HIFyl|?5=kRK`nic62q(W~L*u8&$C1De1x+WB4<0-P
zWmmiCS1x9j#!5(z#;fC!axY)EI3>2S-~`7xD)n0Ed{zHRM|r5Vs6;aL4lRnjD&q<3
z9QLJk%hGI9Od^A8sW%dD{&AJj2dJ_Ki8uP?omo#3aON`b9*P&_XNwzsEOabmb`rxW
zC)t}&g6~Wx=!=dys-5OI;X}Km&$#-(M!FJcj(M&AK9qu*44FxyuUE#RUx>M6*!^52
zSj9@+<z?8tntj#@Y^ej#Ury$Wg&_IqlPJ6w4c6i#prPa;Hw9r+6gs+^Z8Tfbm`=3N
z9pClzo9OKf741<-RT|zG+%3H9i>iEzO@Hwn^!h8711}wN*dZe~qMot+AQb=VQzie-
z$&4exW^T&WwiaRU=I{<pg9#Tqkr|6jT+;t0vBIqmaLZYDBj`;ZK`j8#s`c$o^sBvb
z7aRx#)s^bKl4=*=WCh*u&%*A(J5o7M$$d2q`;PN}{4zth=#Zzvg_B-A!yIrI_;LlY
z>*}DUjkR9$#Yz~G7zkh90q{Njf?vl)`Xgx4;SWB{zo<2*icQcnn4`02vaSLiLW=ni
zSiI!gC!pp316M$O{q$G!r-KmU1i3KOD}1IEl0LQ%FF5Ocs^~#Bh8$lL7^I~x&Atxz
z(ZN;8wdx-9HNRIeP$$;JuC{Y=fdgwJKsqxiAZUvGD=fD%-bphq<yje{kK~h6RtkJ2
z$5gb3vE~6Xqu8|NJ(DP`srYU25)IIlMFL2nZU!4mEFk_nKgZa)Xl=pKTq}F%l;nP^
zpajDQakqz~^qGIcM0WlYsNY>5``%UWmoR~b2=Kc}!;BU3@F|;>*@wOZzWwMkYjXiJ
zmc(tZTonu|-MqH8SK?XutNR(YIfLL1ryjfLCr-IF0zR&FfoY)dT(ac}cO&(xnh*2s
zabOA%E#U7W^R;o9igLtwKv~&y`B7{W#HEx#vM33qmffru+g!W2F3XDeDH-)~(y(@o
zD)x|-Wyb2JC~IB*5!2V?0{~1y<UVQdrbz3%=-S@?j$)3GC^4S;O})^Xlvea$({CWx
z1W~1u1p_52d#^vkFr2P$k-fX|I#_uM@<KnguR4q4D(7@{6D!h9n$aa7WDti%vuRL3
zmy>Ai8|hUW9j#l@h#yfrR`f&h=VgQsNp_6d`)2qE{@-}7Q;8D&W2vh9L^oIm`@UgF
z2EEZ*5d<QH{5&wYNn7;WL7f0yuMJwWAdzE0crafw;7%e${AsM_Z9OSm>5URnWqzKF
z&>f`luUCMi?7&Dlk%8KDqlue?Lz{2{caKUrQ7$y_{S)Yny5_~JWtBHdk*tChr0&(X
z{CGI1#yS}3x&WE8XK*hRbVX`F5A@piE7Kn|2UO;%xU4#|D=aTzDXE>*c<<*(`SaY_
zm=h0HNdep@<z6$a{>g*rWp=i%XC`^SGH(o@yz}8^^ZYO#16W6XI3su~d%RZnsoCRE
zuO2bx@sYoc(AUu)Zys>eBv&$kjj~|8uKNaQ2cS8kE<12VUF0>uFm6D~y-+Bf15?Q3
z)e?{;kv%3+>J^L2iq+9|HzDJxZY$ZL0uifIS`bWrr!&U7#wze$@bo6+EVZybJ*BQp
z0Qd4M;qxK{!W<NM65ieBSg&2Bhc@_0y>?YTZ?GNRn^$^=A>5AXy!v((x5c4U2=6Z4
zKArlT;fT9b`-Ngs3v;FUP~*_;CuA`Lh+iBR78J2ohYLFf_6}vNE=^9a_=g#y$#w>0
zN~I}gZPeoAjU}0+nLHv^C#O>YNzgrNvv@@j&fN6~oQXvj@oWsOx-2p=8-#a>n@_c$
z*clm<R<sxcT>^rI-m6XrgiBnwQYJfG@tF#el-#ftJ5&wpO#~A%-CouGy}YEWa8bri
z%8SWfPWEhrB+kwsS~VgDFKq{;bt9boCn`)^j;1wa7qWwu{wWX-E|EPaX(ayszFt={
z)nK_P!rbYV5$Nj5UwP5n$B2vzi=!9!PUd|1=489H61k7(Xh;2=ipd9<oga>61cS=D
z9ZH|Ujj{7$-IE5~Q@9gAaQRXR*lvlg<Mzj3BrtpIA_K1guvxzfHCBxE#_xfjJr^4f
z6X+KCjJe5UBE;xQ>npW+_P1Myb~EP&CE4;<vMja8jq+yq__ZM=v%zCE!%${dR<5O5
zTNg7K4st_A4mTFAUzl;H>_ugI4@RDgG57xxNU%l#S|usX$FMiT2BkbKDYkVIWUC$M
zImazv4mpH6!2)5W(dD-ihDw!>z*D&g5Q0;cG^vLsi?K;b#Lz_?OtNUaS0$Ay--ixw
zf$cnnxi`B=%V35<7!mB@WImBpm7qB#t~a~HBHWWZ+$zC0p|Co`$G2lkSFc75xc$O{
z+kNRj*BZK9D}1B?4ICk76I&|Ge|C=(Kzh>wvrMg5G_u<EvuIUvf;=4X4>jzAdmqFA
zMv>)XYsCJ+KdvrKexY`hw>M!R(3j4hN2`9<gkE|gH`S)lvD>>9SpI59a<T04xJ*51
z?I*o-Z{5QgnH1|BkBanINGV7Qh~whxyB6p~=f;BGp6g<}*G-8eLdCGrc=G)#J<9In
ze}RZ#j>UAP92|UpkoP&Y|AHm-)$EtE-(-oKH*&wI5n0vPaED55@nmK!rjQs6*Aj|l
zAN2?Zo$BfZ08!6a$awQF(j;_XCp8qJ%>b%0fhDx^?nHXi6-IFA+*RKdf62$J@|qXo
zP&6cB^Y}h2WaN)$VZg4y41Mwd0r;#(n=Iote>Yp)-3E%cGL_l19C%wFm?k*tC6F83
zYP<>>IU>f?OKZu({pG}sY-RfQ1GAh4L+{L7EvZKw*hMI-QrUV`Yx1c7+|^<<M<X_{
zLnt>5v{t;3_VDkFk{~`t6huz>;0y@K8zq12z!fp4)~zyqdjS{7T;%aZXXvOUyihD{
zu(KxX?~hhCq0JacGr`n&WWkRwV1-A#7W5Bx&n+Hq<D4Ak$z^RGerxgGAK|{`Z9P~!
zx!J$#SiOO(NEu)&%mLiL1m_(;@}cE3E=ri}%JZ*3_|zE_slvW5io_uwM{MiJ)o^F%
zrh!c)y%<(R$#Wvwq>3=t1J-Fwq`e6q0y4$h`>O8A+7Z;;XmpU)z*$be+$h7C5pS3w
z_&QpO(+&`b<&9xfnIU+|gI(G$Y@F{{XP(KW1AT&kyN%D#rO?msZNzZi16RWlXTa0<
zqUG*3yQ!q)a&eM4?-J5Y4U8}Co!c`VFp0XKr*{0ZcA~30{HA2%g&Jj|y86!1w+)DK
zlFslDEPZ$RZ{wfE1rCmi6MF663PnAQcsG$jU^)LqsMnuxbDCA{3Ro!@``*#z-Hz~s
zl@&VDnpUjeBtp~JJP~e4Djy)wOiYOcWf-^^aR896w$HOsn@ADWppn-EbqU9}IzLI@
z)I4c!mf$t^!psF$DIxiQbxS4uVH?p?wOJ9CUDjQ!`^v)f<bDwfQZ6<8>=`TRQ$`#+
zGB+L?)kLFHWlM4-PT3<VAgo_HFG+=TOHXX(BxuO%BW`u{YRc-bzHxNaG@n>4>epc;
z%0l}_3W0GFMA1BMjJmwDe$z6*`bw);OpjIcD29dU__erTB@F#(Dky=mL;~;KtWxM9
z88C>`p(DeGynpLyTW{K+C!T-M9gyV~=T_z}l}sLzCfi|#@#a(r_Tqu1T4T>o=E;!M
zjx{>gbgNl$<v~b`^~ot6rv^akzh4RW*L5&+s5;Yvqo<K%v*7x^D9KRqL?nYd>IEUG
zDQdYJc(TC8&0t)wAE*W+aWTyljV2T1{&{ANaBWs(x|d9!T<ifaW)c-6S9iFbFqXV+
z+yk*mE+|A(90<3+s|Zio{62AXS;O_>60E(}`+J)!VYeSTh~Fm*VvWMNt8|z&qhaWL
zj_9|NM(;}zW%Em9E<Nt%$tzUww=Z6Qc&%s=5gd`uPlAt2opBzvDL`S=M#ss~fqUx!
z`}T7@Zu;4Besc_Qj9ldOsxOvS1Yg{Zaxb;KrssIH-^>&jkzj>71x@vE`dDg6Wy~3<
zr6zt>boUhlS!6Mm0zaOjx3~UbEBbma3m-(@{1DhNOP=;D0j-&uh|!SMX>lot0SQt(
z-D~xwUt^p3WNjtOH^OZ3Vub@VS#9d$T-{W=u`x9^n}}!cD+5>ZWZmSNPTm&&DUqSv
zq+tw+^%cK>pY$Q)DDGw`=nA<QVW%^YzBzC4kH7@)b7FNg+S(*-CanwywFC+U-#D~7
z)Vo~-_4o!hnYmrRd)i;KOQ0$zc^Qend5kVC{|B74qW61!i!FXXyCmT_kOt}U`^cgq
zN2QKE{Lr(!KY>xg#)I8gZP2A{t0&h9daZ!`iWfDf3%vn))V3xF-jZNZO@zxl?r3fY
zpZ*R1#u6YYO8*Z6z5Ti*x8&gkEG~tFRFRJgH!%IrkE~+h#p4ZJOv6IeG{2Ywq*Km9
z8u7=FJQ}e>It98gKmshX8O?{wPgNPeNv2d)j@O1udO<IH2lO`~e{jNTYvzjQ3$Uc6
z&JBgHUz`O`{Djjo5#=$Wvg115IJ!UMW7=iPvhcN|jdv&l6fSUb&w9baBhfMzd11JQ
ztIiEQ;?sx34}zG~2@f%?!o+ekgrCVDMB<zJ(z;*Qf|-*5J%=wL;s}bEO3XAUU<iU8
zjpxv>-G)9(;o#$-xfm4Cc#1LpW%zP}?QYiAA0lQ1H5+AID9EBkK9}yfFt9PTAGW1U
z6GR`)9kZK^_&u^NlS~QD(x}rv-akzF^-lbH?V9Otp=l<cw^PmMjaIXV54rQne2Jme
zGDu%Db-Hex#}QRJ%_ISb(jA2Y=~YRnVPDBfI<`r<c+gi+`di%+Hv9bwJ+_*gVrHAR
z;>S`x2XZ+fAJ0mlmioPia;J=l9BX<+P?}38uBTxdt7_`TsbzYY<lfBtR#=T2+_?Pj
z^SX6|O-CnHG#F*@^~>`u;9&$R>c0-Qlk`;oVwcu4&1|CDb}CR!-Ftv|OchX>gXX{;
z{0#cD=qq`@o$?0vD_#ri^5n^@4L@>z%{Ju_Ik;IpD(%1;(7B1r`K*6dKGs(ln0uR1
zbPl}1W|R>@Sd>_rIv%>IY{S-0B{N<Tm1WA}zDlFkwHU|JOjr<}KkfqtKKz8#Oe$(Y
zU1t$A5jASB<q$7ZG<C8}n?2kB?X(#ul=Z4if(iEeYr9S`<D_APw)Ha)rYM)wC!3pE
z*}a#CDOEgk>}$e?sWnDr)>gA6y3y9EFDiSc(}kOBbXY2zUf{UukW`p7$>@(93Su%D
zl^MDiS&FBgUjX80a@bNI9y_@_HBAa?RtI%@n)1ty-wh7z;XJx}ePBw|#kCW-qF}o?
z?OXcS-kL~rY;dUx%xh|7*1DuK2};8;;9`+~vBOB_^;fUI`rT-*Y}%+x0^_1+4q2)8
zUgnX6+;>%c*-hG=p<DJW(A80cv~(Lwo}*)qUF4K$!q-FH0{geSwj+27(q@Ha3@F-;
zzLZo;OiQRBoDY3<h=>4{Nc9;(gspW*)PG(R=hHDJ{YgUgpNHzKOfd*@@ghFGodnj0
zBCR(AN=xWT<pK3}@V)2jBmb0*^5jgIlnl*eFpyA<&|xW^Q<4X3*WZvbYcjn)SDvI6
zy_;WFLb%+Yr4oR?TswiK&#6Q5i0ikc*Ss*zt)lQdERuTi;83~fkQG3k1)uz+rp_m_
zxMEU?@jT$gbo8H)qzDfFcG9>hY=SY0mY|zvsf~Fw3MrOgJ*lf-aUvObsZ$XIa_Yc+
zW;e^zGu{3f13FJR*;yijk@Xf!M~AzwY&0&O0^ESC*1;CSvf~fM*%=5&GRkrSp3K1I
z^aM~cO3vB>yxb36@f3&RA#vYQA1AmvqvkwWES9_Jmfr{V8@M9RJz|whxp(MW=#=Za
zj@qS|!<l!Z9RxUtcXV%iFM8WQw1NC}V6mm56C!ZH{Xa6+{0;$z9RFsr4t&?-o@8D2
zvAjN%#lp-`*w^CcyMQVIy@i>Xa4cIl^+TG7uUQZ}#}==)%!l<gF>ZDq1$#AZjgtD*
z2}^bF@?rh2v9Ym_58+EnFATH08vWuF9eLq0h8SW;6ZSZ+{1FOt#wNK%KdrFW=Wd3N
zs-NI#if=MUFd8q~gv$a05R7}P<GYt7w?I2`Jk<bNy6_(g^<*Am-hWpCy-5|_4bM;c
zK=N4E_R6}9mrd6PkPZU6UO>7}-}I8v@e0}33N;mbjc-CNC4`)6xtIAP{gy*<+<~Up
zEkAXS6}Y2S`P36{Fg+q7b)C{YK%AEmE?i^XSD!SZhzz3X@4{eOTx|1qfB)+I)u&FX
zc%6$-3@#{tC}Hh*7%)nIgYkxzJy>~JA(M;gwYYuH?doPB#QK>mOC0mb%ZJ4)pQ~s4
zx^)#&iWTJg7S}w}<5RZzOWJuVt!VLM#rlf={P-4+{I}1zBqNRnPrUK`ckYIZXKB!f
z%Ym1KcOYh#F)17-X0vKqYvY;o&t{@vSbUx{yxsG{zvTAZR4sw@2de}J32ZTKt=x%r
zqmB7w1s2DoEX=g8;co~2V5|o}-B>>T9jz_SRh~WDcsaj)R7IdOr^(-sw!WKEkI~u}
zE~zw4h&RxCp)MrIWA{Y%z79#sz>T=k=21Pio`fDUAP*sII3wB`&4PNKqL*Lo=|FWu
zq&Bq+xaiU@GwPhQN@?_USAZJi$&1p%ZT+)enH-Lg*TNXj#cX^qM^t6rGpSYViH_in
z@Rl&y8*T)&K7IJIAVXtW;85V5?CZGM)M0v76`K1k<IP(-r5^ziYpUqpz4G>J05PdF
zFv{~y9rBaM5dAbSMaHLVON-o$Z~_G47Wa`hwvsU}j>OAykaiHTV{lPc8tXk5AQ=eU
z0$8&nDbZL$r+}m#IF@%ao)KF}DJaO!eWqsTn)?iQ_zo49U6y&!d*DjFP0~zEp{b}`
z)p@Ciur|zte(0WNGB9lRFeEI(#m1YPIg5w^6t~Cep*mitCniHH+~o+h5;-dUksu?<
z2i@ymLy`wUA33<gzWJ?5C-{329$-T}4I+HM(lU<xu6{p4XZq1ajkL$9X=qs$7bapE
zAfMm{r4Dr$H|)8ld#o-pVjhuvI+qKt;!qe|89UviV)6Jnm{fUc6p|kn|2;XT$~|jX
z=$E@GJVqsq_tv=vEJAS-*XC3A0#*}WK6-Bbyph@Nxl}=XE6q$Ik$tJ)G@*vSLgJAD
zb<ymtc9aG3G+(w-(!x$0d*yx1c9)U0oK#XSEWg;^>+ZPSEYn&1^T_q}$^fdtrGIl4
z37c@0Da6&xAjt+4(T2`%wWEGcP;P46yxrM8UJcLdqTU6HQ=0#_d=%(C!D-a|73l$#
z#^P3pCdj7U8`9D8#i41vkUXa==^R8*aSed6h)D%n5A!cHWDxrXjXDVyFsF{palkH;
zS$cO4uu(mmeAND;Ro`@RRk?Juaq{Y`nRHTlM+hL#&A9c;S2v8Jy{2mBN<|w+8Ds*)
zG@3iT3P=-{CfJ5WGPyc2uOe>LmwWOFUSS{a92rHtaN@ObDTr^$dUSUE#@Nxbtmabi
z#}tnwqLHq$(&<Tdz<lS1$sv`6Gxf-n%V-?z9J;(R=JwLJ9N~;e3P%Cn4bgi)*##AI
zC)>HzRW(-@4jtq=pae`Q4{5`wB2Z!Rpe`}YG008DGf$I?R~GM5p4A$%koG*CJ?M|%
z?wP<<i{iz1htDS4XMl57_oE<u#_B%&LPnE%3lx*b{!U9UuD-AIyw-}gag1U?z7xqm
z-nwvwWZMz6!C&nRn8`v>I-__1rR8Nso?1z_uSk$UN{w|!Roda>{P9$jw%J65*`sBT
z?g>u+_U9_`!$2M3F;S!kbL$xiw5CoK{&lYvF!Z#K3;^J(<Gk115MMUUxoL$VCu(w;
zF+xKGTD23s*HU+L`vP$7z%Dk><G=RCHvd9z^hkW->S4mjK`7t_+vJOtJA#`RpuAy?
zvqAF26x@FG@W>j}8A@tn>3+E?Ae1?sXP#LIwD2%#q$(|kGCNd6qeca^SO<=B#oV|W
z0`?FMyc!j9x_~$_^Z5MJ81uWLUbNN3QD9wx5-k_*i*2SCAjbEhDsoDls{X7XqK{in
zHPwG?n-Pt-KEY(tXGfa^n;#MnA_rxS=786|D}dlXJAOcipO^@!=8K&-FT2Xt;0giA
zipRX23nxm)>`11r!3@3Ev)0k)HtLu>+3?VF^kKJVYUXVGti~E5cH-wC<h!-dpBxkI
zk|$jTbQ~Q;1Qit%NHS0|>?yqeHA7n)04=v!gW1#FN$*TfLG6S-lxJULt_g<qy050*
ze)G%?c&Jn9X3dIlMb_^`8Ih!_>vD@9Ekx`aBfbn@=;TP!LMH7^KqVmY@we}2Pl2T;
zUq(6Gc^~di!Obe$3*P=Q+-zX!c(K%Si$gaV_&SpRimieK(#CA`<>yZC{YR;tUV=(P
zD`U#CMFDAIl<g#1_22|ZGJgRcGs%X#KCYa4UAf8qQr%Zv(*_8a3&Fm(pgyC%QNMqA
zQGL3%lO-dsO#*qtX#1w;>UXl|6V&ke$cU4>6o!oaAPeg?383<LRyK99pldtAiu4C5
z)LD28xEOdSJ6S8b7ApLt8~9nNekJwvw&7@rE@uolSYwf~?$PmW-Frr9Ke6Gy(;<C4
zZCrDM+xz7u`WQ7MlXyH1{0z*KdBBS7{_?syW#H%P#GDh>-^Wb@O$L8Rx&d|wnZCf3
zo*T(+b)ww_w=H{n>+qNN@y|XUiWLWOhhKJmo~C8AnZyQQG)CA?+6{HndKTmV4|{L<
z7G>Cdfs!)xARr()AR#HBw8Q{{(n?9ENH;_0&@C+>k|Nz5(j_fj4vlmTF~oWFecy9k
z=RY_fexJCQeCB@c*n6+F_TmOw&#zKXg`OYLDMobiO8L{6QuNA*)iTO+1r2)$)2!LQ
zS6SxhJ>X2q=7}YKul!*`-y;d(a^6=!jY3;{qhq&=?QdRukt0UZZ?;8Qiqez#j%F66
zj<GqvtNn5#REQVld23qn80}S$rEB{%xAXh&b7FRzF0cP%Tk~4o{-h`XU9fO5Yy}W@
z(NqC_$42yMUnJBSjv<GH907sC2NJZlguaMer9^)#fbJ9iVIC{VYVmnrsvj0t)K$IP
z{yZSwv$nV^H4)=tsr%}a)Ys;dwc!vI(OyMcX{u+$J5zk$Im_8s%G9CC3Dm~;W8NrE
zC;33f<Ump%dld5keIzYatPODFo2>PY&^$ajO`Q^0W~$>w5N1P0vnS#zR{%sbd64Q&
z-@NWOE8*zDksZZ6@Gd{He$wM^0~PCUw>!=CSNWs>cx|{Z6LInztJhriHl0*=g~qOb
zjXgTdjTIm1<IQFb5Rl><^#PI+r%Tz$8^t5KsKZ|I)mbyqhrgyn*3D}_$SoVf{aa?>
z)_RjpZyI_p1L4*``NZCn8z~m4E!EjzveTxOrc^SpcA^|Ie`l=EhM~o&wtCV;1>eBc
zyRJTWrMhEXmC&R7pCwM86xwlF^t{xy$*q1-eOmA|TB5f%)Z~10|Ig`%735=bxH<L*
zIimGKG4qUJPtsO6<zaj{%tW6RPi>dW%e6DcvzTJnQ1iStnub`3l$$u4cg>_KixQ_=
zM7R0L>-xX)kBJOTT56sL$vmvw9|r{s#tr@!r1A|fgAMzu_j(m8f4@pR`ZkZ$C0qay
z(v^|wKX==5JnLzkjoIcWVeZkChPF2)l^az`z=^a$k68Ju{{<MLR;g+sgqC^>_T&kq
zEqB+{jc@liQv8w)e9pIa&UW}cY?}Gd-sIX=R7Tr{9Pt!An|p-y3@*LDPwOEnLvF6<
ztNH+c%lVn4Ke>h$mOqD9*&t$ezkcP*g6Wkoc@V%z8(JyXt~7DUl0AP2!9dIa+-9dA
z{j>fxYD_xa7InDas2dayJpgBCOazPRonsWgwaZHzCJfd<36?NpMcMg6%OOsSPp#@V
z2S@V3R)eKo@Qn@O7gcaqT@Ics_kcel%aK+*F@1o#svz8fyX<{6d;NBGtR;o4E3Gx_
zkr8s4&q!BvhqG-h#S1VAa_qWt{_`t*RjA3j#<n)%DAoDX`vl=fpyR?zS>XVgC}N>F
z={&w)dWjZfTP-Y!8}<~Ose*i>mpwOPMWaM?V%qTXnr`1um~&|nMyH+;t{XaXUP8vg
zGw(*8j^tZ?rP$&zB&HR~n2BG5u%8OSn4V{_)kLkx7C%qQv$^mzH41ddQswDwAmByF
z0R^u-W~^#X!M-uGq^eI(mfrlWggWaiVx^c`p2ytOWPk&x)$KYhi+z9{uuthyO#{HU
z00lwaii*=m=uy4j{oPIVd{N$?6ZK*ek0n6+=hPYd5#{r&o_QwbN=v_P{z9_mmd~>1
zFEB1W2$X7L9|)b_eJG3Ee}oE3cMrs7ub?cBx8f-Z2ffYNPpn9YkVE2<zrxaoqp54F
z84p~jH}$yNV3jIXbqd6qW(&wu;iqYCeKk5<=KhkD@|_^uPA^O+W<x-z>8Cm$iQQZC
zKF1d%?8|_uZ^9zWU3FILr+Nz8LcoL@x6iGVPL$X3rwrsB*0&n`Qy6cI{$8__g#MuI
z!qi5o#)Dt`9(#4XU27w0>`=#K>w!<QOo*evcq(|P1zA{S6eo33ES47>YO`=WG@Tq|
z0yWo3Ub6>U!cAo>K9c_3v+Kakzr2myhi%OD3KPxs+7P#GY3tS5$l7(WfM}@8jG8pQ
z3cjiV_sQ_V{c9F^bnDiukcKgYNPK|(A<TE&r*3>Ab0`etwnpsy^Ve%U$);#^(FFC+
zrZMy~`$K(t{WuC4HWmxsxL2ih14Zkkzj}Q;yeVp_qPAqt_Zh|SKwhbOL5|~~1l5H$
z*p*@ib0<mfB%p_#nFQ$cnSjJJap7_9z96*o((_8&e9Z!te-iu5c(OoA_7Y}DbYDnT
zG=ikgku6(xswBXQ2MXPqzIzMxg7s{q+s__6LYIC4PV+4I)tFy0Xx38W<Tn1dP<E6o
z8DkV)Icf6B5JTdF=m!a2ai+C-l3%LdW&457t;ruS-uaHWnfQ^i3B1_vKcq0$#43Q3
z8yTv}_UB>qBB`aiqt!LtstC+AsQaGBIz=@d4{7SN2EJu~@}1IWCqL!19hU&te73-x
ze7%L{6_<XK*k4(Ck0Ve<*-$F6blKD`nqOVP;)K_zx4Oa%2iI1VLhwe(IW#wIhlMr2
z;G1qK35z;hz04Nx!y*qNaqqnnO+bq~H~%YINZ?>FJ^50(FP0(Ag(1oUMcg)&Ir#SQ
zs@}GJ|IVz%^fvnSW#91|=HJO&>8DO_=YX>|@^qbo#uQKk3@q4s%Wf&o_m!6mwXI4M
zu#4h~3g20k3!A5(2d{dI#TP4C7ME+$zN|dCjG4<ZZRsB9wc)gQ@+GT&x5~WcB#Y|S
zqeYOOz|kNDao6O%=oqm`kTecdPOSe{PK3FN-sBA14}8iOZu#07qdCIkdmMQc(gGk5
zgN`RUJk-sxb07Zpzg<M4032q-whrq-YwLK9&~uRm`~BaSyakKeXzxZ?-u%tM)#BwB
zcr-r3{if<xw6i{<N=sKc7JLmyhfb@rZpB(p-n<`n-I?g|4l>}DLn#5OeVIYYypo&j
zhxUMCU?-fFZZzOc&HckXFtp;}C+A=T%+|Kl!zsCH>0Ev3xAVopOJOj}8D6b176jdx
zvV1g1v!^QBYr86L-_wL7cR$gbMU^Er2QSj9<j-Zu#%bU5_j3EMAX$~oqH#c;ww~4V
zbIN#sp6}-zpxymTq$7uDzHik$JRkHg;i|_Y9gMDB71*dq+LvwSMOU5sWN<IE-ttuz
z1!SN<rDzgn6FU~?ZbY#5IWc#Y`UfaO_avY$I%>S*m#L)IgIoCM5`D_TsMF*{O+8t2
zN_4ga9FkeN^PRuKC?{TD8uEaQT^c_{PL~<|g;T|!fKQ=(nI0Fb>g&eUC^^^GA*+Gx
zA$H=eA}h51^F&wkW(VJC&8%0m%8|lb>j9WJax9{V$M2Qb`QlTz3uy+8pW%GNDp0R<
zI#5BvuuvC^&M?QlmtV?@N$i}Jj3kb;!3mN}e)l6ZBNJbuFAoF$-!s+CW5J$^Qtf?T
zNz-E9v^7c=%M4IUG;{cwe<BR5uLS2l)ncCdT(o}?BYHrYcC;2S&U?>dg(~INVvvWV
zK1l@Bx6eY;_W=Gg*Nl%%MX{~ByG;vspkg3tCsiOL##<c$rqs0yxRT-{sQHt%(Q!?W
z&7V6><-;o^gDx&LDh-*SheMJ=(IG|7vWj77)0xxib<)Chi`@yvs+O<3*3CwZ7i<8v
zH;zq)D3+nRLNI8cm~<Ho?QO8eda*}e1p59vk2!s?6jZ&7fT^33L}ZD=#P6eS`&LMn
zD|kQ@xKzT1gH$btgHkG~O`mPV9%U8D#89xyT8?fUGN}@@2$Gv)d0@fesx(?~f8K1I
zg`{?-S&PQPo3(3cNlj7SSHImi9=}_7B&s#_g_W0xfz)4>Sw!G&<uci}j&x@DFWuA>
z@<EC_Hv9VuKTE0cp2W!2$>F5=e(#iN6%EqZn$GLfE@KzaaMWq!^!My?<7vREaC+Y@
zEE_3J17N|jf7e_(2D!0VVU_7CeH}kQefR|kOH#Knr|On;0NlTL{jVYk*fEvj7{V$C
z2Q~YS6Jp`Vf^i$8-ybq2<}o^Mji4q0R68Suqq7~*GFjWpjDE@Azo^zr>JO^ZN`5i#
z+xRpl&0ww8PQa8raie|Cq6VN8;RWC?1T%zFdtiJ^B}vv4uj3y@FwZVWQM^ijj*hVq
zy2baDpko?<B%C)EWdu=hX*dPe^UO?rVfFR%9QK`8Pg#8n2|uHpHOQpix-M4hY|Oe?
zpQgH~o4dMw87(JY_*^$21f%m<AEz<nEi-bZc2v~Bl&KSzqOdI&o0Z7m*pMmj@_1m>
z>&Nub^r|R8`<#+heibGb>I2x(9x8v~lr|WlW#0q2(RuBSx7-(sm2l7etTTNlUN-nz
zEoSqLtU;F5A_#p=d#w>m7V8z3VPzDSF3Cp{RlXoWQ_qK3d;<gvqU<l$QW5UlE2j>g
zz_^|q4^VpW6Fw`ipEu79PAgJGQcr!`<C!j{NvZZGy5C$h_Er|p`-)M%XfQm9H(!L#
zppoo-sixfWi@!{#Tx65o5Vu5Fc~z$$hsDM@@HNYgkqI^O9YM2d^OwJOQ8x`hk}Q?i
zLYxqtvW*k5gVgNse@KufkDY39&V0c<lDgr_G^$2$*_}zH<TxSg=K22oxn0{%l+-$I
zz(=o)!u=HL#mcxm;d;=dZwrv`FCL&ac>IKMu+_<A;~pAg4ZiuFO!G{g<gOJtUo89a
z$k+3HO6xSL{hM;;NQZVUl&cqEm3UmDP25XjN+1sX3>=fOQGx=R=w!A{1luYvXb|-K
z+0+7y$$fWB47r~oZM)nJiNzfJ=!mP3vxUo-qyl45Z-6tm*g3zTkTaEdp%CQ?%XMgx
zlUIBOjg$NFDo$NgT*oyN^b_>zi^t}U_ulROUMmbn^E!FsN{kFchXW7%Rk>h<b8cyB
z!Qy&v<V!WG&%5AC{j~33PWYvUz6b~TK;8ppG^jO0;$idXPcbnJbnw>?>$e)R4?r>v
z&jbZw&AuyMr>CcFIhFW*aG{f8!&{xvES{3`PGg*G>?GYv8X*M3Wqt~-F+rJN35D<h
z!_Q9M$RmBUaU94@e-<tdYqwSgOxsVJ$d_pK<up1vP9ISpn44SZh1xjP*4WRVHLXmX
z6bIa4HByN$e;UtzE)gC)>U7JK_B;N~U}M<YWW(zy4c!aU25m9Gwa!92Iv}?w4-O%?
zdA5B%y#Ur2cfI{e)ia>+$kiy4f5cYsOTU+b^Q`DR8pdOqM#>?yd5O#+FqF1PaqV)Y
z(RpTsIjp#B-f2@ln`=FZ0E2<1qoXwZ&m!2cD=3qJ3?r)bfU+^p<!ls4vp=&Deq*nr
z=mX_2FIGr>E#1P&yOaY#*0%_;C7~e5;R|q(>Jbxs254_Vv1uk^H*0@M%aT-Yx5PVs
zxH+7~X+gfIVCSSw>|w+5@(NB(Ji-cMgzR1XOsjsh4B8r)D%K(rQV9$TJ8a&!BD-gB
z`r41vEztr-;;TJaRnZp2%5eMKB9ao9p2&1ap_e*qAJ*hhl#l%bZJsRW2QY5uIPj#^
zR8965q?W&R{_O1VeR~`u1%SPiB9qGXMH(N2jWCaYka$%-MJeMyZ>X3ou_c}dp~CiM
z`faK~$p;o-!-_+|E$TJnq5z0Nn+{L^$2shHm6=o(O@;y#d`W<%3ED@WX>Ts2CCLd_
zRj8q&aYbB8Np@eTz4UTANet(+82w_Ytvs(5mf>}9)1MX=GN!agT11m2?$ev$YD`~W
z_oi+Xye`dl=_uvruN{kn0Z#h;Fvyg6ivzA=BYk>u1Uuu&_;%@GZ9PeoQg#F{?v6S%
zp&Hicz|>|PS;8UyP%0rk>t<JXfm$RK#_Mu)H9mVeO%xiOxF!n1m80(zRxeF<HLNCF
zT~>Q8n#NnVYD}P)@9^ls=RPymMG=apaGkK8{)_D*^VoUEz)Ku-VYp-SpAKO>e>fQG
zi&RB>0tcTMVD=3IV<`*+8=wYQXOwA>_~RJiw}`4B%%g#XZ^^m%2`WHLFBRR@>ATyI
z#XAS@$Ed{Yq>qUIp@EHFpfPKoN+yVDjAPQVa(@?1e&_%32*^^?TTFyg7k&Gue2Kei
z<A*Fj6jWG`!{l;vN4{fAy#PH&xWn1Y!1mx|yl>hL4Z-G30vxkjM{l$S2=~Lpg9Kis
zvOp<ddScdHe9O%JFVhbCz&XFmI_o-lzdg2uZtFtYX*)+CB~tRi{Cw*s(ks$lSc1&{
zlYe@ncUjt2o58gtP})xSAn=3VMV-PyaW3$XRX}(wT&XWaq;1E>7HC4XBTgNY#c@4h
zzdG^jSDMV%Zr-j7$DjI?`w_S>@NXy^yG+B{LoC=HX=e+)xObvD`zw;{Sn+v59FwNl
zM)m=0()ckVaQLJT$Jx^`v*BAjo{Z}4J~oj+GR%)WdpPrt_6>_$M`hXcBsv=&jqt)l
zyQtDwUOwt<jC7_bkIN<N<0q5wAhEQlwGH4|M`u0S+r!+YcR)4b{hAB01wlH?cwAY@
zGo@F8*}{)$F&M6&;cfqloCO1mPQs84?I9H8Q65lClq5xhjLe!uc&Ey=vF%ZKG%%E9
zSM(nG-FsaDw922Z$wa7OGrT@LR5W8f5nPAy2{>51LccIEjR@5v0B5i17$?7blpOo|
zkKz5b7SPA?yxcEA;s!y?;>qx9BKWq+=Q6JNmM+9PGO(7AMgmNVh9rkHexz=gI<gM~
zcc_I7csnyM=7Ofa2E8LBVyZdzyXo`Op8W%avU`^};4idrx-eXAicXVB24L5&pM+}Z
zYB<_G=zBaAEE%vN)gS2p=tt9$XbEwkJ@^@>&;hstG7Y(*I*@~lV1&_Um(yv+<xr{T
z2P^Ey`rRbpjr#GUgNI}nzEa{Z)(#uZfn3}D?!VAR#>GD52}@8=7;R1cQtcgaDT*af
zBU;C!KH0mHj_;TkpdE?<0mvA&S!x~RsL$LWj4=ak`c83a$Hbau{J!pRnaa#9N=$HB
zggJ(~!mF&Vwg<;NWSPRsq9TG7q}t=<k0>bigCmywu7*|=vGlZ4t4EXGs0A%Ns|g}4
z(Oa?N_6+cS*l8&}o|U_3E%lXPVP%nZTwGhLb(GF!8+(hbTXQ{L3}!c|H@!33=$%eQ
z?M&iJTxsXw@l-hUnO(50&$xTi$Ua3|r0*2~>azCOR1mrsKJ2~uF!Q0<bOSz%azY_#
zNk`SXu^Qh`YOG3oh0^3Yq}7SU>Nkf##WHbZKHgBTiQUB@iLXp?A@H~h@_*}l*}9-$
z<h>f<I+~)&s${Ae9XT>GoT1Y<zL{VZ!^x@fXcCM}w@srFZwPzb<;%~~#BfFsBcYyQ
zLyn}*c;9iG=vMLj0+cT!4h{30DK``}#>T+tZugwE*PKssNoD9%fN(OzOT>^kEgQcj
zl){S<SpVSlJ}}qb%c~DwHa91CvOQix?jNw=<m`<4u>~ReP1*GVemBi2g2nqVhA|8S
z3?ho)cRlV3e@VM(7WDPuV)0I$|K!tkL1%KmQ^Kqc<miZa%{c<q{}i`_%HzC~F9!3P
zHbUU%$Z|b~5LgNl65Qg3j~}^NV#90$b%#IOfIj7aI?h$+pb8JjQ8A_O?UUO_fd=Rv
zKNg-wN}b6f(g8tKS_Kvu8C&<`SU$*B5+(h+W5wa;=X#3!UN?-efb?|pv~;fz*l(eQ
zFwkL7mGbIMw*>@^v5z6c7Z6)cB59#_rMmUQ1CP$igG}^#=Sg<O6bWP{I#x&mX}iCV
zO}qY)$R%b}Z#F2sVCav;v0$2}Eiw|stfbuyMiKW_3X{>BQg!-5=GWY%WqPi3w=N-d
zmau#u{y}Ydp||{Bv!u^@xU+sWhDMCq+1z&2kuPASxN+!xyct7RTeeLhE$ga;qF&(p
zXTRlJ47t=j^-uso;4Sw5+r}&RC-R3_+~MGn>-87nE}f{eop%bVu{n<&&`fgL8nzeN
z`zdC`-dhuu+qzY_xVkRLfU)u0E?1qeu6N5zXR+#d;I{?X11_`nI!17|aMh0X`&;@=
zv=*R|3N9UFi(XGDzy$;4mXnl=8%RHoF~S%Y09J#tJ%#E(u7y&DkAv0V7f@{|3c3d^
z6A4o+9E;e%T+hWvq>WT+@S#7nt2{q{L8>&t$Z%KJ)`rl}Ln&d%SA`C!Y}+Tjnd=5=
zxw_{{{gPY(I1Kv%W1*d-J0|#Of%I^aJ>q$^A;90E==?RvIa^6Lz#M^%KwY0xd(w#s
z9FxkjGc=f_X-g~`_OA&F&D!UHu)fwDh0yqaRM@hKewUMoIU<o^+M$8Xi?hXvB@1d4
zvMY5mUG=fElZqX<a9ZnCaoQTOB~@pzgK|oj$z_=C2z1>Ur9+UC&tY~gI$c#u*Ad^>
zn(X@sQFKVE9wV?@OwN-IY!GjyMq9^OBftO`5^xIhMeV~*h6VlVD^{ol?LI$yz>CYM
z2_m;s#04)L!zm;8iGqD5Y{Q+=d2E<EzwVkUJUMS8e^DE{TOF$L7<OwtG`-J$EfB+T
z$vIEsK?!Mr-h@<hwbGQ}pa|st<jTdC&;|~j7LpOjA)L<0AI?0#CY%ns3q55C`y?bF
zxACakBhsh4@pf47zM=+iRv^qpCCk?aJ8z<oFRB#GTe-Z6Au6O?_QqoX{()0eND%W<
z^qTBC+j^$x?}>8APlg6;94#{$A}=g4R8ub-kJ_q)ZJ=SA4%cXk2fxoyr&;$V2~zNB
z;8)fQyvFw!Vi=TBgQQgmsOaosi|RSzmQW{{z<WEcE)MVS41eC@Z2fZV^u<j5YHAX}
z-VJ8<yGH?nXZ(b|GdRtPH84iccb-WpB6%HqWxSmy!=1otW18T^<YdkD#m1~Xp)T{F
z6w!m=^;sMxG(_o0CDk17mn;~$EJ*=gANAr_aEO*x%Kj;sj^W4NVKbCahzR^bb&9M<
zo<SZO=1&<oDwW}Xw01H$tYaq}X5!kxy>>x(JAO+9CGO@|4~fp1rEz3pl4h}zH1q$8
z0XREgVu^$$fvx^P<;<X9JuOgd$XGy&SD|mjtrK@o3GwhSY7u6)1m>x@If`Kvn)S<|
zpQVEzV4N+CO~s`=#9-(QB=L>Rs%#fZ8S}jqt!sY2*MZDdI)d%-PY0Z0W}kr8;0zC>
zNCJuKcr!S>yqHNx8AcdYSUX)IV^VS5q9eNSImSIY;Xh*nLIs!N&{v2CXIbYrIM-UU
zuRyk7E*Pv{2`vQwAtV1h$v#eiqm|X*^&>b74Yk&=Py)yuJj*b_l)^9_>Ko|R;l|X8
zhJ<-71XoE@cHV`Y3UTQeH$$A5ZXR><pYflGf;1d%l7=*f0=7<Ym-$H^_bqNHxL{jN
z`25T#)t;$qwwUS~r`Km*{v7Ng-QBfPsaV5hAT$I014pYP9g!BYLo~cvmJ`yNG)e<y
zw|ia0?AI@B**cn--Mp0*fD*}Toj*pspE$jXKeya#9tvpu2=x{c&?cOxH07VC^dVl@
zz<aqg?RKd`S}%RkeZg=f71!IA8$ISr$-yA9Cf0Wqx)E|{bOjzBw*wAa!}FF5!Ae?X
z$usFQY;~(XBqBo=m8<gqnX!`YmLu`l=!}Xb={*u4Fz7U>Kjbxo%oD|RJ#D+*=Aam$
zU11e%1cuRV*^f^6M!vIgyOu4Vhjy)D%V*jUFhBV70|Yh?hy<e6x)9pyV`-ry%)BNv
z;nsI(>ip7pA~sgaNb*ipEAPh!qSF!Agh7U<h89abj31o!%%g9eE)eZ5`n3eqUq7bj
zWjnbVBbj;ifp+#EPQ4to-CzfQQ(^?(0tkZJ9%>Y1F3RgT)%^8OU^&ON>M3Gbm)&R>
zK)Wk~tcekyXH$OPb)8h`gYncpVg?#*lb*LdPWyq2{t$yXLk^syI!>{V9)LCEiug`W
z%2r`#!`e+(f)gyk;PNZe+toq~tTLwgQEQLClN#c`igNIg5(Dl%O%k|b%uP9CFf}d`
zDb@TVEwsYiyDyxj46l5_er8(el@QO7hx*T+D}URr>x{2kPUcWOTt?1$JXD}S-yNdC
zr2WWC%UINETlaiTja=)!aNPz@<%3nm<bbiYxLC)JA7_#D!lxC69~D6Hg#y$WAGGU9
zArz%bW19h+MN7sRolVD?fLuo>-8f4hJ-Nu12}{t1H3l2&%^Ag>1d=c-fbG$bEomJL
z?*|?@<J^#LVX}|_$}rautBEo{S~9dsgEJ<I1Ch_5UzQd0+K+nQvHF)S@Vc1X9ZQev
zBCvGN9Jicg?t9(C*P;Z7ux%LRb2B@OGVtw}>TpoOw_V3Bh<1}TiN!LZi{sldzfSG_
znEQ7;XgNOmo}i4~kNo~^LeCr~yVWWF=pL0V)9TV)zoIk*j?=h{w8HA@=9l}}K#DXU
zcz?HY-+WVlk6c+_?Kwprs-pA3r}BHG6gwGWew>E}(x=W!>G`8@SJ7CyOHXcJ1ihy1
zgrcq=aB>nU7x>-ItPB7?V;oliEVxfD^TmaEy2hF(Q;v}Iwc-ba%#Gh&*8L1L0r6Oh
zS;t!}^XHug%lN(|XoUch3uHFi@NgKL3z{*W$GL;zu`uWfw+n2N<q|CPObRBeXOdpg
zJk~c0uc<M8N>g1iqWVG*-YB5uP1v`@)oe9{f6LqYlfka(SzpFz))qX50a=hjg_n#)
zVK`gnY0%#vDQVZ3?G7?<_?cb4>g~^li6FhDGf@JlSszK+zYB=yR}c7xp8wdv>LBui
z85iraRQ<Myb3-rChwU60*-+zs6T&e{;dvWh8>a^s3pE!>F~~&;)acIE{T{=!rHzql
z8lKpnS}gBe0cPUb;~0ENKRn^fKzV#MQVg|im2F*P8a!Jny2roh6=iUyW3{$%K5m_P
zPA<@P)@6#;Wr!Vpbi)eu3mv;WqC3GZK&9#$3@4{7Yc?<fBES37`<wC;L%<p`=^k}|
z*KYF@|CSH500u(}ZV|-yPw&_KZiq>N<d2#it=)=zf6O<VICxbUBFGwpzdY^+A*1Pg
zz%9vou<rplb=(9QQJ&BhEb!JSY)cz^qYay?ew;b0B($Zx&K5N|bgs4dn{vUn|C1^Q
z>Ae%QUych8=XG|VNzTF-o=}}TyFRDiQ1QF21`r5A18tCTyYh1(Wp~?tT%1ab#$2HD
zA?X$1f+%?Pr<jK;gO?UbT@>&)7Ppm3WpH{2Q6$a|bs!I}SYaTjah^R?%PS69wMbDZ
zc3FqTHJ2YuI2{Oi6MHOuK26ULFy#vKiYAg_jcZ)<xY0A1jfoTF4nsFiyQEqm!yBNX
zfU|^}Kd9slBcE-rC;<=dwI$R)GYZRd2$4#}^|>!}19`ld9I{nf?^2;Iw#6|X30ENJ
zd7hMDf2AI2hs(klvNm<u*n4hv!z*T&-nhzzFqU*C>TwZr&_8lC?kJT6S!Js}M<>H5
zcc!76qGz(cXCSK;i4B?!y#qsoV{0wa^d^>f%tNg@x2eG_y7e1~Ap)Q@84wPARk#?H
z5uN?VNhJ2^k7L<c4!ul}+AHke;6ICdp5E`F{pZG8yw|a$Xs6SonL*PV`HDflc-d5t
zo<8&~%wE)30fgdX!y_7;lGBE%hQBEe41ITs^luI<)j)Hi)M5LUc*O?GI39!m`a&P>
zRjXu)R~|iAJRuHwOQ(FAM@za6zK#qe1K&?zm^H;o$+u<o2H%P+2H!5LbgJ$ex6fs@
z?v_(+-9bg^r@0R<${y~12~G%EeX!Fm=-nmrbunO-+_JLZKulzLU+v|dpvbSx4VlDT
zWWHm2r$9l<cmwg=qai0qs&dWjInlJXPWdFR&5oP<vA`>X-vf1=n}CtnHnOXVpD^&l
zDbV+!(Uqorc!E5im~>2+cFj|?&W@>uUN1uGw}g!@bfLBXD*4etj4ncSpMh}bqXCPM
zWfr#76IY^PI#RS_XyLi>8i{YLfMeM(7m5~|wOcklBN#)wJZehM*p@OFJ-ZnDhiG)I
z##M;EQ)qb`DrVRGL0SE47;tKOP>i9=1I4@62Z$<%X@(gpJxG6h=#h&5z+)_d_15b(
z`umRvOHgTW*N6tbI3?0cTVqMH6CLYEWu+qr6vINXdWd5mi8ln=l~QJ3zY1c*ouS90
zW#~(H)_D=a9cq57XK9D3NvN7~e2uTgpg4a_+fX+F@f}{VtQ{FcrXGc^Inl6w@J!oT
zOL>&>2lZBHoG(b1>()z)xhZ$U_eCgw7Zp|C71IKb>dN7!txH*ZuKc03h|NWzt)idc
zt*@%2r(-&;8-b3k#pR9TwU%ePemX_Vn1^bjlJl%U9*R<?J^@+2X{&S*3)b{rG!Kch
z1Vd{=Lmre$M&b*XN&J+*-|L;;dZbB56YsE-zp$%;Yx>dIPpl-X8H4dEWF@~IJA1Eh
zUmB7jdP6jmshWQ!djuf@CL1yOfAi_M8DcwP#fmTDJ|BedRNs@4N{~tYXjkhYxjO&b
zo0FV}BPk*Dwhkjff()AaMce}Sw-m^bfOO48$P6vJ@BXr{UNa2KxE=KR6$B)t`MJw?
za^W@6r!SX+Tfd7%2mWLcj?^8U7MESPo-`%T4R*{f(n&>$e&_h^F&B*ui{UwgkB00k
zG#5|!snD0Ng(a1zYYwSw_2XyZ?t9F_4Ej7*rumk9r?8)^<M)a>(dJa~I4Lj^GdewI
zY^RfX4l<=QRkOkBc|BpOS<QAKVtF79$uf7AkSOwNv(kOH$OH#ZaQ`=z3<_t(6J2cc
z>Fa(ew4;jqu=4>+N&jo?dfFlh#xq_xiHO{6vHoU;F59H45C4t$82cWDaFuG~Bjfh!
zYGTekLG`DuCT})XJA!HolE!9!zLqU=%hvE}DMI^fFfvqUQEWQRiB@;L*IXdHF0hom
zKUTjeo_E1ihu7zzY%0MUB1J}kXoIlQ^%^yxk+{+KmS3kLH|Lp4iW`Z8+i&$oy?`xw
zJ@0?lIzR^(UmulTz1pO)+j$e^E>(hWY{-L$@*x4!&rDCdOo-ZN_gRuK>@VZDhk|hh
zR{>97d*k-hXQpqLXpkrtTK;|Id6G*JtTN(E!8y9}h04op(DR*&JGUpTeh$C(4^zw>
z9dZ3C2X_itqARvk-&3zKEF&6v-9wHkdxTWsYlW(RW?F~+J&=FHhm=qZhQCq7XVo-~
z{5lF>0rj5*!fggDdxC^|JfmNR-;=NI>^$`uo^?v+ATcH1-L*csX!pxqT_I*cy91Dw
zq{c>z%^Q5<b}&APCXFu(Jg!~|jHWLV6p^p(uRujUl$pS7I%46^NMC3YUFl$9F+;Ij
z_(WEKtrOS}A@oH5&E()>Ua2k*Ao~nz(i?IPZxQ9=neZ%A(nE&T?9L;g+Pl#U&HuSM
z7?++-ee%1bB-~Hp?lS1k+b}sLr9_0Q4!7}Ijk#LbI~ojK7O=$O!xE48aYjKh1POwS
zqnt<n6sfaoaDW3ZRLRpw>VZJ1KNS1FfIx@&!wl!X4Gp+J2{EZ5ycP0PoF)u>e{}el
zhy*nKFCDb1)v0b@X@;o;x9^^yR_>R5L((4vOENG*TNJf!^3mi$9w~XJ8<3Wn;On+a
zFGy*iS3NVZ>4Tx-H2*4}5T&o~@?=wrm(ua^rKPscClGoDryHOVvM#{==X`(nH(TDu
ziAeAUnmO`Gv@@Vk&4g3FK^*bM?ZAx*U|0{PDFUM(J52@XzRYvzNeUdgw%xb`=0CK5
zH|X!(15d~_je%JD`vZdY{6Q&RH<#fXm%H0+EV9t)nHh6)^By?Vn=5^I*R1KM)!)zj
zTtodVj}275xyog%r>M2T{BKC4f6dJezyEjTz|8oYw%Fn+z(|0<|Na5KruW|*{@(+6
z(b>R{|KF2Pd1`6&xWDiE&#U7ELjGOb{~oX<_&4JJ{V3=><-bkpf3L3L{WlT*_jXIu
z|BT%Keer)r^Z$nW|0dV}EvNt6K>p&O|3BC=g@K6Sk-8Q3zs>2Yk+jcovRR%CkrZzu
zkb4+!#)sI7GP`L%_KF*jx!aOoEI-Q9mKXgUlfV18^4D2t!)6SZZ`qX9wEb!W%aoPI
z{l0I?%`#6%@;XYv-H+TU?GqR(|DO`?-(R~9*1_d>9p|yeFnqP*eEA;x2dMo5<0~m1
z6Do=n%}{?4a!AiY)MtPemB|nW3-hhKZDUD#(-Y}eNr7n{UZ@Cy*kb}`O&sw<vDZoK
z1MI$K;a;D=w58!4%B|Rhemmjjz_43nY7UrbzAB)06|ZEq4;?#P71|&x%#NMuWWDjT
z{a~4(q$nemYUcD7=oV4_ic&5!j)M6Dr(-AO9OEm>XWegP)*=J*+4<7U_5tG|eObBt
zartJ3&n1-)Gsu6NXA|wYpb=MNXz8kmA)#_dL-q;@aCF0g<8eI*Q&6GurEt%?sffD*
z&T?qA@<Xj^_UiQ~=^T<uj*O8MT7~!V^->Pe>cy2x5A#A)>CR4duHVhm)*AMTG!||!
z3s6LmR(A2RVLXKP56H)+TS8dY=xf%Ugni5t{G@-8@En=HH8IRtx*Qt={~1tgR60hq
z97xI`?PrJ?uy#i)?=nW8D0eWRiC7qEuwS>cA6OSV4p|HKNCH>r|L+Q!_+VdzDsw~9
zpAwjlpkF!#$|bhQQa-vR)MZIXS|<{JasyfC0(XY`H{#?3-ihvJmaU>pZpnjHtE1BO
zRBxEzaav3O;~#o98Or&d{O;u1Sv(7d@s;9%6s1>sxU{cO%z%VKAjgWY@_9VN9pYue
z_gV9o@1hwn=T}HOF5`S<K@c8HVCnax<aAt4!xQx7gNJe-npbU(3~io#I^0f-8KE24
z29QdrlVIgr;jJ$XjAVU!Z(rQ^zr=&RJMWn}(=68El{3z7;mKd(dYXdF%PBuuuKUHl
zajn$6wB3C4g(8?dA&YgmGkxi|?j8N&*v#YWPs&ddd>=c>1|No07{U_(_o+9Pvk<^?
z@a@>^Z>jth$=(Gz-}`;PKiP2Val&h)k#>COIX#lMKw!U#R~J{*wII5d`HAecA<>Y9
zMzKe|f_y6)-}kt)65JWMci590LxFUmdxlHw8G0IjFgpM1n0CNPwtA|evvPAww%FSK
zEx1=d<F>W5d09@}jAjO@SI20c#qkW8-3bsNn!f&xIS<2H8bSt`S<Y&$=0dME7Y~aI
zOQyMK*)Lts&J^yqsh+xBysj)(@qEz7Y`Ev7vWrja_D%!8Gn-3b&G~y{x+};hzm?W!
zC1t5p<Grr?lZ9P{s_M!oNy9I1XMMYpr;2FVpSx+dWt|;T{gSp}Wc##!Te-es4&Of*
z47fwwQ|VsXg_?;*Y(8{oiohof6xzr7kwb8H@%mn}{p{>))^jkwD$!*Qj6z-@&3#Oz
z-Q3*F{OF-ZbE0@vwzfJ-DitPK?n_u+a|ysuaZJtD!bC<HEtQtOza6#Rn5Ts7Okrlh
z5cco)o3U^0AR6ek2XTz+K2M_NcEoqP#mSHkF%m;4ijz_nM5|-h$H}JH>XrK&`5EMS
zJMMw^MXdVgKm9MU;Qbk;ubFq9)IxDQr>sh)^pr*4;r=%hYYBb6EcCv=+-(0f+ub8`
z(fn$AnWpOyGY1o$R|RGAu=@&^^Vt5lJ8GzrW>0${UVs~EzMv}jmQ(R<H<Y_u%YtLy
zZfJS>b0QLE?rg4%r{7vtd8S?!nYoF@X<wecx=kbN)E`Y@e-O^JMEWUi@iBL;hVZP)
zSgg}#a@AqM9l^1R35bh!Vquc&o3hg2uU}MDw6v9{#xR&l9pv)+WqoDk)6vaMGY?@t
zggvZpqd%&3cYiA|GbQ;E8Y;uBfH@0neaO}oS46t{d643n{Ppv&{L0yfy;d{dgkLk$
z<B88oLW2#QZ_N?cLmpf7G=3iRgK2qZ)n2%}tGx6qaj#aNP#K*bu3-|Fqxq(Eo#T_B
zYrYoYJ0{j1kJBmbFn<HAI{bgDPKtf6UgxP-#|Z1(2rTtk%Hj4Wn>Gf0Ow*C`8BwFd
z+%0Yet#UknpDsQjac0^j?Awe&w6KAqWigG<jQ+*vme!V9>S&88Re1io9H$d6pD|Kj
zw^d%MUx%=o!JIYNy+o_3>pmhnKwBlr3fBg&*>7Li+>fSuo;P_WZ9ajSum^ZHhZsy-
zaVxUE*?|Aq+fQ0vem9ZJXrQI_jZ9Qz?+`S%q>iw&_R_7Zhn>}OB{}u5WFqxR?+2%W
z#{5i98-wORC3AFrq9+o0QF~7K{=I%eX*6M4mY>}SnL3zr$0<`g+L>)(`r7d0;S&NC
zzk{8_8RS9If!)k9D7`nlt-hT#Jzck|wbs^_sQw9y7Nk42rl2wUczJSxDYGZ1&Q=QV
z`YSdD?q~4GJJ19Qg{mq(^z!l=xR~5}06C=2*8SiuyYl;HmyMxRewoI<|DN@3UPA%;
zo0!5ABpkJg%93$G3Ns@<j6RvlUz&|%goJ$vV38+@1D~+}O}ARSyvGUguQiNIb)@?9
zmN$Mee#h&UAiup1&G);>aJh&b^lu|pRD5l~n%%>lc@&%RiHIB&kN-@|W!3O)jiA08
z&rQ^J=4|U3onde%(GV*Lkyl`4JURx)jeLoj%Yt@bTQ;zon`LH;sN5^z`L0^cyt!TU
zfq8^XzcNm-@GKec@T2Ktr*g!G^LSd5m0f+ruQl#{>bIqjo{Ug%!9LwK4bQWIvKlOj
zP1u|+lvJ{kPWkzrkR{GXh+bcFb6KFt2hRol&p|*~WoGKrBhy~=Rf7BptpV<_gNcda
zU#Ge(Z>Ql!HU$NalbfqgC8ec1?Wdb)dU|?Q?Tv1wZx%NbCdPWH3@@>~@DYcdS5#@j
z5?mIe8OhlQ$gGQ*qvh*^#YR@*5A-@-_O>6rtf@8fhvuVdSZW->vJ4>v#Ds&hvxNjZ
zsIjrQGvwK<g<yT1nTLn0X0nz!;>vkHcZdZ~pjnd*<I_d(rf)dKbyM)|HIyEF-|5<#
zy>-oA4sTKZqt+3B-WB(@JKW!MD)3Uzy3H@*lHfDg$;N#~0pxMfZ4jNnM#3XWwxi^p
z{jTZyfw|F1i=x4e;scEvY7rl)Yq^mpuM_cmlruA$;ENlrpVWum9}3|Q*%PoU+ogL`
zIt;Vcj(&HVEnYP&zq6FY{vm$r;b);xr<Ij{`fRWXuOokn@b<>8O2$SSj#o<JgSInR
z6I%PK8SmYroLrUdF06-vM-_Og^!lxg?U&aI<cH$PX=%;^mEJd(X*WA6e(`$Z7G*V8
zjjSV$Gl?pAlOrZ_YS%aq)_<+T@pw#;s2rpR=QnBW!_s|P@;1+((ZR0GZsoPN>%VGY
z!zV27(|4_HTz<(+l(*gJiBH4eO1V@YG(O&r-rqzDbCU42HXNzjWFWBaR2OHpolU>N
zzWpG1!N-?la^@lY%~sUaZg8IF8!88HqME&8r09pv)TxoFX%`;nocEL{n*RNh^`&<d
z1xzUmqmh1(kj17PC!lY%o!P{phYwGh<SFjo1bKnP@?xADL%d7eUC1N+8%O8-g2B+3
ze<6XF)YQYFNaZnJ&U5Yj5pi;aXDI710(Lz(gM3Vrm3&u;yF=H%4bubJhY9pV$8U&N
z=g`MVb`JkS2)^nk`3Ol7LGRyLuPgS4@t+O+=(hZxTvS!tW(MhhDV<PtviIfZIg!p6
zNix>&2ZwJw{6^uA4K-(bXzPUuM{s?NtKdh|Q55YAuUuUuQwQdh*rD%89)>NtLdunz
zg#+}K#mVH@v?>2c`n7u(<*Xd~UZ|WbtlYfe)^AGPJH5P2ttGzRj=^(}%@T{RO_JTc
zFOygDVf1JJ(IqYIbp7-DIt*kV+@Qhvh^q#0s*{Vzl;x>_AJ#Quf-(JrU&G$``DF=D
z0CbplS2KRM7FSa|evrw@cLNrXFVJVQBV}B+<*f6|qPn}&_FXdUrcZH%!rzd7gZe{0
zG2}hA`xRSeARvXRR*?{};OGrvRmmE-Sh@Y0<Dv$X=hfGJi?(jsd<BsjLFf0j2B{(5
zLhwo<kl$QM@mb`UTf<$II0ZH6Y6j$y@Lcrmq((utr#<!CNOksX$*^ZxT#)tde>)cw
zBfVzsy>wFbV2or#*vZScY)JW;9~Duf-i$%tMijCl{MWW5;t}sCG%l%=p{y*qCZvOU
z274@QRT=l5@7A;6^PeV-+d~7^m(tYllA@lJLwP^xpm(i@5oEO)L3(|1znxz!op>Wd
zY&azn&V%LHu@1KJ1+6@`e1<mlur=W<^CAXo-4NVnB|th=e}^T6Y`kUszEa~xCdw(O
z4O6L)ij5vjjnD%TbEa@qwX|@mXfU|v<)AsigI{Zjpd)cqir$|8{^5_S3iQT~k6_l?
z0G$7Dkd97HZ$F&zt7M5KIKvL+pO8-7xxrx6;y7yT=>v2QDve?q!s#U+es)YO#_Wp%
zmRApm3E8K`9dsDaC<2RXFTM|8u1G<EeR4}3=#36LT$;Jten0}M0F(OJ$-aw`yS;JQ
zvUxRntV~6@ol-eYBJ6stKEVU28W|p5SYgnyXenl|G#YYzU<O_0>^P^8J#UNlwKcVL
zHy3`%c!>TzqJ2(JKMLtLv7$vC8LCF`1Wto#fB;xCAU{&>HuiD~<=_5)9#d96TM1Xl
z8tP9Qnpl!x#9Vv#cJCme;nC2to6;bPYU`vpB%<y7!t?FHcChpCELXS7kA~#&^x`P>
zH&iHt;bzS^_r_|AA4T{Vv6&j<mC{w$gX^b21j(77NsgPKyQfg_Ky7@fgq9A3s<KUf
zc)$1ZP3O0jM-Z36Ze<Q_h=Apv!(D#X>Hh5sy(V`lZo{UJh(OV1FQ@xE%!S^qQ3`YY
zEWKQx9KBy3deHwMgdEm0MO@#EC}mCwP>Oe-tMdoAc-zSI{J@=CoUc3jwX~EOq5`>s
zeXrqZ7WJB#T*|zmi+Mv<{X<k{+A80Zfk)MgbY9f-_TXpQBwzmi%jeIHJU*Q$Wxb-`
z-QP_*K321~uUXjKth2F)e6#4$sLQ{*fM$$kynZ;1)7j3Sb|e`X^Yr9P{K!3|tQ=bC
zW=WlKnKJwfC*aAG1pTxY+ql4v_8|G3ysQwfilTD&(LX=naS4(@HS}cU**KA;Oi|Mx
z8qgJOdLv5$MSI+-;Z1r}Myt(~AATn7Ck`3*ksb9`_4v=kOi2$y!|#*s?c;_FD#*j%
zfzvb?9%u&b%GUR>-xjfj|M}5Fw*}@zo)uHh*$2O_7>*=vE_v&aU-Ql6cL8bjZ@cbw
zL@l0f{Jo!9_RvmANcobbJC@tp`|sKf_Svcxi`EXedJWG^838)`w~bvMpwCeI<<FBK
zE>6xtLk;)$?+xMsDp*7~SKark?$@()zZN9EtvbM9-|&aI9_^`seC#-d;>SnH^ZZQ&
zdX%4Pb2tAC;Ep`a%Yh2wvFANa8mv=n;ndP)|28#>>yi~%$JDJ>BM7}zjH<6#_7oEL
z?cD<RMmU^%D=&y9vDGX^7Gxxz1ts?13z~-SI49$S5nGnu5^vk8C+8a~n@)Cp2%!B#
z4;ALmx1e{@v*pn^kUff3d|C1nqSq^v!65P*>Z_+rxWTh$ZH(-!<Cp_o@0$QtnB2c%
zx2vE|szKo!N6GFyrb+4ur=ofZ)9AGjPtG1N2(L=c8C@=BM@vRJ6ULi``)l#v63I&J
zFLho&rU~dHl~YXUB&Is<k#TwZ^)rSOCbWHriY9UVd$Fc)Ls7(&q6$VDcjx2qJ^OOj
ztH267eC&}X3}zmliAE@MZBcm%^#-RQ1TR4n9yF$1oVb5@usN!uu}miLG$P)bmv6kN
zx_DC0j-P+h>39`e*w0tzFQG9F0N=7Cd_-7bheX=TBCP$tf17<WuN@t>@{wSewzWST
zoJJ<&x?ry-SrrK^Oir5L8pAB)fZBdZ1iQ@3SMpy7T>3uMT}&hEY^-%n7_p2+xb6bD
z$;}XBvi*ni^G$SFv`-g;ur7`Q5(=2)zX-zBak<T^8p}7G-}Bs=KcNaK%#OPVa~KY|
zq+q`-D87AoVz5e|tn<QczuX-}gGx7)L2K~RkMM)XQT(m(pD2eZ{VJN3;nnqTF4q-l
zLgjfG>3N3qa_!aU7AwedPkt`>lsCLp-9NlV@$jeL9rpOBRd@qqr^wu>c7MeX4kZfp
zjUv)tEvN#7P-<_^if^42M&sD{OxEnl#cJ%~H-i_uE)wx}c_F#9RyLdib@!pfW@Wg|
zO32~id=zbQ8b1l7=DqX$dg;Um8_`4RRm$wqa%k&Y=V_oj*sdcKJ>=at7PCK#RB0k!
zEZ;Tp9h@Uf(A;4V4a?>azg~H!PykW0fS};UT(!lC1G4hxutZ8g0QwF9ZCyTxcbuQQ
zrg;h2d+a=-NNM@lLw&gxQ0J8JCHkDu+Ft!@t2?447^^Eg`N8U+KZ8YL>FG10Bkv8~
zfVPv1t9u9T@xyN$_9F|v-V3M*aU_pUsk{n~yP(iA2JHBhBK_RIA_ZvA;Vogap_p<{
z<ruDQUT9UDFt~3A9}ICTfQ0{{VTU1)Sw0p1PMZq9jtl;Uj8+<0&*%B6KO_3w7&>!T
z*T1Z+(No*n>yRO&fe=(bCCy40>Ay5-QM+B~8&OEYD=nRp4zf;S`$#k~KACS~o`RQR
zsF0oet_equIh|uRdhVdNC_KPR*V@-H9wz!l)kr?rc^yCV;l?#54OORMqARxCPjbqc
z3Bym?%O!=I$b73q2UQnW*ud}K{u!S$5_i5o<?uzXH}p(bq%71(V4Z&Lh;GT0lOg)y
znu+EE5Qx92uNxlgk4scwZuC5l5N1ZVn+H5SLT--M2pe5dF=D_p&u@J}j@EoWTjxi<
zqt&A{9ltTU5wB<PK7RX4YQM<W^4r@_dTrk0a7q78eu<l-+#C1X5WpdGCPE`oA^p>U
zYxA>vy#s&KBMX&cPrgc0c?a%X;&0fJ>c(<(gLx)aoG$nA7lA?=iV*ny=IO|-g~vU#
z)=+34xD~OpE4oh*KNwjInsN9lqx*)lSmAM+|DqN14B|3P>23Y@_HWrgX`urUT>ORo
zpEbWvmESp7K%KjFt!+HI9QajjH$Q`CH1*hQYO5?r)!;Lm>h449aSEjhP1nC^_Tr%y
z^=%hL+R5b-<k6X4J&R7SGY*fL*}NWDD|ffxIeDIHsCO8fNn*oQ@@7SiARS=R>CF%3
zw#J&+Kgbu_tr|a=qzx@?v16eWuNj|Ka>E@OU^W&N{2%hFVS1i&D&Mz-tgz+ZGy@4~
zU7pF>C-pZd!ockXk}1915Y-<!KrxjMy`a6l9gzT;dE5U!;qK0Qg}psc1`aBI(@Bvl
z0~p_Q%(&*#m{$!LOF9z4(N|i%3_ZP2W?t61n_F2!fXg1In5!|O@n&t|a03wjCx#N!
z4}BrOlO%qpMqYUkmFdl!mO<Xpal9};&lhTW{B1!qz|F^}t4O&kDMI|(#!eaVcoe<5
z3*9}rJbrh(_hojVg!G%DW=g!rOUMrh&O0`SM4GO|%eVtS`_J7|i8d)Jt>BsZp;q(9
zBZR2T7O&2$G#kH+D(`0ECt1bywrA555e4;J`r|Dgy31#Ci&mnXdPiIr^%wDHmvr3;
zdB5czR?#s-l55oBFEZmW$F8f8E1x6gkdnQ0I{YwZ$oj{>P~tN8>){v%?H)}~w*5!w
zt5JhGt(E=;CH0HCX^nNA#Pcl`vz-CjIX%w;lbN!_3pE?lF1TcvF*f;)DjU}7?9oo-
zgs2$gC7%_ei2%i_2k%U5$!vx2`0s>BLvHm)3kJ)hI{l8doGfBFZyak|cu=D00z30F
z`?~3Vh4jl8+0Dyf(@yo}NdGpex7l(poCgr62xeqVL>CalnqU589uf`{m|M`Ea+|F>
z|BQM@dScfa9d4knEs2h|{+44urL^kL!NC`D9nddYDMzbGgB1aRNG#*@jK?V>x0IF&
zMU*=|F*DH{9%rIqNJ;IH)rqRbHfOB`vl%_#Tc6hH3r(#VjY}`H?84&W;?=z(+A_m9
z(}2LIl@w^DcuuZ;@F~EH;r)vZfc~gpZx~A(n!jPbvV4lHXB%wvXoJ0N;dboCTUYnt
zn|Qzze@LzNGIV)iWQGh1<H`!mqxmKODXy}&V&7`90LJ>5nOP=>ZO)COgzVcS2x!+v
zbZ9f{dx4sHdQi^@YHiSb{YJgVv93~R@bZAX)zNt1t<jVHcZMoc7q$HqVD}~Bm*Qj-
z9`|E(EH~y=gfm1Zo0fJK1^Vv7du0XRB|&f-jt395sOkM5Lgh*SLdNzf4F<+Dw}}ZR
zqyA@wA7@0J-iU~J<-IK%oE~h6@U1sf3NDN8`Brr)?`Po7mcL}{+zx3GC`)8sP<x(T
zJ~n4f4kz(lkZ_w%#<rj-x`5IQ70Yiq`Q+orW}IzSbN|vnDrm-2HYe~r%6k_aqIbtc
zdc^Q*)yJ@&l&IC}`;+`u*Jf+!Y*PG{j|g#i5NDATno}UT-Y3V>Cyg<5R3fehy#?jp
z(cH)Jd?hctW;mFI`rZ@?ZW9_693^+Ri&O?XY31iEz@H82lcQZA-OhPjDU1pW+-LW<
zi<b)oMD2eVBQl0bV`e-OG7K!RUpLm;Caa^#G>ds%D>jKVpIuty<=r}YSqM7fLZ1!h
zR2ec7;0iy;Zp}o~u7iR6*$$4kk4bG0bHbmYu79BQNV(MvbCI>`)FNZn_N<9frIB8x
z!HWz+Ev4c1p86x<)V(RwdG#Fs4^3y`*5v!fZBj-Kq?@6HAdPem5Rpc@OF^m84FZD^
z3MdjvBZ$&NYII0RcMKRC-O>&3zQ6Z<|AqTFp69sl>-v1oQ|Ip5oqNk}XckuE9K_&p
zw4mS`TJdf-A^M|ai-6AT-&#}M$3su-!iPJRAopfVZCTzwcoMBH1M7#7?;}yA6ALz;
zy7?`031PLX2MzZe|NjU3OpCw(&P#Kb?Dd$n1%F&#9AtI-i0*IGZ#d^#i$GvSBx(W~
zo_@NKbmCvicPIb(V^Ohz+Stc$Koow-v%NC;6kg;Li_#GzXJp!bao4z*6u0cvK}0{}
z79&IY-JzJVBLSy{1b}GCb7q%Yn&R2Pg_4c}6u)%6xB#qQlA83`WK%o>*RJ1UV8qcW
zbdDuBbv$Pg$K>y|fk67;)&@(2k%j*>`0H_<mMcGW$THvAO)Tt=nh|?xw+dBh%spNj
zi;(!)5c;X4**!9kZb1?<1uA5$c<yo^U@|Q!Q8+tiS1`~@lFf@l>8^v{Koza@yA*FQ
zCTywpyp^pq9=c*mZG-0eYk`c8N2nvjwktRe>b!`(v@C~zc*zou5h7#W!Jo}aP^TBs
zM}E(Wc7lyG-TLB{A$uAVst#r6R=0w&FH0~0ASN`|Xnbb!`t`3IlOv9w+Y1iJgwxhZ
zmM5Pd4~m<?_8kas%jnK(=cJ?0hRxY@1|nu?_%i5>C+;Z(>ly5BJcH)?V=i7h4ZejD
zzm)ONA6Q{TEc@P+8wg&98NY>FHj7T5nT3Zeo^j|pX`JzA@-+($9AWhLtn{#n^IHGf
z?Yg0+<EpIhGr5O5{uDxOD*HEGm(CTH%?bpgFbb)3-&_&nJY6N4=WR+&2yX?N-3V{`
zsm|Z)??M=1#!~yk&KA19w!M949jW>-q|B;(mkET$4GCE?z6sOpGhvFqb<VAjIg~lG
z`#k1C_S=o|hpW!!Xq(dXur73DgY;6Bw=zlFh}q$tMy?jS<V<gOLM#teDEw`$d5OH+
z0&u|JL8)h4Z#9%n+TY!f!d0^c^~S(K?HF;&`E+nZ_k{VJT2N8G!gy%9D5DB2u%^e_
zx+McUR!GtILe(~jjrt<{2q1uPG>h|0GU^2WA(RTfDp!fPi}eHKk5)dTea^?@JhVa5
zE&ZvrZYrS~3vFJ^&U7c!$}OgO4eYgQ5<M%C{p?xxh?^1wWg+=*e2#qNSMZWMfh9=I
z`_7mA!`GkD8vp9z!-Hir`5*#)$8*f0;RmvF##EK&V{x}<KZe8j!jxMd!qD9himKZl
zW%50A7aHjgGO3Jn<+`;x)iRqA<LtHuybnA2rhMW417wJKOl>YH@0UU(h3oq)^3qxm
z1qywXa^>Bh)&jry^G7kn!QW-5?pHN@m+#zs{0%_M{j)_m*4qVUiQa@kY-m)JUmP$0
zsquLyt1P#GT&SX4X;5|!zSW(cpq}KYYS=6P-PH1wpI^GPGkz3Rtu4&tAwSm2`?m^F
z%Vm)-9B=V%V#J8r>K!FB385@o>dV?zf9(_+SwExLPkpJTBj>OcgD3tn{yM|Ntva(~
z%&UKwB0?dkSBKx{L7qRHE0Vuy*PtEcIJufhLN0Wk4fEjHI!kJpXgddZs0n<{Yu#0S
z`q^*^zIv^UBcsJq(RdaQg8F{LF+$x<Ken4TszK+l=yVHNAk{7Vniy>?ViVR4j*$lh
zi4d(Mr6iNu@wsG=@_kdyw)&+5RUNVdr<ctiEl!T3c9NP0gg!sOr719+ioW~~mdJXZ
zFIr*L>sISA?c_b3UOm?tcl{n2euy6RRo24Dzm+<JmwvX^!zCxA9JLuJs`k!LgSR!o
z%0OwK<FBQK>KYHlYL<6EyWXKlxcrtMpGDESIe9^)i-}Z%3YR@KLrL&>BkIc{ykx!R
z8HrAE8hyQIOXai{i|;^%co-mciJ$OSL4m8FOL2}ofwZf|?y=0U<4$LSg?h-JE0vK%
z;9KUlO>?s(k96jQ8-!tb9@a}WOR))4<7Z)4-AIZ5#QsnR<qvL?uhNiyIf2GPZ)G+d
z8rqa?+D{pO@j_ZxJo=Exsj1V>u#4&)*yaacyWRFv#jMgaFOIYP<EybU_FyYPGzGQO
z;a_u+va`LEO0c)JX59AvG4J1tJ3(yn>*0SJ^!n$#5L}ROx{!HCVorxAZLo~t3-gqt
z6f4^L>A}<bqt%?U;YBfZcJA)=Z+$YosXu?}RdVm}2xcg4Ppt2y64Kt*X+e0?&m6=3
zC%hi``J8^;Oc(Mo8*a4(r3~8G413aYq2InHB^qvMj=Z|wZ&hxI*c0Yi?wQ5@;=dW`
zSMtibXwuPH>V5L^54PfQdOd(5(g(gW02FlRgn8eSYv-iDN^h&lijj|^USH_&mrTp)
zKl<HtrQmc;ug2?TP}20t`qA6-Z0T~JqYrUDEJS0XkFu>)M8&0?yA^lW7fXIUAJXPx
zWhLC&+8Q%yE2~s?jtyaxICv>WZ@38ZZdcos_=)x(wn~*mcdY`vfvdi<GDYEeHZxOh
zDJ)up=+@3vA_VqjDN$&+RC`u`Tjjg6CY*8(hBmk*7Z87ji<6Xx1+B5XUoY&Rv~q4;
z)T8W~FG<st_QgE-#7Bbh?Wr|8R>&pLykkvF|E26Vd2?w%o|{}FOh+hb(GwlR#v{j1
z3?FXv>#YU~O0K01tTG?{eWtrQUIDfcoELrd4`XhGNgJT`j(`5kt!EYf&Ou3V4t1p<
zxi6Guz#(ua>;H1q3TztQ)AY`w93}m88_zVWObj(9fRB%VwVl4SWbIv+YGkR>a6Ua<
zmkB-Clqz2N7B{GTb4t-}>~_N0SvX%eM#>^_3Cr7KE&HkkqiG6uYkJ^&t(Pt1fF83$
z);Wecyb8BISNp6AuJx#4<X*KyXcPnnh88BZm4Dy%uKV^#L=^V4hrv}go{ZK<E+X?G
z9=>&-e0-;ng+*qN`@xh|D|$hq*rhL;r*~X%#c){8GT1VF#4OnUK&){vaoC;zh`NU<
zcs3tdjrawWJuzZ;dKbpbbiJqFd!=LwNBr>?Y;pY1$^zqgw9a<0x0kN4=bdepora?L
zMO0T`UvBlc$SQc#FkunyyJD<B)oN2Cz%Kp^M&SFYFqCj))MMh7UdmHo!|O}@W1YT#
z*)xbR%Fc4_g{~miU{QtL`Hw;!#G4B2;O*bP3>j$d5~I9vr?2Z5nOiz<2|$G{|Aip~
z2LcXNJdV8hCb0vIv`0Wf1wADPeChj>TEvYOkBr5c+2EQX+i#7GrmyGJ(w-@Kln;%{
z_qPe0M#5mh3*9iqze~e0(b%^_U408Ew2OLNG0eEpJ4&aZieL+2LP}KkXNMN~BTEO*
z$mWZ^M?Fnr#mj>}=n2^e4X1;=Xh{cl{V4_{o(VAv(|T(Mbs+5>b~sZWf7pH@{k8d`
z=tFi>S;`>AoB{fs(^+HLFR8|he`#exat3J6UT!Z4q=guF6p{aq?;D+KBywu*NsA0|
zuk3<kfO@J?EJ?9$?&qy7Z&4|6XKJ)~27#8APG2#$v`KA1<J1ntp?;`ELBi)=KyETK
z{l5j9v9aM}OL~?BS3y+r^#JV!#3+ku9XYk=K&bwJ==!yfA>r#=f9ww9mh97`^Z_o(
zE=rskAH-}-wiOS9lGJ+$jB>rGh|61))2H$$^)=Pv`r)An<9KLiAwe`Z$9j8eZ2#%i
zRipL^+;TM?iSq8`o+rJ2P)y50cgvkfSELdSljtfWjdqqWf|yObw#~%8fVBF4!g$y`
zFew*{?*#uaA~#v!fm`|@rajvNC8x2H6?<l_izj<Kt?t`r9_9>^XIu>eF64otJNFdG
znDf?FYwE^-6#1paO-M^SNbs(+#lCZ<(m(SFhxob@LvZYya<zP7jVv4Irm;g$>Qo}o
z)AMs~om%;)MD|JX#<SKerK|_e9jnEqGjXc3KkU_8TF`$~Y<f1Z=jE0;x_)5|xD?z{
z!TSL6TTqYL%Wz=kF#n!Pwbbf#DR91L`hD@A$B8<NMUBwa;_7N)ZJ>uoQfPf%FVm&S
zrzq@<*5>?sVdrSwsqa%4m*9aT)tI%toxA0Xn6U6K%vEF0Oz6i&K4FL5j4V~&_()io
zoP>n^MhUXgoke3HsiEn2@m_<&Ee@f<s4<tD2TifEta8ntYJm_vB%rrpwd>X<t>z+9
zBEkZICjcIEL$<si?jUuOmKJfpwNpYe99(D>ZC}aOx!52dB9pwC_eknRhBZ%~_*Ya~
zw27ySvSnd21q&U2dw=a!%jGm$HSE*WvZEP*KQCfeEJyvi&&XXAx5oB<-~A|ftQ3wC
z7V+)%3azLp+xA?7!||uu4<%>PZ^L-dyNtx3g*tL~6$1x05}miX)5qnSGxAcK!-_6K
z^7o@oO|>Jwo6^wNcGsR1jjikPVgfs}O!LkI^UgxV{1Oq|nI-Z3>=jbedK?`Iwv^4_
z!z5z|Jz1*GkZdujIwGnSnF<OZaPAU13=NBgJE>he1wAF}L~Fb_r)OsNxn(7s5dyt{
z!8o&J=<GgVgZT^ifD`p|4m=03o*Chu*{&MH+(PQAPmTE251sh4=2Pi_`oy5e{~Jde
zdkR+e5xZx!Z#h0)GJhsQX5?0HyzU6RuP|b2rL|`QH$*+ExS!)Q<E)^^z(x{^Q;b$|
zEvIuq?H#NSt_et@UWfx$QvGc}u9`eHYvvDIud2QA0V1iQ+^p_R*wm8+yL%6I{#sN(
zz26c?PHI9Cxc;y6YMEhBg=UDpsL6(BhtKeg!Y{+y(*gcec87l*NA<<wa8I==9BB2y
z+rv>5>$s=Lij0$UaQH47>i!Z7VkoJadW#h}WgF5o#gBh4SeyGLCIey{kAwWi$w=3r
zC270Ch*5VL8=AJ0%X3#yz6kPpm_WR(i&Z*)WR_fmvHOa)HFD@I41FDDmehh;IXe_h
zf?D_-$$-GW-J~09e^UqI0>l(V-cX~3sXABbF7JhL)iXp@i3~TpA3Iy{aQvi9h&%jt
zrr6+HGF1@wt?hECa&^A8l)J#yL)rvLl5J}ciiOwFisklUFrT$+7X8$wt<`7&9Aruy
zEs(IDdG{B{2M3fk!iQo1Y>oem2w<5*A|ekrl)eb{4d6sHxk~5!<tF(qBLV&C!frLT
z;${5Y2O}w0hSl*BrgIbY&dtFZ$$@T)91oPVJnesZj}#H|-c+z*o^taQ42|UG8l(MR
z>g3A21~aSHIe8x&e^|k?XN++fskNXWFvG9FbVrFbzu%)au^RJX@SHY>@874_|J%@u
zHHMs|aHQFPj;(9Nf(jO<W^QgGwXNa$lnZa(4EKK^8JqRj@*7*iV#54(_m_fg-9mS!
z-OMI#lTQ1=yV=}=l|SR<8Cia7T)sf=&8xHb&xsYg%Fg&?4-5=knWrKy1F7L6fia}y
z7_qDK!IK(GM37m}^XDg)#t}_8^i|aCSe`U>DDKtV_;`Hn<;{)v<zX-L(Z5eS;hxP7
zxxb7X%i726z*_TjuQWS<WLs3eBaEn)*vipEyMnvh2GWJ*!+c#(DqP$974FoBnhN5T
zj)L7*ZRGIN4WfBPEQ7r4T9!vMVSxK5S}qz(C@N`wnlF@EZb~uViV>wqJN6?B@?{=*
z+r~QX066q`^XB<^v2K0Sfa;Q~po1IGZf>oaFLO5Lm}vv|Dk~1c=Q=E(Ik6IEl7sQs
zF-@m7b8uS$3_m_tcXxg@a9QtyG%8(Y8hhJ`>Q30$BRnMEBgGEd<&p%%88I?-uQicW
z*D-KB!uNDJLf`V@kKM2kx=ULXKnp^9#o8OqeaW2t(A1x9W>m<>vcz$ZA!phl(CB*p
zOClnm@BJa;iY6%cSdd>n=`@^+_G;80YtU*#XA~S=U@!%@&2aesE7^c^FT&Km1P%8g
zpcN!8(oRxN>VpA-Ka{zi8Ql==O3A<u!qL%59N5SWFL2oYaEm*Wd(e6<63AeW`1)Hv
zDj+DtvZ>Q5)&-ffv~hBJmSN$q)oX8=DP-MjyFq@%x6fMD`f-T->&#B~XN8N*iF1qk
z{mr^Tq^NL@tp!JO+rIFcA4um4vWUy}8eF>*``{(`h35aJolN`df9TDWxR8qil9%Hs
zBWy@5+{Nk){XvXJPag$}`O`miZC8?Yoq5r$Fg!#bjQibS>38${5%wEryKG9rPntqD
zyAqzm@xDHepVid+!*%LxevE54qOEIRw)6oyx2kgPKD|<4ls(cg3b`OvF!HXI`?CQ#
zoU#QO)5$avc<+wusHNpDrLOVtSq=`FM?2EIjIedK*Odr*M4`lUms%!07%e6ZVh=z1
z6mmL6&+SFFIdpR|n*m*L%K&tp(vbuZEH_Ji#~Vx5$q=$>b=1j7F8+aJ32yQ0x>v;Z
zW#?Yqo6)X(CjJ$j(YRnv`ShuH{pa6x`+LmdB3|1IW|ud=bys&PTMarK2Dv*|R=%Gx
zQfL2@*IXBpkOn5UZ)AKaO(qiAy=D&+K1UyKc=LgGGhzeQ{&M|Se9gYux4F}ZhUrk#
zEaycqoSw{yQ45K{V|b@Bl5GmVn^qBz&WSnsG_@v^@-by)eiQ8=(~*;c+})jfxE@iQ
z(?gZgOP_`p#F>cFN9rvTQk~>R`n!QSF180oUI)D~AKuxS+|r<iRaK(GuFFGYFQSO0
zok{6C$s`xTR4z=1WTBk0b!JEpfF{Jpel9okFwU|O(xHkUOYU!U5-coRYQL{55!dC1
zKDTJhO>=>#iKN(v7BG2nPY<G@4)F?SO{m+Hki$!-b-IXv!;5|~Z<xZEfBldqcPFk?
zPE{M_&+x;6%9?Da-Hk2pjX`1n`ux8#aGmCGnx{G;Xl9A9ZNE`C@a6TTiA@*?OUJmA
z%xu7m4W|@`lT)&T^74U74N!p3;dr1+(nt+En4nj67O(lYbUMJs#@RoMeRC({UxA{0
zR;Z)&*1t~w^&EF|SpxLwg*%HR@t~vZ-Yl?`GE7aaO;cto$5{Uan?Mo4rQCsWm`~oB
z{hEA81>8{oWeGn9s`OvY$K3qv1=>G>8rRSdGpEZ6S9@<8IcNQWVdZh^PPuVY8@`#I
zySk+~!8%DRYnt@h7oCR@0EWw(Jdh7E3rgA6jfg%>?#TMX%*=g-5tE`bTHH9Tm9C%u
zP^!w_{SiHQD&g-Clt1g@2D>|1Gszv8u?hcm8xDTXvAF{$f+U;E22lZrxkFf2y1vi#
z9<6Rs2VVIMvyqt^L2h@~uRa%gUltKcQsdpWEe53ieiJDbrhk1_q)A_s8}5duNT45!
zqI}WCuyKYxz|1kCF_inJO4{`~`z%Ak8L42$OAU70!XxIoq&`f-<Jo7=Qb-)m_XPHc
z*rquaWH%OTHi;nXD(|nSD#P9aO&}HRQ&+3~S+zt2O7s-FY_VB4f%Xgk<eSm+F+{=*
zXQBDPdtr&rmIRpJZIIA=2V5t?9-|LyNhct{)pveJDx|N-DtQQ_31%d^<`qMsO2o>H
z4Ra#p_=EqgzT_c~a(pALYDsV*7Tt6vMU?ioZ=Je$bk%?Az@j@e0M}B}P*p<Gh1Hc{
z0KQ<8<6Q=gfZ|=hC4DfTC^$sLT^YK5MwT?!#7G#DqinL8_wDbkUlz0Oy$_RQB|P({
zX**dByWyyD_?k>NL`$Xprw3x=g4nQpDG{OU=)s@1SIcS^=x4*Wc#$I4a_UcucS?M@
zU%kf;6?S<Ph>yudlR`4|W?t(a30XDswqaX`S~xP>*oB}M-x;IUQ(?yT9bpc(yQ7^-
zE$7Ycvhd-O=hyz?l%1%?CiSN$dnNH=>^qL@CtoMd?uz2|AuKHZ1(4@$FbDD(>dr^!
z=PxD9pnd-O=f~+X9e2g3yZO!=9Lx6^qqeB$>>o3(ci}qL%a+bzlQ|>wKC(^P$xwbW
zytQAiia)n~mk&Qos2q|9Y<%}tHN%MQ-SK?ggg!p|yoyUeo6B6Tw<&yx5u+`x+QW6F
zU-(F=ruUUGQ3C4Lfv#OCeb6Kq(z-|3JI<=IYS-oX5QFjvJJzH|;;oCbTooaBs1gAY
z?*1duJ_5ZJo7%2{lU^FLLL{wu>|GF&h?T#o33a<RcbHODEkBSW{<Jln^^ab>0&{>x
zOeq!m4aCyADM(G>vd}Yp%qA><AWHTSc2KFwdDZ=q7!6^0?#3)wns=_@g?+Cb%81q4
z?t@)PEfb|&i@ABUlP@n)T&5+2@Yo|VD3&RPN_nMAB3Yq-+U}lt*gx&zJyAF8RBP>C
zuNu_bqhgMQF-*PGmpPr)%9h8rLX#02VWqwFk+N6PEboUpZxW=6FvxCFF>amkQY0xF
z(0Q5>e`hS$z5$eF(^)0I#@PVnge*s>S1j|1ejl;D&Ta@9f_i6(&4xjNInduux|y+6
zEiJEs>{mfoHMu#GBL9Nr?;!H2Papeh^3CVWrc)+<*xMcz`KiuM)3HT%NCi|##^Br@
znaBucIc9a7(_w8|P9y8D9UVv61myy+wBE4GiGnIzjfx$pA1Fh5r<<jau+jcu{T&O2
z6@|--Z&_`^Zk*2+uv6vdqcEr1O0a8$%2{!)`&`%iVm<<S8%wRu2P*loDTZ2MsGl1J
zr5kCa8~OpO|9(J+PY~vn?yPKA-Q?257Hf~RWc8ys(h7Co9=4pEgYN8DdQabt8a!z@
zWCA`{xW~K-=8bk?>CsH5uG%m39r#S`Am~aJeDNL@9i@UFR0*-J49@+l&TjP#mvTdy
zdxg!Xy(sfk8ZXL%S;xjw@=)ntaqj+w-W7QQ2hJIUU*?yXh??ODGAnE@w-fb!vnb8R
z#yB9!0FCg#8q2c`tg}b=N@S7p4A`0U3)264NANpdQwac785ylbQd4p&)i!TL$M8P+
zJu3A~k$ZUj)76irsmiIpd_UwR*T~f*lEqs>wwqUtvUXURCNzFh#MYL@dGyU$FD2X(
z3>uLs%%wFji}I6T+UAesZ+5%BRDBDf3e3r(Y-lmAgP;(>sGS{Iv+Uf|hb16MYWq-Y
z+0&3%NZs;}hk+Fw)~p-c(ohte3D5iY5yYy;g%j=-F8Kv-E2G7&CpC5}!%s>7Lz1|P
zDoBgi6%1;`g=}t4@tZh?xp#1zX8<1AJcP2k>XsffXgK<CFtr?d-!0x{N{2|3YhQlu
z6<Ngrvx&H!8@$#{GYYXV=pY-;)ysRVP5DG$m{71F8755g6kZ<ZaPP5E(^>e?{u^n;
z?(azc^0QJCBu%0&ztq^28>f-I`U^zXAD+ni73<x9frQtC+2b!mAb~71gP&micE4&4
zxc_9#I)Qne)|Eg^>fE7!3?`9sS<m-(h}8207g3<a^R2H>yuWf5)2h-+3BVV5Ui<i%
zs<j{cg@H`y{y1wbbNKA<<=Oj9l_W@#zK0k!;;}Q5GLO(7aeoFmGU@1MvA2yM;}<X`
z&S-Qi;-m{L_~A$0uCwe;I5bvQ|LAm2XGL|!5h!VJ&r;&plfErC=i1m`3Zqu?6nu1Y
z^(AKjg0gN2nz~{DKd^alf*W#P79UTUr<?s%+>@%HKKej03{#Kqkm_NRYn^Az|4k2e
zfKkRF@Cl)J3m*66F1}@0c~yMI+K`KGR|Q<O{5~(bZ#vNa(sQ_kT2y+Zk#)FXxXY)%
zk`*OPLbZ{5zgF*Mq-F)+777APki-rK@CujVX)h%RjTrSk-{k5%1%0q@R-z5&=Ugp?
zhdYa>>uOl)dzgNJ*A`8q|J26EnQ)Qn3R$%3WQ{N!|63-VnJnal`!{00pjrT`b|Fu}
zP;q5(@j_?#==qO?H-8j}Z00PpFBB9KAfB<a6R%#4mxlr`MRMh{Qv&7p`|K>rjSEE<
zt{sUMj$Yf#RYMkayzL#Hs?I8~6)vOk*{bpda)!2oHgX1rmlDf~5@(fJ>yu?qYjSd(
z*)<odf0ssHiUlXH#YZCaF7)76ulouUgS(3d02E!kUiOb!_8D^@iCTu6pQc0s9kOEI
zO)Z5|ajj-T1LBDC>~2C|g$fF=s85erJ+lP^-u~A*$F77*O!T5(=%422`QiVdp0jN2
zf~_LtxF3RjbbKagcy#9kSoo2zCBHz%+T9uuWhvz_#kod~fB7;HllxeoZKy=1`u<b)
zp`H5URZ&MuAI<@ySj!ksZJw6bl_!LR!k0b}{KnAzpAC9bR#TVLbZq@Mx9qF^<!$|)
zQ9H(JvumWPi7nsua<dvjb?}%9(iX6hz-l<+NrFsZcVSJc6dgok#_H$3r<vJv>l#+g
zeVgJmlHLS2gD?#q8pz1)K-*2q?T0pknZbcb$hymnLN!ER%079O-Ccr)LJ1v#GmmSB
zWzljQ@V?M5mqN>sa}&Nsy>Yn;gg&C!DwMV2AZ+s{#C`es<ac`3Lc`fGlK)Jnsi>O}
zalf3u(5C2;-#ZkETZbafYoX(;+fAS)=%`dM^PI9hG?OZb5y)Lmjtd8&gC)48(f+jA
ztM;M{oz%>Pyh1qB;8ZhDYIWK)P>Hf7_!{Ih##QF8^e>8(-0s);0ZNjHjXNGRNWQ^*
z)UM0{ZO6;!ZdqDO<s#)r3Z)jI1D@3&yzLPf`X=%Uqf&`dpg=MTn18S?Gr6atDE)Ua
zh$h3a^W)sq$G=md5}^75x_KUn8Ty-Iiun2pu+Ui-?S!(<bLii&tNv#@y$}?~BoObQ
z^l=mnCqS9!XcJHBdEZR5yU6bO<r??OR`O1BTsVa94znXPBqIJJ6bB<~`ME;4r!@Lr
zIr)8nU#s6znhSbXMp}LIZu=-}a)Nxap7i!X!D2DHO$zGfD*Y&~u9Ws<OA*n>-0nZ}
zC_P`H>b+9bEyaG@Gyb5}tJju0|I{iV3!>9W@LNhw^fq*sWiBc;1=abT_0#X_O5G6+
zS}+V2Bf!IPmA__LinvK)P+Xt^2?-rC>@TJ?a&x=O3dJ{X>5Z@7&HwxT;%|%pq$tH*
z#VP*x6V#&Yus{E90cpfVxO>oFmcI>t1>@(Posl>Hy2wMVB<tY=x7)ekc$TAos)-9W
z{FH?|zKN~+(%xq^(kQfEcUR3z1RoZ7le{zI@%J=S@vF;H*2$yq+&A}_ofm{%Z>7E0
zza%!v28CLE?&TYGP!y))EdD|2HqutZ|18vUI|;T!@%JZMl85Uh+v@W>VvolH3s8?;
zyYdS|fX?Oz(J|(O4Q$tw{(t+b50wkdCfQwr3uIi9^@0ZmM`ZV}-O~&PprcN0ksPm<
z^azW8;4S<9`r`LGSlc7)w57RTU=jcO_>|;R>=N~JzqB2{$tJ`CT}swOScIZL*7Yz~
zN<j}E`)B(eWE}T(d@Yn53vQ}zTj3^hAqBoZgWZ2A#wHgKr}Sna|DtNm1ZURbzc#<*
z9fbEkMw03iQL8lkWm61t&G!NvGcvNlgUuT#z(0)u`Y#iN^39#*bZN3)4XhE9p!u++
z0FlEVmVCu^`L5vyyORzRGuUYI{aM?s4o{a&f4WV`e|ZvZ1@7t$RgPZ9M2oo%+IO>J
ziwdjCJKNh5cKGf;222Fa0KeACRrY&AI!c1=QBkvTx%!?o)aSxmaTC3Dt)L1~kEyje
z5+m{nJPvM&X*LP76cfDLC+VbaYy=<WN%zzusG%$ms2=I<@|wbFVxxd;S-&w%yoSrI
zHk#SNAR4*q<m#=jZxIEN<X)$Ck#E7)?+jw<qGySRZ8G4(TXQhrt72cNxT=NfTc&}C
zSA^i+$rCg0Ij)T?qJ1$MD@5o{1s2+(J8iPD=tmo)MewJP2bz<K{9)<78C7)arSj84
z)9z74li$mt_(EU#T}1*oxWd+Lv8dBP@RiUTymK}$TClCpeos&^$2mv*ic*cT4aqI>
zK+Qk<uQW755gBB#(WU*IcsJcs)KBRCyhMZ4&PJ%K&bnB!F7h#!1$TFTztUz35YMtk
zF8~ezC;_u)E1{&}w7E`#hLq2*Ux)hox_abRT7Rrl>xldGiHiScM1eG=uP%3tbUn{m
z2kp<kxdY19q`l|Ez2Wy*mvF9PZQ=cpLuT~G_958@)$rcQ#m*7+y0-8i5nb6hP$Y(s
zqYnI7lIT0u%`PG+@O8PasVVy@Fi;h3d4(kzgYK^?@9j}85AZ}1rF#@iOn+LhG3@{o
z-`3DB!F2(ey`;bgqrLkX)Q51ReX>0Q$xpPxB{W71`_o|}uR&khZuct7k`2V1liW%n
zyFGF|I7Yj(oCk$Q95biit)iS0+%ms@mEaK~7{81TL<HCCvhPFdDm7$^w_q<+xNHwL
zy)c>0o_q>H?L}>yH3~%Z<sV-);@W-a?0R5H^z{4(N+&pARZZG5lcTQdNvs3iFn(6o
zaEEcNHwlU;zrpx|?Z}w(p64h96B1T1GaDXqoPBc#46ngcWH^9-_^|dSt*}K0W9VJc
z73zIffLdvM|L?Xk?64>+H>YmRe&McHu{EVF{J8wT+~Mj{3sGItD?XZnhnGri-l<)S
zieh4JK(O#qmo!BL6R>ntr{mYTC=?^({JmnIO_mLU?|?tlu~E6@Ji<}Xn7jgUD@CQp
zypCQdhz4`_BQg%pl_2<Op?ryyoVPzzw#S_G3;`RVXZRE-9%!@K{|yM<vGJY74KR6C
zL1$;b+?|^nGsKO2Sy!w7o8u}t^7UUN-ebsvGqS|~_KPpKP5#c7GL15YfMb2~%L`FD
zx~xLZ521JE4c6uGu{ru@3sUAq*3CESd5jl<b$i8c0aw@Ar_HXvc;nu+9RtI}H&B@G
znT_S73Iufh=eI*w{0-eYlYS4mQA<O0b#}A@pk%j$-Oa*!jK@0{nK7Sk!f#yxW5yZI
z9&Sy1jds<MBeq}?Cp>6M_lD+~^;;~879^38+@<~R)WpWzU1C+_-P%=`w(J5v(6<wg
zfEOW~UG~4RF8U2fuP15XV$yXamH|vt#Fu|ApxS^cw%fL2-pkQ)A6{)pdTY|$%A+`g
z{89=-<;8{hFXV3iQaMZnN~^I<49WVmepRSGVk4nG(66jW9l-ma@8ftAXP_iSkax7@
z25u{=kF-XUWvQrTpg+tbFI7iL4?L>{pVCtsJ`HxZ9mQHHr8RM#cv<3k|5Y_se|}1o
zNruaH95X_+Ym%;0wqm~^OsvM7UvM(PGh+B6)Rs`840wG=Zcp(?tigiPOIkr;+UwFe
z>Nj63+Ixk1WgMx<>oRb?ZvDU=%yb#XuG&-<SKY^TG3UfS;KX;tscyp$xj|n<EY~#G
ze2$%!szhU;QpBGg+Cc!MZ6SvR(KP-6a4$#4zG12c<HN5G(m2ejsFII}X+M2fv_KO{
z+bchJmDnCn4+O(KB?b}iOL|P&S`|%AYnLCB@v${(yMyvNCK1B(sJAe#nEPt4U$@@f
zj4E<*kNiIFLpD9-cG)b9<jGKb?RAK!8QVg*?Gt=T1)zy=PiC`%6w}O#oVc88g+-Z1
zjYA>&n$RYHfi>#g3gqETS*SPQ`;0@v>%448jzp9LNj?GLTei83dOM)7M0tt--1svN
z80W$lN{iua*%`>-V0OaGsi|+-HdEU$fveh1c~>tZeW2gWjAAlu<sFc$aq*N~$na<V
zcKv+Y@|)*vo`UOYJ20vGQK3<G4ndW{n7+gn7>s~H9quakSmhLQA}#gJQvuB4ooXXC
z?ay(B$tPi%avIKo6In>rZPNdg3d5?p`CB9Qpnxsaoe)m2IlOxQaGo2A<6t)XK&}~%
zu?+ec)9^ur2$;XW(BuJ(g5>0p1eZ4okv6tL@G;7?SJHLNE6jY;k3w-Rw|HqDme@%u
z(#Q}iFLbFW(tsGJVd*cZ-iI!Y!I&sjW=__iC)KE2SBx-_qG^`h#uAu)L8QEB(-vbD
zW*_@r_6lPAn((a@omIYYku9*qx?XsOp=dnIAIl>8_P?EcQ(?|u2Mpb_!t6LEg=2GL
zn1<Kxp9a^u2~ub20p*5Ldn5@TSK3+O?{HPWdgG$eIR`>wl59Qz?W0T^j9u8Ow*LCZ
zSmtMc@!t~d$gX;vHKT-9#1;8ZK6xL!$?<x_@N4tc2{u6ddTYzd`wn#D?-bfk+ZmhX
zT_$+fZ-K+_$(iYm<8HS9ObTa4a=NIk5=GD=$D+;0_F<NwR<fU-p}mk06?%7rh=T<*
zCdJ`_M>!bI&Vd<v(Zq4mI0I`j<?Ta~orektzac*2PO7Llu=meYqkBU;K-_8DJzCw&
zdNM9XhfOb(nwqQh=U3lee4|h&LviI7Y@Mlk5Zrv<GXm7c=Prc|2UVsSea)uXB_4Ce
zdHao<Na3miH`&h*sRoM*dvP>osKDkYDV04ri-13QOF7o0nowH?7JdOqbtF{^XT!Rd
zYW2V3m~zcJ=Doyz(K>ukKS0QxLaj@c_SP{t*yOs;Jyc#{b<52(IC7KaitUW`*6pmL
zY@tb!AM03LTu8e%)|f+te?kHgE0j6G=*~cD>j|Avapf=1iZkM0WPB*NH>)UlXNKwH
z3LH_D-h)ZIScK3KpMmfaYbfK|bKFO6IwRdz@Ufx*_7j#cj90>2l#*$i(V?JUMnFth
z1f>(SZKW9|Oq35$$|D7L=|91th;$(Dm8`Q#`c1-2DX!PSY~Qi^Cj)Urfsg1&^Vtm)
zzkcD4YIT`v(v~Vk7y{(wt&D33kmP8_#L@^AmiWztbvc7E!d?;}H%Bs&GGpo&^mDL{
z>a&COV-h@Of~?}J#e?t$ccXle?cjD@zQ9<L)0-bdp;#T48tq3<Eh6m<c-m-U#LXMP
zQ23Q$Z!?xAPQ5+pdJU3*;SoEZuOE})k+Zqmn$3hagHWOO--%z+;d$7v=A3d#g)24&
z&9UfgvZGBg^8nBFxrsp9FYDSF%HiIe30%g>erRETWM*s+nV|fFH%*AUPHX_Z;NT|y
zCr?tv-Y&rgMb9vF2HMn)*;5B?`KL{U8)J%Ih=~Gn3Mv3`QAYHYb8RaDT}zA7b9O7_
z(C2`6kLJVmKC+#gTOc#JZxn4zzo^j`LEHx4ECjGeUrZH#)H$P(kizWd=bVLaJl*>o
z+EN@L6}mIb>K|6-F)QPlxVwk23~qoay*`hKXqrDDJ<G!d5<TDTn9P&^f;0T}{D_Eb
zgJI!fR?#wDCtF6~yA+#DPQ{LN%7CJ0WXKdk>~PLi;<l=nxNrSqIbp|y^!={#kNEIc
zuQqCi)b|*gV1}QvlL9hg1tf`nHd`A!Q`$ARJ8z!61N^_fS4?bX=WFKhcc+I@;kp_^
z<P=RQuFtccKFbuE{nC?T`shS*X+~qY(e>$&Mt;+bWkiPFzFT?!{`%`D>4Mus?{r>X
zi7TWT-Z22u6&!mW3L>>lX2aT0+%!|RlHyeD+(vZ*g5r}o)uizscTH>UXjIICyi9Ty
z?w-@V@%VeQc;ILht+e2biJ2=ONzjj5*(OiW)8lq=mk)?+X=o^uY&swEe9wHsR_Z0Y
zPol8-Q3kxO%Do%I5ZI3gQRzT<Yx3+%x-U!;j}&OfsCc<*xoZZAk*Bvu5hY>WW+}QG
z1khkyBjxa8q)nek*eyRl*(ezcrT_lY)WL{(>PXw&sfPp{Jp2fdfV6;|Pd=<SS9hwn
zY=(4jn?RW4u6MtN9CmMrib%hysO4~HA)AY1zM8!5R;D7;c@WFhSL}1YR3;s-C(e~g
z5=TnwuI`H=9Lpd3VL^nU<Qvq<0Y`j^D|AaFafuATjUWL(hyS)Y^GhS-f-gQ^NMO4X
zJG##oLI)_ts)fIll^cVtuhZ>jV8a_P%jbC?Iu&%0gfuhy`Do2fwnqP}X}j4wFn&UR
zOOL3{*(7LziY{TiPS;4S(x9j;VLlpVRdpMcqu^Ngw;*zACn+2d!|*04wLV}yL-n1|
z3?U|8wZjXzP8wyLdR<znP#<5_cbopUuiLcFFRGm|VzcLCt`?3eFB|yZnUUlBV`rz}
zt~%<ihw)a6X&LOjc#+I!TUb?W=xMYxeH5>!>t|2-<}7~lTk^=Ywz~mEGv7C>LVpe>
zY*8-Olj@&HV$*<coYs1Va<OT231t|^`!Ku?{M2xD_1?0ig1t9BU-4D&MQ2eSpilb&
ze<WJl$)iQe2I$$m8esUh_$qvl6TbzFSAvxr*$a>uQ@M%O*t474gL_^@>o&V#-5q2O
zvfjPFM#1vEa4ej>0JH#w_}U>477+a5*VmF>=lh|hU&vv;eTaC!NM`D86K>z#F2p)C
z`FRKJ%!89BHAC!o$0JAV_lLpWulDv`w^5NwInO>(W49V)1y4%+92Tr5MHrF($Hf-Y
z;qa%0fshUEaV<y10D67MeG&ggWKRKoCH;nRDS{|eL7dfLV{4*V0L9v4OXJiTNN~8*
z5e4JsMrRcBKUiTv%l%QQ48Pn!{e8<ypB#z5vHeJ1s4L7)GP0CyU(C=TH;W}5D@NXI
z@K$a#jE!2Mh!m^nNHTJb>Y|+SXn2U0^HUQE`9^VIEhm`o=9#nHG4yXVIWDzfxP1-a
zd2n@_TZR!gV76t=hY(K_rnC1vN_VIm*eAL=VM^M;X-$fh&*%7Cx++#XNs*>vRu&(U
z8^5x$k}|$HQGQO8sgZFyj`2?5gmm}5`vtRXeUS~k-rMXmHGc>QgHY!vcpLY^-%{g!
zx@PQRO(XOV>T|jIk?`IWsxglGg+(Tr|F6zSGU=@!C)7%nxxD68*)8H8#MC9N+q(PD
zTgSuI2mHA_!A_{Q<qf*@5==b1{+T3X;A+0+H8#H5*Q%3OXH4&C65UQg`vAU#t)S>I
zB-HJLozk`0sPZ!og*>S`uqFGGHvs16VdXE?a=8yuwQAZ^mdE$gO6iK*P-Zq*V~9V$
z?!my#uCJL@059_hyGAWkqireVP5j6Hfr+8J2cC#V%ZCA^_f|Ib%ywFRF0B~UTT*SN
z(f*-A+VOUR!uopsJe670{NHcUY@kCaRmy=^t5$l>n)M4tr7^^Ck@3*y(ZjA41D!tl
zACGtEe&J)-TZv%E-CY%0iPo9^PAhBzBy&BcqmU>ZiL{a)HI>bjl>z;oS5RJ^?fGMJ
z@9%pMA6;AU&QA7y+|M<4OKTA#?msaf{FMmcebIKnufHpk=@>CJVvqeO<Zs#H8444;
zSqQm}GB&}3n>#R^1_wc`p8#WS)?M6;NEP-}LrNyZ1Ms6bqA7i1J&2A{rpTXq5XO4(
zRvoPX6-)jd5$%L;w)Od%R^J&Hn~$}gwIejf+C;W`2^id!q@u?0Yyr_de^_)f5D05U
zL}h|Ag9Qld3rSiC$=GzL{s3tb?;9YDc!<30RlJ+)yc;C^nX-p)(se8Ii{@EC=+C1j
zW@217O%wiwWu;R_Q`VWhLIc1A)7}}uaIR@zu#Pm`AHWKD+v2wuzgE|!P*alET(BVo
z<);aaa3(&aFPQ3@Q#Xz!a&W=Oj4OOlNF?e0DHDpu1e)Dkd^1wW&dCwgr*%t&(Mvs`
zJmiSAH4EUtjS&3HK~QZwtbAeuwP7RkPIP0`HPnOU9WMIItS=zSS4MTZ>JARd&6=8;
zomqnhCHDf9ZQloDm1}@l%7-dk#^<A5#P2V%jBK%0qz&$Q9;tjhyFsWD*57eIx_6;W
zVNFxQm!%-8Pro4s1%$9|(=3?k<ORM%clF_t6!Ug=aCu2TQw*>aOkBNUG+_DTaWT&r
z@7u65k+T;6=NbD7H=A=lV8DA12B=lP_YG7JP1HT8>Nd6AR}NK*ZY~XYVPDW7NF6#l
z{@S#nV|HWK7eU}j{`|#lac=0-jgttHtMSOh+jI5>$=<Cx1<K9+ef_a_qio_zHC?`t
zu&|D-h=7b3?-Mn|8I#x3AZ1`;m?e)eU35HZRtMTyP>ER@C6Ty1gT;P4>$pffrVpiT
z+u`#=#Q$q)2@CNl*w%#M^nL^}8AB^Df0RDZ+i7*Rc~&el5yKyXZin9@JTA?&N7dq~
z8)SWLh=^b(cdIoDQdx%ZyP6LlbxnOb*VkjH4NIr$ud0Mkn#dB~W6>f1<C?8$Kz}X=
zmCk*nbzjc<XYwhX$NdW7nxFpF{0kJA8xrUFuq1QHZ__Wx2__^L$;tAwxrqoDvWM7p
zue5M)A6}wj%#z~i-d7+6#=PR5_;nCu^NpX=aPnD1(QV09?tq}rY|i@kl8xcC=!-N>
z8OG7q>1TDjwTCxw*NUfoOY7fUpDKL%Smbnd?Z(sU*l0DSB&7#NCrg^DRWNR3#HO&k
z=WLSDH$(MhGywz^7g$uPqGSnEECKFQ?;NHK<XTX3$WKPJxS$ud<5pFLC)rC|$+aqE
zc0?%#T1q6WfJ5KQ^<{1b@YGylXG9gsS1~S{e-qp0tm1=b1UP(7S~K0x(MmrX;P4@!
zcN)Ih8ZXe%N;7f8-rQe&($3TS!}-|iKG~yCWnX+X4BWs0&KDux8;di#63fnJrQ4s?
zf4`h?+(EqRjygUQgUZ!VaXa?<BJ+h-Nu{Zy(E(joa4l%g14>L{>-5~z6o*!%o+WOI
zdTd{ltg<sPax<Ok1YS?@=Ls|{?0OM+gtdKJu=~{7jtW-1tPh{Zj-oawQQ%L^TCE_#
zXY}dsDIHV7`Sm8=QcvJhdjj4EJzchp&Llm^fWYu*a8K^llRll?TTtU1C}z|i(`}eJ
z>I(du%c93~NdFA-+UazpN1QE71yyuf6bn6wbc@M2<FgItc$Y1o@DKGQb5k-(g&58>
z+^u-GC3IBZ7U~enP{96&1Zqk&y3R#2|0JCnM%kKh3mc#UbNBEyuY|xzy^MPS9~i?g
zcTld)?_Wg3$@hprJ6C>#=*^EA-X9b9Qel1u^BTC<ruzx}+2EjYcP+C(^#l-{(_S4f
z+%yxj&+4QH1Kn(N&iYAYIOuH!Ggr;r9^iGyk0=Jr62HgRqz))cT1)rdfJNfDKtiSa
zl0AC#cTF2T`=%iv{L4HICwfmA+b>r`naocu^GVK=A5ut43CYT=@6N+k66JC!y{R}8
zj!TxW&1YN7=<gv}%PfDS)6dZ>QaV_mGm<oQxI8b7KJ;<L>@#vO`YrAEAH~CSh-e~;
zVXOPm;e@RCV8{UH<IAHWO^KZEIP_N!RsFIo^7RJw3klnsb<=U-%(oI*Fs>6fn_U4_
zt>uG!+XvvqsII#8gf|FJEdw<R>n>{DgIE=DLJ8*crx5$|Kz~Sj+nJ$Zdlv%c{cwZu
zj7sgLusfIlnh6A!9<c@r6;KRZ{DFShIbU9S?#T-s`(8DQ881Nm89LldP;1E!j(f3m
zMJ)pEBl_R|Y=FAh9lrNK)+L`xnwZmSGGHQ`WW}wOuo8voCQ4@qJE_bL50KbuZ2njx
z+y3ap{kQ3bx)k1N52IlFloRk|1n79VWo7otv%=$|<|HYn&N3uhJ}4?($h3QT|IV&|
z=heGaGS!E^av2rIf7kuG6gf^h=7`3C`>g`EVT6*O`JkZ50Nw8H+iY?(7!pf`Ui@e@
zhk9O-A)g6#@@B28@Q)(}^@|%WFU-%wR~J3qP?nr&RUu9@P>___GRH4*;`hd1P1@=s
zZzA|!JQb3sYOt!l6ii2r8mHCfx=hJmTio|GARx;(O=n}Y(u$$O?o|_#qo$Ha5K!60
z`TZr&W!J&IvtZ1#7Ejci*QNhEgbpe(`iGkro<{8l$V$n=g=cRVaXkwQLk3L;d;&SM
zvLMDToJsfKcChn1ntSWS&iwNTPp-144~+l=E29y-(1s_f;&$+Gbj)p-uc2*uAyTYF
z<Y~1?mY@I_ME`L5Sy3;QJ*_H}D-ilsDSz}WX1R)Mz~gB{RZFb{+Vos&Hv1WmCNTyG
zEoqpuy78k?iv0}HwrUGgxhv_M)Rk<VxfOD0+nRK@91UCi)bJ6@)BarQVt4oT?C`U;
z97q_L^daL_u^G<JF5ll#96nc|g~g*)X>D%iuPT&ArTVmI*x2tlY9`oL7IYVSy$3vk
zDc<OZVFgW_fsH?qlXgbKRtj1G%}xB%JJ#!x_E~Ggn{wm2wK3NY-6JdB@1=#oSx9yI
zzndj_FojQWjbntjlfcs}VXQ~#?wqgUt`c>xakp`Q14MXV6UjPxBXo%0wsQ(mKs)95
z2cCIbfO&&kg)1Y`b!Fuh79t$6Unwt^IaDw9_ALAdsRB2KS%1wk<gGNuPv%R(jGVh?
ztpwRAaa5Kn_xE)MCSt>z<T7`L(W|{~v5fqXXTJae2mA7&KgZBr#18eY2X&;;R-%17
z#=gMs$qINo*bHWR6Zc;Nm?;jb>x}aYwVTX&8FK!IN~Pw{aklFb(^+`D9z+|%LX!V6
z-@}}1)7)y%6Qe6{gND6$7)TL`$4lgm(@Jc4z2=s>slGV?L4dN(=YN-ap>Jxu4Zh=~
zoUyMqs!)CVw@lVMxo}#{vnLCHb&G<g6()9AOU^lcm{AeP!P9Q{C%>v-dXvArUwK^~
z5z6**fH{fw{beXZu5ZurB7mW8Z`QMJw$t0b2(@0QLUh9JzYnmRl`cv|%x9xuHs|9G
z3TZ?g55e53+R&LdTF%}W#<Rr|x^(`yJlNVy2pUwA!Y^9qvO#dgX^EMYEPT-yBr;$A
z%KDq0AxXhq49S81iD@*V&-%NAgE0%iOnX+FAh;pqE<`!HeQI^qHuzB3#TKGhY2v)|
zRyy>}-!;~$TVN;VJM8z-1;`SuS%;D)JxG((X~Y4LV_R!o|KT#Fsn8FY)Wj(pVHyFq
z8W3YOI2(1(5v!HKF6)=!eFg8qH9ac>o+}MD`B;KqvIYOH&1<)LcxkBz_+Bqar8#=I
zOvO3!{YX8pODSof0;hs?TD2so*sXn1*ul&W>;^EN4S-n>l%BfpXupKm58G3#ZfWF@
zW#%{7-8NEI@z4q;G9=rb3Ei%#vd#Qwwv-zmXPRMYmkG~4Yi)bfWU+H5mWF6)<>i9j
zZlfek)?cfq+myQVARmY*^L;8W%~`xWrGF79qVLtb*Dq(uM>oCKof%-`kvKDG6;+az
zF=@^$9=)}U3Lr_$bbz*9iqG@4md_|o3fGs<eN-f9@P73wZh%-idffIaB{XcjA1esD
zz@iA<McKJX%ZwIYS4bC5a<`@$93c$ecByjL2=c`xZWWSgMu_PsNZ|@ETsAGJ^+h>%
z^Sx0QIGA7k4`8)f117wc0I?c)Zq22z4&c(=JrH>p!lJQe#Wmnsx0ECJ_O?~}F<<Jp
z=!od#;Y2VjE~xJ^hFE}rp#eO8+hC%Y@Uo6FB={RR;gjZwr4XO3!XfQrP<-C!_0n8o
zp?U)7amOt-dYeUSTXjsUS-Q8K!C>|cZ-XsG)zwov&(gYXh@9Ryp*2CTRXk(2(=76=
zYIJ0YGA)~l-#3eNN||aqz61;73WSr`16ktz-BGDc=WIVO>M{2fNYm%JBinV`kL8&q
zKYZn$HHwNtMzhWMl&LlBPEN}6&w5_|RipN?SxxM|n*kfm^&vuzFWsq!^vH0f2{TKh
zRi3_gj;unl8``#9PH6Ad14CqpvyPpGZ1M`e`5|oOeR<fx5YUMkE~mWp?<6*}4(1Og
zlwF@<aHI+O*YqxD*3Kh0ALJ7P#g-=re^fld<(Kk$2d=Pebp)zn1=U?7jB>SlnCir1
zms0+;&h|Pj`tr8%u!)jXna7FE_+&f3)?H;GI(y$91x>KMT*lR+T>BiB=LQ5}Fh!(C
zr{mQKdJqjb?|CA^N~oD*#BBlxiANhK#%lcdSB}Mg7tKAzLoNi4+EOzqe>DJqCh@iW
z45e3s3p>`R(xk!;yMWO{Lp~s+a;^3)OnC8tj(S7P8!v5ilNMJ@Z7eJ#>Cq)5$Q=bP
zqE^y+TkZ*$84XJ@beY<nQ3C-z9o=eO+>*bWEH`(rwy;9@UDg?TK%zPi=)ef4&&jm9
zDTfHQQC3)1Vb~WN%dM=`s71P>R0^rvZ*i~0!jkCcdn-T+S`2QH$3Fh-=X7wy?f0L(
z@xHW2g5(-E@e&^XT3HP+5f<bd%xkCO(_jF!Z_9+2hB|+#D5#%1H##=S8QLHBYCf?T
zYg6E>TM2s|+-r23og4gPhL9DtvEiDlQfoUSx%7iioiLeloaw)W05zsLm^-6`FpWgB
zTEo1~<|sRedRFpr6t&p6qTh3msvtvgW^p1b8WJMtyKiY8STG&m3tFS-6>z%M6ywBM
z&*xna57UdMM;K)m=<nfZ@97&E(8AWMRa1}20<D+4ns*ZqO{9nZ4*)+wz`os3x<Vds
z@%fN1shXH+BBZW=6S<T2cU|Z&LO==#5!0K-T+Tv*!_)5Ai=l}?S}9pO;Yl)zj^IWR
z;lO1tY}TqJt3YhxWv#;t36VJfvCM`?xG&hBH$|8PCL%#CXD=7toiR5V1VD%sm|(jq
z#m(W_QIb0cp-)?z?sqO!GECY-{;P7bzM|fkV{(HR9EQykV6-Q~0+)62f_zF&{KGPk
z@V{!?7iDuz$=~h2PM|?CidxBkCvTIUP~{kt`O&cvIdytcUeH4F{%~+x%!Q$oEA(rG
zqM^Ou4r-o=;NQpvh3c#*e6XZHLjW=7SKbwTu?oFiJ@)T3PTW;7ds8P>`(+EE#3Zk1
zVWT-qvJOEIuddE6=N?Qsg9rKttWqT=k<C*UOfn&4Ksd$=6WEG{qrd&h4f+S#1ES2%
z*0zPoHag+5iTIZ;8003e5Y~e4*%b{!`|j@UHmn2ZPe;CBj+&x()wpvi^_j?3;6=d}
z<cUiI0SJ@nC(q{19g6}mZlWGSNFg*85_h(p*HJy7+vWX)-6rFmd#<<uT(J-+ASOUS
z!+IeM!>M%mq&9XAH@{!C8v56O^sDfJN~O&f6`Y$PM<2vXoP(Q|FEQQ5dFTH0#gOV*
zD4@1xC5V<LaN>McVGR3^?RHMRJxepNu0o0xX)>2nRl@ndhY7p(FSssuc6JWzk*gp&
zpyJ7S8_(bx!q|f<x(MBbz>Toq)s>?JlptK@UEaY=_Q2n8P9b#DLf>^;vE9u=B(?<w
zi{!IU?A$@IomCYc=jWf>wG!Vov0YxYEjbfLvbn6Ji)4_OBRQ|c<+wxmC>(A$o|`s~
zZRrE1nmOztnjz00asq}z9_}GPm*raR>T+o*ws&`AO~1PZ_q4e|^<JV{F|irI0f@8!
z$e}u{q9V>qj87Od@z4Z)0U@ncO<d3Gf`!EwZLAJXyllpeRnB7j;^QBOuwL)zgHVSG
z+j)I(8TKEpRcr^Y)i}SZ;emjExM(Ayo`=<1)wZo#aes$nu4WGm3jSX4)yMnDDyX~d
z#=|PS@+&B)v|!tx#Xe}8bm2Ov*D9P(CB07zV`{j685|t8!XF6x9T*xkQ4pd##+2s^
z3pUm)>o^ed0EU7mp>GgE$h(FDAR**LgdkdoUs7?2lP%;;Cu#YjPV~p8q;GgqdIm;i
zbn1!>O`bRLud9DVe>aj$b~2XtErgMTie-_x<RHAkDYvmQFT0y-vbVh^-H%4}=B!(a
zOV4Cu;gM{wEx0f?2z9Z~gOhO+?c?2I)x$~5L5Qc(*``laU085=cT2Wc=6nu5`-Y@L
znh$2EsfRAte-$^hU-G9I69E;e3fa_mqn6wIwuze@nkL+2@iaWPLMjq<m`H~_M!50M
z<$~DOxSSADhDnD_{B8dVmglcr&AVk=ML?a*_*{Kf*|VqH!lTAU$5fQ+Zzz@k);Blx
zMq9<dg+&t$f+!3}W^i~O+!m40zL;cGD%~bH=L;S7lpi<ma1Nb6KW&b+D^}U~DBh<V
z`sQtM!ZbvtT@~n%%MF#BA+lg!J5tU@9J}G60W0bPXW7c?s!bY!3;Ucf*B8P+Q7j~Y
z3667_JU6igE>H-za8zJfm@tj%G2A+{W$u)F_hwC)a;SjZJ!GN9u9|f3f#U@SQ$6q1
zoc_G(`U!-!w|q)qB9Dn6MB+7{yA7d!iMW>OXc-!t&AL$fa@FN{!@~vqrlk9^r6N;0
zcb{{axDY@HvdF2GX=)Ulb8zeQ^mZSpoQq>UH@_hF?%p@o9?lC)PT}r~tuky!65`fO
zy;`bmiB85N6B)wa;5vFR`^e6ZE)@=N%tCeDRyYTs6Q8ioLZQoCP2-~@<|54;5CCgd
z=;hY!JM#VaKiYaATH`!*c_?)PpD!L+bvllV$@ZdM@o)frIc=a$hcCjF9`co$KvCI|
zor=qa_7twuXV0t(vdfL>7#!@kbObmTCMPE?uNrc!;h3OrLj;7l;;Q?iFvG6310L)k
z_hMQENdN4%DQkTj=O<DbU|+H9M>FTlMT_w;fWCtKsBq?<(Q^|;Wsq0!E{;!E(OjxH
zhf&}IE;P6?%hi$-cyP^0Jur(79E&y(0FzyceQ~Z9*X1|0>eK_LP`ws;80WQLLD)u~
zS)|H<>w4<!Y0D3au?}ueTqofQMEVOj1o7QPR1lxlv2$+TI|W@4CG=Tb7ts&SPMwuc
zKE7uC1pE3_`|eLa-L}*Z7zf}`vj?qlY!7i<1#%~RW8A`n&^T4l?PNRb9ul~h91?yS
z9SCS>UWP>VwhO0u>XQ9Rq@B(<zpUD^h~1kYC#|b~oUwBZ&ULtJOO=YxV_UFrW(bmS
zW~1l_gjTdY9)7`%`RLI@b1R1`!rOYBqKtc3bJUpiT5(Ud!#{)&LRvuqkPvb_5C)10
zzg7Q~y3j2h-ThV_w{PUMboBH|p{rL0CugL0Xu^Jv!Wjc&D4x-)A|PCV^_#k2dhk&s
z$?vO`F3YEf=*+IcQQ6yCx3FI<uX}J@g}+5vn|~y03lGgnSK8Z@t(658>b9i{S6$6b
zu#t-^lg%f&V_ry7T*DPKam71Ocmxw*yk4^U+@WOb6`{IuHs?c_GtPPFHbCBQqSSwn
z|DA@<dj~*j3Y`1|M*>2A;c!97($MhWfk`UFzXhEbp#a0?##((T$RSj4m$xvvKa3!1
zg7QABi4_$&9$22GMV-L!?UfGhgD=PuMbYb+m%I|mHZ(S@f6w}yZg4VHZSo0WW5wJ}
zyXF`PK(N5X=d6lx5CBmyAP9hP{~=e~`3p1lcjT`N0t*Bh<XuD+TsV(Vi4yJzh=veJ
zAoO6eJ2O2a=Vu<uPd9Jdgv$v-ISVbuL>Ep=IANLvG)#&i@IKJxBZ>Xm+KPo}*<`gA
zT%%3<9ZBns88x=fp&vYCk_s^glR5}t$St?!!^mDlJ)AO#|5X)AOICCNMNQITY{pL*
z;r@fe4ik0zerkDW&jE94_FAEkG`ref2>*Qa=#d>mh=C9l!h;q$kpm^PPi)(Y^Q_p}
zVS)nOvFJZzV~2+UhtvV){?+ptpGR0CL=7D4=4!&|PpI5&1v+m0qypeQ+1cK)9CgWf
z`GW0t`NCWXt>uc0;Zm=(*e@0IG6id2SCusOjz^cC0HXFi6;Q{1xM5YuKfd-+680Xp
z0o#93&xz@CXH|e1GZz=muO$_%A;!TGgyW2H3L)8W62XN9hoHH*yxSe3VAel8iGBZv
zW6Y{D>-T3>bUk(Zt_%+jsfd2s1org)V)(*1iEvSfkN6p3iYU5-bv=Ik)Td}DnMjY^
zh@tW-@^NAv=H9o$Q+X3>T?l*p!3u${*Ls}#=YEXiw<3$Aos{U;ILEj27$9%oBRw7v
zkp^`f#c?{P;_g#@z%f6!VEqGQ;J6Cq=tB_MaV#L_;=Dr+Ks>;4A-b_S?9hiXhJN|Q
z=kn<%*X;Oj_!Izt{L^3Mn{U3=J~XT6*0T1Mg0DJVlS00b<h;aqiaxn%DG88svhzSu
zp~G?K4we~;c!V?{Ay22P!fe0s?UKI5@edySXJVf_v}*Y&Yf>LNU+rq!a7?V~vI|d+
z7Z=U#Th@PLoPtn}T!6Ul;hKo^9{<L^;e5lm+}}Sa-Mzi$rbqbn!or-1e~+}CkqZ>d
z!+C{sDO4&C>wc5C0Edt-TL>YfB@_S&A&1a#3+)9lh#^i8sZ~2H)VF_ZN+vITrlQ}Z
z34#duh2szT>x%mCLT8stI<NPG<vmG?_lEb7F3z4BixUL#I~N(8wOoR@F&xnKbaeGu
zrQX4bX<2!8Uv@T@Wqsk1iGL`lQLF9xZLL@`b%f_OSU-*;bu;SjGks_<LS8L|4>#Pk
zrZ2=VXumY+8|iG_p_Xw^-ucwF5lk2`vB4x84#Vb&znj2rn1F(bM<yLc7ajjbyK%Yh
z_(JHhTx9ztb8j?$UK(|ycdY<=qN5Zq->2Zta|zj9Zm=|PvO!GhRgnfxCOAXF<Td1^
z8d3oQ;kqI0b9Z;&CX)zJT+&GpoN<`2A#4p!w6r+Z+uLoq>M(h-$)B&BisOrLD~LnQ
z4o`p(I!vY@WNd7z$Q$qKG4bb&ol~hy|8`uW7W?1ys~1{IqLzO~PN-73Y7@I8PgdN#
z@Pi!eiy3#kyy(>Ev~7IFDVKEkF4`A~_Om|qK*Kibxd5RD6<%=+u&wnF;LOPcz(}M%
zZpF5&Z556YMvlTi<;u}j-s9B%TfvIFtHz6McU40VZi^KfQehP$2ZT$PKp*FJw*Hjp
zsCA~>5+YXB<qxZe!Mc!F<Rol%;-%XeVhCJWw{PE(DHZrowHa=|OpEq|V1s<6<%?y@
zYY4GzX8N2h1J#L<Cvx6bR7RdroPQADog=emLUtVYB!zXtc_(pM$Dr6;j40&r@Zm$5
zo4aHJa4R7cA_EHUAms$a9js$lua|ItVJt(RfSVB80x|cl3anP?)bi=NV`&Ak;#^yV
z0;fm6x&!d-?vKj{Sid%*(8b#NnmLG(8o``q{q8{t+;eul(M`lT9v-0J`i66EMFm}q
zw;`-ld|o{KjL*VJ4fh{Hx##r(z_;IhFMt30-{tn5J0?;|yk~{VaBjhkxVOKTi1d5A
z{(5TpB2m0!*9l&kdal*xK2gsV>0FK_tGZoMQLJKPWpMUG+;)|$)A=;($09@*WK+3Q
z;f};ufMp>(IJD*K!oq!#3PkTSAOylyiLhN<=Un;~mx~e3zy5yYYaDFYfBX&S8ASAj
zg?T+M=VZxpx~`ij2+`1-f7$E{A6mQ--a%g{gnT$q03?JQLR^23#fOIF^~SDZqE+A6
zSs6NYLB^)9$<!ymm4R^xbiLBuKcb>t(Qb~Q<l(c(f?kH>p%iAda`^l^3Dd#<ov@QB
zc1f>_h<zic>;`dXW7R~!&DA-1K6_IqiF<aVwY5AarM*>g!kTk1MCn~Q*8V!|iFGd1
z&;|!T`Jx3!Eq-eLMH_}*y#}JlRUx)y;km|&vzQQJa=YW*Q}`T21<M~UuOWfGxm{gl
z%vKJ<NZ!5kFL0#X)im*d>jB~fDuN<B5fjD$3U|P9IjTYiTzQxX1@{^9RE-P|$=KM4
zt2XPGi?Bj02cc$gZ9RYPDoi4@%yJE;1VAh&OlU3FpE->R7Dk0!OT$CMHX)9hL>?4Z
zz+`z9Iom2u;Kvx0%fc}i^4c}G!HbSh)bhv1UmX;iT(wl6s|xu%Apj;K*>N1ge(NHa
z^57`vTrHM*mDY40jB+NT<t;2WJ|IwgUD3AFeJ@T;)H8At#oBG3|BiQjVqC{@b-Bb|
zu+NF}%AGM7yKz3}^mUlCD7d9C`L84uc=IOyh5a~kmFe(axao4amSaK7<=C%WenG2(
zJU4IOb-61$?RV4X&b9n59Gqv)oUxq_#Z0h|75(|i<0tau$rB3?hIj{21kOyj1$VYq
z?U)8fZP+&F@PY_fvaolAbK|%pgc{48JT+lreKXi+xRyd?Y0IIx>x3SRnJ5N<>d=o-
z6b0?0y8^f4hCWOa%ZHjtzSkba4MKYe0e|CbO^IX}?}8wP{D03>%*8RnLyx}xUKtr3
zv2nN0kGaUp2bVR*TL^&=aG%dV*Z%WVkJXZ;9&qARr-@AHQ}{ky+HeeRY;IV=5KGIj
z>|ES~DhyZ3eb#p{4&$L3nkMAs!+8nETUS@VY;P^AFxlyH8@Je}Kt0c4&9({SV<>pC
z@ADbDT%}#Q+#Y*y6!N3mSmHyEam~PkAUt?-50{((52vbg(z%?^QIvl2_VULBg!S6F
zreoQ@3bX5Lt1|bj!vwsN<;l%h+d`zpaWJ=J6-9-%Z2PwL0n4+edM-Vjl_eF_SC*G7
z)dt$lIg9IsKi<}TU09D@t9UO-2ss1_fP|1E!3|HXTDF{j9X<V$&5udX(1e`2{FMx!
zz92)VFUgs!zmWcsaTWd|(fdX-YE<?`p9rH0t8>o8VL}=#e+TYO(oP<iOD3D~xl@py
zPe-e~-m{|MZr@&)ZUe%Bm!zwA$eex<1lJcH%kzgfWp8WEa#vN#yS7+_0>4@!>F5y6
zAoa`i&DOhk;@eili7UV+I;osxu@_-*(~e~QE*W~w`dHv3PuyEMT@Xf&NkFAmdBK+(
zHu?RdMF=aLbPzTks|YYXeb%bYx&k0Yd!ZR-W~MEi5TXZMUYM9pOinn#Fx6ggKRlb8
zvrw}ie!OnW#dk2dno=<&OacSLI_Vu895N9Rm46{P&P-3s`3vXe%-K^a0uHJ;R2O?O
zsa#lCw6HmZ8Yd!KTx~fSe32>Bdv4{pZPwh45Y~p!%zc|6md&No(C<z#zF4qn&GqG^
zQf{(dmxs^tX^BYOPysk+6Hy3&nQXSjf_-?KKR2pYRo&-Vcq!@Hx3d=uF!42K8}|Q2
z=SSUp<@N~$l=NJ-T%j$TF~La$cPhlHS`~^u9^@2`CH@_{2Pbkp>V-yyQdF9@oRcdn
zcHKh0MmYJt`1~_HZ>CLzM);+PgI%uAL!b+ErHZqRsQ7YzX4>-e4XQAQb8EpuIv<(C
z5CS*$7ggcmOoTA*H%8!GTwYoB)r_~SjSvocPS4#-7cW|_IEc}>PD1nxRaVn(+H|Nt
z1jPCIIdc?Z+YxGt?Lv4dio2MwiyUb<cYSe(4;d5uET^3l($k{#+Yn}4_<P>YbvVtC
zV;1X#&;@~Se0)@<r_Rc}j)C8ek6W%&g!iAaT&$<;a|i*SefZGw`9Va+xrgHmArGk*
z&YnH3{p*~H(^DoKLP#5*7_-pzD_1Vtc#g3hV{2qC(Lwq6<Bu#H-(6=jmY?-Ezx}oB
z?Cw~q1t-K;On?gx-q1Ii_s<D{`*wZV+T6Cj45uN!1IITiyW_zR&J#Bt#a`rhRkp+D
z%n7dhgJNPB`?tIR=+-N*GzK&i3bh0w(%k-Kw|{U0!Z~Y2b|xk)TpQ;Q+<+x74z8@O
zSgM5w_wTB}|JVwCY;A5@+5r>=2?FEW3ZoBwIrg#DA9DCUA>_?N0gw=K2yW^L@h^^X
zL#IMaaa{Vx&dS*I$1?TtucdF~jCA)8OR>98ML2h3W`ds}gu{pO9y=5vs(&s{{^RnM
zhp^zX&&F4C1spni2P^~`1w;CETh>P(oBFu?_>OEWKl7nYVpZs(sLLkQE!X$bO%x?J
zTVlCtyxS#;>S4X9eIX|xbOnDy8wfY<xWPsr$oRzNb;nBl3ORQgy`2aTYVB0|K#yk>
z*`x~-98`y0TidWA6A&)KM1NqQ&x#yCzz9Wk;8w!~EnPGOU|Gn~h7jOItAx5>g<B9x
zhDlO$xFjZ^`9jVnNLW4uz#*NCA~d+Kw@=s6)iA+BxEpe(A#ASEk@SuP_P9}ud!y%e
z!?4*Tl+|LX=fpbL7NH<gCKa#VEF`|%2Ko2+m}2UIMZ}VrsgKx{5dQ4{)%1Rn)x{0(
z#}N=9Ox9{{GL10rii&Fxwy$5mX;oZNK^Wq>RmN6fe0q9HM)ZHk|92D+H*igW8?RIQ
z{<@xf6XWA{Zr#0mUmkAjwM+I*e5}=Sz8W(`JSPw%WD|{c^X5<HE_|xuB%FJvRG3FN
zBhDe@l7+Z))IOp(2t*BtF%Vf$%^AxI;=ijFyY8=@d5Pau2;=J{ZU`)B<Tcy|ya?xd
za}}{MrlB7oUBceZp7kSCUPoR`<aV^m+DOIF*JCbhv^|PXAnz#L);K;c4_&8?#}M%#
z-oZtU&jX}yKrTQCS{E-}w6PN|wrnnA?o)ghPC<MJ+lJRU6%YT5_9KXoKVH9Kc_Z;)
z2jTc80LHNw`6`JZh=&lke%QXLh*mDU+@^S_5mIuX2$WSa&t?*l$^>=2c3^o}chwgf
z!hYrO*-(wT<{s?5DIqH?H$0d?SAf{Ky|t<0URFgv=hn6K1-{ZRu4{ORhH&8p719?M
z>tVkcYm<DEEA(v%a0eb#2_t|BAxA?2kPy<ExK^Ku#rl*u-(}+8<i*eB%++7Y*=xTs
z;m-*rk(BqVcGt0QHzPq9t2JtR#}1iwp*l4m-d4k}%es!es4lwsO0f_iGudlauw!6i
z+HFrJX9Y{v=hq~-PwKJ2^>w^5aeb@fs6HJ|CQKCnUXsX!<4|=KxvTno;`_+EQV=c*
zS3ysAk4=PH<r6zj+c(~%<Hj9fNkv_5mlZs4p_b{-CpyOaPqLBNhmuvyhLZ_ZQLP}z
z^XC@&o68L)0wA0va1tTs8N>v*Ir@CDiF7V2v>T4ihUKPOwL%?B&lfER6cWkfdj|_-
zM7A6_Dke`&niC3@REK<MaA<26LRm6*A*x>@d4ApT7uPEYz2T$KymSjokDRa;W$MLX
zUIyEn5Mmo0TyYYr=+~M2sp|4m?kD*v8@CeS^3F}uYl1+xwl_YXRQEh_n>qI&CiD=B
zu}laR5ODLk{0nvx<F0!UQuFRfxce->rsYtq9r!r<AI@!@?}cKoi327az`bSSe|&5~
zDhLkY^Dp{dc(@S46f^z-&bk#;cwl{T?%BMYow{r701;(xcULASH!SxbDzP553W#k8
zAx2em96Jbc5KM3^pQBpyKEgF?cJOVS)3yi?Gps7G3hnnF%-TC#VQ?s7ojArQ4uX7x
zs9cV!z{QTjq1%CT5XbV9Peg^MAsq*nOnisXcvnTAZ4|fJ4}GgcK6HX05<-BZ1~-57
zio*Dd2?bTqzDU6U=co(2-Z0^)2shu*fQ+jkhhvBEU{plMc#F@Y|E;aLf-VpcEmy0K
zm)&~p8^FVpzFxcj;lWNQ3WPEI>#x6%k3PC$B3kIzp&$>=GlV9G2V6L(@q(ieVldVX
zXJ~i;=Tb8`x1cNN5!qOi$wWyWLG)?t56*Ao9|gHw#;&EPc8ul2)#r-N#QxlL=R913
zC=7(Kc04G;d4Uk%ZSMdSpF-euiP4SWz}Sy^K_YA)3V9&6A3$*s{0_n_&O?Z|iwg@n
z9xTY(%8Fj|T)00(!Z6;v&9L7C4~UY!&U;TnNNXqn5<*&nym~0)kuP@Z%}kGpYiB<C
zm7LYrnJd4P$;)SvUP+%~TST50>{7XdaFZyh1kxci0TZ0s@!TkJlOwQx1FuiA5lWWV
zC$nAs(lgX=A;P<x=j=umxd@9r{qj&hx4rh<Zt@Y5f+8jep=%jBcVbeu0&|MFN_X~`
zID{Jg3~s=jl2M;zC;w@|32sUe#ux-9Oq4KD&8FNam^8pO0S6f-4TXH;gtr#*KfVA9
zNz!ALwR~7Q*^T#fGB#?Hu)dz&0|MZOc}&sYUEhQ|@6n?tIw2dBGb+M$VDhEym#)Z)
z@UzR8E?N#LOh7MQIB%hXX*VR!a~zlXxjCx<{P@v*{oS6duIyU%<mKfR3)`KUsc!|u
z#)+|UxpeWoi6IDoyL#oa<xYcW6<E`4e6H)hednGDFUT!evT$PTN5#gKcggF~^`q2V
z(*!R4DKARZsaO*KZA_$*cdIE?8_olSb)Qmk>C~wSs|t%eigC?XGq;5L`6DN&NjRA;
zyyAZ+CQ87ycIxygs{(8;(IY10HZ)|MND8rUcX!9~lVSVubFEfA@Ey35AUq>f749a>
zC5aqhR;3p0aPqM`OonZLyh}TznMjKY>9)4qXqLyeB<m~N`kJ@z-M)24MpUSQQ|ipw
zGb)liw@}Ur-Cl$S_w=YRYRAC2Xw50u(__Mk3)Ahl7Z}qqW^-%9^1{J|x3M-S_Q1*u
zMq%3^I=K9o6`6aws;{hGdppgch2sD*a!R-5sh*3d0E_&9IHw90hL~}Md%Wlu&T}jq
z0wi8oet%z&3(M3O3L5Ng<5M4Y9>B&*yj5Q;s+Q#7d|TTP9-N?0!O4m3c=BY}!hJDD
z!ofGL<KjmjT~*<$ETf~tc5Q?3wYca+XSk~&8t(0G`P{4-6Y$`!!*X$+-@bd-3Ox-E
z51Yt{SFzY>-5pN0ynZ(Ct4$wv-XeUs*j02X1~T=^y+JTU|G_oG9?<FdgHU-~Bgz$*
z6LnXw*%<%fAjCL??;?GK?c09IL~DdWyL_NoJ4X=4j%&;{{S4AfU|lQAs}_okkY|XV
zI9@rw?XUkBWn2VH5}Lg4Du{~<h2PoPHt`h?8u35^)xB3%mi1b<qCc;>qC5IGdk~3Z
z{SL)9xWj8+kZqqlo`jIs4Fy0#NK0ZBLNI46boE(P-=WhNWpwI_3{L7KM+K6u9-Tzw
zT)sau`bGX7lQe(tW1&>Fx;R*=_$t4aK)x!kgiYuoXEN~xBJ;(Z6$+`U(1&oS(*BMt
zKKw~Vz(pzT!d;>3tRbINr*{ROa1xL>``l#G?E@x~Sy${N+?<+eCibO_?TgZWq{4E2
z*mK5*J-0A4`2q@YQkbAYKus+vfX@d<0bFYkfH1L63v!l!tJ~$@a!K?3cXb_hBn}Dr
zYnT{XC0FG03bwuu>F(~biF^UYDx!BQHoX?G4{_Go17TNi5G^k+$%;;1cJ}rTd>k&4
z@riLcuj(Bpbf|s`S5_KxCF${jqhonx)x<x53fypS;CpcHrNMDRs3a2Bqg}^Uynukw
z96njvSK(JD%9voSuC034jB|k`MJe6_@9M0LQa{;)g^cql1t5yS6^nk}oTCl@wu;Lt
z0u1N`9FtP##0*uR@pDmH<-W8vrp}p~<qmX{NI3T}VTUts6uBG+229XBaz7&XPy|bZ
z0AtmOcXlnL8*ac>K-@sl0PF+AhWfF`_M@Oj{srOve%lc~X!*u)eq*1T+>(~HAuqM4
z!<<ZEzZ18XufprvtIq!ZsyuzXt3rCeb1|yO0yh@MqRHELq^RxPX->Z>6JQZ$3Be?r
z61W2$ogMa|0RrNv3O;wU-Ij6#?QD6^#0fVw3z1B32ga*S73wPHkb-D~c7+2BVaX6)
zCMU+6vr5OZ3o5R_891gQQ(EXxxA|EW5Fs2w*ev85ot^0r>JNu{Y;O>NYnG;?=EwB6
zw=d~)&2otD@0+OP#Bi4`0oNPk{KGLc=dK<%xT)c;#(0hM&t2o9#C3;0vb&>#+v2i0
zLN~W|WNmfbT!HTXB=&+-&F+URjf3_Hi0lLX{jMNQF6;8(Av{@y`Rg}s%H7-dRd9T6
z&Ndg_;9PPLvLVjHt%v=v>hE~Kuu*l_Q7`mEu*2^WN)9m+xd`!~XH)kTIsNA6=UtU}
zE3^@rGjM9^tX#fwQO-@DGp8i-zRoYqTfWP>n=t$4gxgd!N2spu!hyGJ8}TsGD*x)X
z!S%bf<?{X6=TW`5A?oAZkj{5W2OuHjC@26DLJmhotj?Z(75!#pZ2BV^I(5;CZs5jp
zZ_5dQ6<;{8`N3?Q(s&v|CL3-_yc^^A8)W%r#B#pr1gYd!3dckxo3Wd-Lb1yVf}lcP
zSp`6dbBnV#Wp8t-Np$oZ^^%jCdI(Eo1yXVyo%)`){i~{ARW0cRG~~<rpe9Z)Ls|?x
z>d)~Z->QGtPc=<2z)d&A4&>fKRm1LXX%GN0@x?@@AIZa!du}Z(DCKU7UJ#^dpR4L;
z^3u`OX)Xs$o>2)G6P`>q(_$+>Ff5eOxll0q#4ex`Fx(4!J39xQ0%&76QZ8M(V6Kfb
zXHH9ZSEB&viZ$$+K!cFM)XMDGA({N@>Z(oNFyRE4DE0RbX#0+v8)<lG$b_VH!2;Vx
zgkY%vxME>%>$ZG1`Ngq_k9o?zx#JXtqCjuDD@2l1&rP2#yL!wZ{6G|_R2zjf9J{{0
zehaV03+G2;?#AOy3L~FtAz<Qdf3G?7APyspyOo&Ky!{#fpv5N6y1fuM;7CNjfI}%w
z#^)!)vJoZ=7gPu*th&bt$MTK4?H4<D<Jdohss%AKu5X+i9RAbex+@6M;(L(`$%RV^
z=ZAAA<&z4(7>ll5`$#V9`E&mKd21(#AepA>$5@XQbI@}DZrBkO#v#JsdS(tJZL<jD
zoeB6D_o|JJD^Ac4f+fy3Y&O=1{F-ok!9}^Wydoc6y<+W+{!r*R7`hD+6XGA<>&G<+
zSAMtU!y(;$6Y<ZxqoS0c`L+r)fKV{VxjHL0#zE*>URtr^1u=Mfx@4|CjFl)rgZz^i
z10k?E0jk6D)nPnDKFKIrvz(N0;`O7r)1y8Upj}9=bGKuR!18*0crW@JL}85Y&S_XR
zXWoxDZpa`1_-89NvZ}%(9`1zxiZKLYHgW}`_{hGV%a5NtwXr$&an*UNxLvdB3LJn4
zk+&isdOkqlL+C8}BG!d-1#N)-iSYTedW|`I=8O#JwH!{z72S7KONIalaoag5-;4t=
zP9@BPU|R6wCE5(_h<(KVMor<)*p?2<of#(rU>v_2*PZKQwWP0y7a@eSf&w5R<WO=Q
zIw?@`4>|wNee%zi{|}YWDyV`sU$Gp0<<g!CUi;=!aQ9LEro-~h_%ITLd*lj|g%bid
zaj43Rr>yu~t#-`(fB}D_h2+rUTtQJX>C*{h-;ng_jdcImDaqsuQtTa+?txKDER8C`
zR*hIy%SvhA#6hb@nJoH<S$z@`7bmkutPjFpXTMH{dj|FAq6&W{6&qFfs4nX|_MEdM
z`x0)$_nLY;g~?~QDTb4vc~0eWr)8|Ivq?4P*jHu5)IK%Q^vg&7KTH@NJ$ft;W@n|V
zyUW7c;EV`hG6Qky+O?||Lbtc?s)u4hyDo;!`kLE@R35d44XoO>bogZ<ss5K=ekPxP
z{;8Zfed<7HakGo4p-J9TTtNYMxrbo4p-L&7N{@8nhzh)LWgur%0J){kpP#nhA-t)7
zz$K|qgNYo%ADz=<BlVZqCZ?FUAvE}bzGh~o&3S@^@o>4|P+&VCHcWV@QkrcQdvQGP
zS_trc3vYwd$_X-upG!x}%ZcywXi{SJVcNiJ%^4QA{#7z2ws5hQN^ttD$@8T}%S$)l
z^J4-CXb7u=h;ZfdWy>vxDzgZ?EA7Drows9J@ssxE33U=G>)m^<4e}~XoKq3$s)gxY
zym;P@8#p=yxE}t9LIzSpzsOoRBen|;s5ICXxI@8?xooz5*j-hg&#$}ofS^%}eH8D(
zbvs9IO|p94!dZm$0C2BD7_C%lK7XRCVvMS#5Sy!Bhzw&Gz;<`&d4P6wiT&NU1>q0N
zz*w`qJg?%7m8FvUn1~SGf`u+Vxc@*dU%q7P`}pIlDr~yY&fsFg{v!Y7sne4tkes^z
zP!{xe+ct(_n{cgi6}me*`kj+7mra~x5JqiZ_I71+eMuT!j;`H{T>~yhCxj*y2vIoc
z%<0p%U+GH4c-S#9KB2EsORMnkVW*9wA^)I>Wmd6OJ{Y2uC{wLQCWK|G=-2tWkN7Q!
zfFX=FxM^!Xe=5#{yLa!Iu!d_GLV+QE!x4xO`G*f5$&H)0bew){g1_}iJs%*nh041K
zNyX<eMh1s`&V;zI-&I#_7w%o;a#cYN;yMI*<QznQ#P%T{>^I+hC;#97_rI(nv?~@;
zbj7w%9Au#1(n8?62xlwCd|Z<e!u&*qz?|PUtZVk+<3#L)n{P@*LxlN$`sv5E?-=hP
zBx3s@5`OmSC;ocVZ`Xxc-S3;a-`9OHlCo74b|KH%*OI>FsAE;Hd>z^t=NZPtkX9t}
zxfHXhe4*f7IquTqpoRZds!0WSLI`OE1wcZ`q2!A_DyE&5vFWQaap6-LIo&6!o5|Y3
zj%+T@%l`I;?C)&I_S%w^b~mjMhY32EIH=&)(cLSBVz-H8-F?Frp4-_opdz9^#V-1=
zU^wMWJgob_j_nMzj|F>S>?VFW73B(IuDpKT_PAQse|Jb_f7e9E&E+}S(g_j5yD-P9
zRr4;VSO{0MNlqpuGPvd9rYeqMcdRvRV<s+I9>Tt{Gg9pCm-61WtRrM(drfa35w@kv
zG?B4=U4S(&0tS~w^Np~D)7V6%>?XI?c4ZZgHzXYMY7JAeAVx%X^9rXB1dauLotxT{
z+Spjba&hB3JThdHY<vc;0ZcxgtJop23mbB|vm$A<Yz0S8z0aW!VgiDR$S0p%lPgy)
zTWH?F9Dw!iCh7NgM1084Y0{Gvi1i|S<~qUT%@Y1MIk6xPKm@>Kv8u<jySuYNEWq(}
zp=oP&JgZGEGzbO=14FTq6%`7t%5R@590B);D<HCOg$f`%G=qMGJaNeVhe<MAV^(c4
z;~ZT_Rc4NTfuQ)v7Hbl5qn1mOBMH{#m*%J=7dN~`Emn<OUvS1E%q~qh&L-&SMExA{
z)XmMy?b~<c*%MTf#lxC<*f)fcdRVn{*)_W4BI)cNkg2n$<=pg?oYD8Ok<sHhaiV$w
z1ebfTD!Y2UuzsiFUZq7CF!~3=Au;g|?x#m82qfZ3bu;zpj5MCt&dm$(kSdoOG<VU=
z%(Mv&5D(Co5VDSk3kwU2GOuIBzWxv67D5th)m?FwcRNi0v4S{yE+F(753kU#ks}Xz
z*{XIukkq<;&#CQO{<6)@Z4){Xx(N5sM^`UfF4Oc8g}4U+7s3zDx$T{88z)`JZ`H0L
zl}gq^gpo@PB2Fkwf^C3sgLEAS^YyuQ*xOl_J1R0&EvM?Ph1<jNg@-BWa~j796@uX&
z#WCp8YqwSM#__X<bm6@Fu&!gy5hW%ZSAA7k2|`ZvwhA?*g8IE9-Q@$^vg+x$Zb1~r
z!>#au>&cU6R;7J@ZbARPW_<#mv2fF*sECSt5X39a4d~JZH0Jj+0dT)$!ZAceR0GB?
z+s{Skbc4VRQEtokZB)1I?1X4OYEEsO2Pg`4;lhl3@x^B<R!><DJftDGefzEnX4oz)
z2V*}T{=mVC^c=XR7CXBH)v|*d_Oy;mNDqPSMY#XSsP^rNNo%KPDxBZfhdvNLasH!i
zu-rG91Mo1C&~cwmAP9gNe;ki_m-<FYr)&tW?c{!}7Jp!8D<R}<K>?5u(vm3CCB<Hy
z2n>u$_rREi0;Bk5r5wxF>T_9qeA{yC?QW=$u<%fJ*O#QKA{+AW;if59P|<I2%p7?T
z0td&ZlU#YZVyAR?=Uug;w^KFbiK;b;fXCU$v<t23lFh52Sc-G@I}~>48#$xf(k12H
zEpz@s=-FPKOU>PDPA-W3O_Vf-+a;;$%-L9#2E{;yLKI2q>K~Hcp$QW=_qNt#PunCy
zV#4tG_u)?QjSwXh5lcE=uDYTcEsh}^fZ1%bc+)I`)RN`m3ARm;mX>8{aaq=M!rMwP
z=<V&3>6s~6RWS;=g%Farroz+St~4z>eGm?+cg4<53&X=i1>sRhMvh!~!O74_lZf;l
z@FG`QeNyOzfl}GIC3h_++kV4mt)gMURaS->48nl92x~Q);K7}>w76)=&><2)7)gEG
z`T&*<@dn2QLM|qL5FD@^h!}-J!B1unIy$Thu&%=uyVz8reovQ~YnbdD(g-gmIdt*S
zA39Rsd&9@RY4Hd0^l6*H0S568A}R8S1tB$kehum58?M$FosgsYEY7FR4LtnVZ(3RH
zkd>pdWuKf?(eM2E8C}L%75|2%qvHkDf5UeA?Mden#DkYD6~^H1gWJdQb^2{iS1E-<
zXlDAH6-t0O_UIw{So8TGoOi9)4$&FTx-UNe)T*Jv9f>{#ab@=5L;2~}9Tg(BU6^F0
z>bKLaBco##a<L&?eR}4czE4`8MVKu_8uam}kJqKK?NUx0T_#*v5Zxd`qHqe_#m&G4
z1*d$66%i;n_fgb%9fS~%YQL8+U-XrRBNL7w&R~_#^?66RwANxf+?a=RaZZJF<TO2Z
zZ%PIEA?ee7OB0F)<lqcU2~qJY3*GMlvG|8mJ~vwUee`x7%cXNDV$4H7LO+Mdjq!0w
z#b^|QNxQHyu7=9L$QOuy5?rW><IF8Q72+IOc(W6N+;Z@6COE;$B^RZE{H&!)rQxt<
zy{KppI%^e|gA(^~Iae{*Dh>|~SkBfVeaE!{+lw(B;qMUX@;)>fq0QJg6q`c6P@H#g
zd!N&5>a>c7a1ZBvkr5|MyYUEu-_4(H%Pl=Gao*!x-S;AN?ghn5UN`9?JSMoNa;*mO
zIBE*#f0xu<h~jfCyFT$|{gQ-`4;2c4gpii>t6(>D>VotPja&Hcj*43QJ9$}q{zRVM
z{#Ksd`9?NX2!!CZ`s}{!tSv~bylY9<af=;g3o49FNO%8;boBJeur3Rqg`;p_TqhwD
z(~>O|ZLR}{o>lUw*26(hM(jg^-OVv>V)5S5*&{uJ12Ql+t~ZdV9NZxV{T*)BR_A7Y
z7zYxrm+Rp`wOT5Viw~2FRJ7D>jcaaFgu*E1ZbSv*kqH@`I49kGBPJ3e{5Ou1pjLU`
zgre7h3%Yg{0>ceFoMZ@7LIu6%oN}1BVDf;;I6~oW`0rs!2!#q0e@r@%cpTryq!j`I
z{(kDzDa$*Cs+kBs3W5QS@yPIyIm|3nu;N^N$T{@=_t&MYf^P@Hvi;<?Ug6VCe!9E6
ztx6^)I0$Y0?Qef0zxet~`Rub#Qi4j02Jo70!({Ruk!-^e8xn*wH%W2Frdr-J7auD9
zV&Zi{1)iKw2=4^IoW0WEZ*Wc_LHw=TcPvy3ZmveMHu*!y>HT|Ma!-XERFCcQZYof)
zaNxrWNWe7+7YSaqste_Y$ei_|ZHLbRQ_i_ojS@G!$w6UQnm^Eb4RQUOFWUn`|2ceR
zX-8u-Sreje-??kK!@9J;pVM;-lkK#l68ZYBUagv=6Js3mZ9RGV%);ss2A<2i%9S?W
zSu;52?Y@dus2B>T&uLVIzI;jk`Con`pIp0U6{3$HhUcrT*3u7EV#{rYFvIINezM{d
z5c;A_)KJg_+luoLV*=bn_%`+#|3>&B`eNP}s|e!_wrdZe#@c2xGt=^`U;e_v`G51P
zU+S_xRgu5LoKkS-q3sYFj4=ytqm3ktJ*(}~Ef+3cu)+lwE}l0xFp7E<bu5A4IypIR
z;l<zT`X4@gV7pfAa@Q3IH<sH^#Wp;Q*xz?!Bi0+ji_^GGuQ`{w{sV3;94izfLcZI<
z;W7E@i_hc>-H)qRugKXmr>vcxtGEbpcVhe}b3J1pmX{VyOvJh&5SP&wzTz!}du)Rh
zVbR}Ln~HD+5y^=gE?on@SFL`S*RbZ44>;8j_G;Gx+-Kx+@-7M`;9LyXA@pP9@4J4z
z-}*aT^2m#de*WY28!AxWwloc^tLx?fbfM_+fg(6TtPB6H?^EO-+LY|v2vx7qe;%p;
ze&gm%KQ>h4?%n%#EpP=loO>+29DAsv*JC)xaUP(`JBoVXySRp890?VP;j)FGj_V18
zMf5o=uWBy)0TY)YK%<{QEL=rVDt*xR=;0Ij>tFw-*Ot37hpN~r0HOjoiqZs^VdMV2
z8Pdyt;X@~Rx8h&=xQA3M;Z@UfH%kSO5Yhq)fP|2i44=8Eugm5F+}qib`Pmz?zr8N&
zDgdIg?)-xvRqR@m(%!agt;|bY-D>!LTu}jM<(Y-V=GVKVs=`oZe@B-$Y=YVT&ZY`;
zXH}pZRiVxeMWsDgK)|_gPIyyg6Ief)_bNfwigSofWco(W%7jjAQ4J5yJ-8ZCB&4*x
zAv>EZy8Sg<cWHM^g(OTOLp~);hKed;4(P<NAbGv{9T+<&gQw3+@5m|X>KnG-ArI5~
z^T$pU)nz&n(TBCRoBJ=xX%yLwJ*r`1qFd2-v=|%#X)r;6P<Kg%g!PRr6D=?qg*(QQ
z-bZdZ2y4Sc91b%i-HvP9^1QTb`LyO$q=ImO2}fEy3gRL1T79a5L9wf7MM02r2reT`
zbm6YB9AqMiJ0h>**2wUPxzSM75J~cX`OB|$vVX}YVaMlvnjE*@mc|K8m?S!v9wwLO
zuv}Y{eict4fFCB#;haP<7KjfJ4I$7$+-MMdql^h35El_T_H1s>++3y7Svd|6lOZa?
zJ&5C1Uw6&#i@bB*&JjO+EocJd0K}vnlX1Azdb+wThg%vrSP}Y)$upcZn0!BdIw$w<
z&zg``^8zHQjhg$*=MTfG5%PLT#V_Qin>lw*zWD4jbH~20@JGw7ZQK|1I}{MOapR^5
zfDjHKRyJ2OhS*;!U9;_kXyBYusD8WPgg$XjDU2297$|Z8;Svu3u3o(?Uw;0XT)cGA
zL_CBe0xajsm5bIkxK1Dp7-P_uRr}0HXV0))xG*ihR?+a|Yggs03abz(&zy1Fx$u0<
z=S9n#xPdTAjAa0V4#Yc%W_YlK{DXKP0oNWLQnYG2q^!XHmHoqy&8<yaUYCmIICh_Z
z`my}(cmHe;P9`QM%zXuSF500-MMvy2Dy?F_9y}<TP=xc;#FKp|=HYw}V<KK~M&=KU
z(OKIkh-7F_IB+qpXEQ!$>xY#5uZf0G&eZE@0si%4`Q@@XJ0@8FwiRHCEe{~voDkP=
zj-moOa-ZJ0bI*jfPzBdHrrj}Z+%H%8H4*LX{>Rqna@W;dXgtPc97bGYAKZT^fBMs3
z<+=8M2*0;)-7(P(pUq^7*4IP93!GyZlkeS|)$PyA15_N=Yc;}uG0tO|dGF{8*8)r7
z0k^GQyZ`_8?!(EA>)P}9MV!cC5Hl%Kk`*k6wRg+=_HFG}y?=hU{K}SO1yU4AF%CH#
zPR<EH<K5r6_jWfhm_RC6Zhb#4niM$$G#cF)^bhCUWACDDZOd)@*{U{l9fSHi{mg&)
zV$P~%_1dHXBy+Fkt*TkKk=o8{wV$(P`(H~xej=5n0U-JD%@7a(qY(fC80qY#8}7_I
zSL}_&>cTS%`8Jp4+|K%v|MP3N<^QZ97plBd3t%tP#Z9ktq3++TDt*(ZlKx_Cdu_po
zfP1dyzjkAJ&V`^Zb7PZdT%$E(Z}7SYalN6ugXxG0ol#0H5Z2ZkCqH&}n>IvIH!*eo
zio2r0AAZ}W&c0)<%xkZo`}^|&R7Z=#@B53UVgdHJ5f*B+{dTGidSd##yY#{D-OZ2x
zyG=z_WuU4f7oL6VHkMwxmAS`O1*j^6nrp^3qbm0QhR2jy`&>6Js^77F-lz{gUR}88
zjsJ%qyl-#dwGNg(`Cs$l)7tu)wOuPf)ZhnA)9b3La7Sx>W!C<w3l?2y=$9_m-x(T6
z5$>bzuJ{mP%wM?ZB1#p5x@ghG)a&^LyTH%vSgqUkOifO@8#k}n_nf<M-hJ@?d+x*E
zd|>Nvz0H33WjJCuMrsQ)x}eW&phn*+Eq83KK2>3)wV;lYDx9{rwk+(>J`GbyQ`nu^
zxuWA?XQyW^!umP|8pBngM_G;AqVE~J*!$(|=YRT^_~%mLsH$TX04X5X`dp(f_!KPY
zeEaCb4@0~B?NB+UKwUw*eyKHBRnrQybbD&+)0%T1_#jMykp=}QjC=F&PttQ(&wtmk
zu(Y)7zV{)=dk-G?bMT^t&lbv+XsCgze{BfC*%|vD4V`)R{Dp-JIu_N!o2F3fHAdTe
z`O0Mr^ndfgd+xjs%+eI<L_e=ok$nATXv<ZruQpTnbLrAMR%!P?|MEZFZ$JIS);_y*
z@sjPs6mV?cx@8|K>6gwKty89bs8cL`fTeZx^je~T^G^yQeF&+)JG6KFYto)S*7f}w
z*0Q>?<~shvvh&xjyH7s;(Ea<r|1b9+|M7oqLaM?-4dI&b&x5wvs&yNorC#B!Ue^?;
z?8Me;{nD_Xt5>eL_us$mKK=B!?$b{`w&6w!Ne2(9nr(}g1kgFF*I9kPh9kMW_3~di
z1ax^=mX*T5!S&PLzM}WE^n9ghvRcw&&+XberwY5CKby4)w5r(C2Q!O{i{WQ#sfD;!
z%3{-VqN>2KHfs8Cr}!Fc<FyIWH4Ag?eU^WHp0lv8=R>_G_6_=QO~3Sdan}F*Of9$i
zxvqVt4|~4(=8pfqIa{|+A1LU!*9Qp-ja4z4+GcgW>F0>f4Sk?vmE3+`&%a)<b3C=X
zi(bR@0i7nBZ~E6Xh5S0N_1N?QQf6()jrhLq=dalOr5YGK5?kE$d=|mBbL=VrM<D<N
zFp^qj)lRg%zG&^Tub<p;YjaP0K(_6}vaaiO!f*vmS+(}9_Qc5B(YkvI{#5<9=>xKU
z@4#+P14BA{TlS`<+4?tse^b`N*|0aBjW8I*ZsAQYI^y(BYem+&H`W;JZ?omj_yF+C
z`O8-Qckaq<x4ty%mS!Ki>G`Yv&G^0z3fWwqx5~zDXD_VJ<S!Og1$qA3`!-EjEzMUy
z_=CIg$zR<0tJnQwIB;_hzjAxq>(&ar^74BdgrfGkdb5?c7FS7F06PpzQN_#FR@Xu#
zt=G4>v|@{wUoH*o(1oei!O{h=CLU^<pehJ7Nmi3Ub+Ms!!M^$CuDj<i9JEH!#@c-R
z?#ymiRT5Uk;=>4C$g0&*>k6fIDBXry^R&K@*6>pWkXlI>7gv0+IA;|FR^=2ID_0AW
zf{+_GuKA1mi*`YrZY#ZsPVGN~6?C<MwWEH>GyA58#i*~Z9s0v)#f6i8?00M(Iqhey
z4fgo)6KiqQO(;Ooh1V$BFIvw}>ockSR~L~AE<%NgZntmYx-Q^42fG%6>uVL-q>$#Q
zZBr1ryS-}{q#F9L601Fn$9|ffRXgFoPx|_kZ~tdGlk*DOLx1Vg;ENrryxesUANKuu
z^KP6ld(qlv%XD7oT>0pu-&h5o!XXWgP`lr{4|x>QYJJTV0ABDH|L1g``r|<7hrU<U
zK;_ApDL6^%V;!fs2-Vjqd~VzGstVFgA0X=-R-mQZ`HK(T%2j|03G_=<Z?|v1Yr&Ml
zglErZZM!vuKpzgMYR;Ae&^G&UOG^#B@58^d)@FG48Qbz-ul>-qYPrmQ?&vY;bxPr<
zf;$b|(BoI-o+_5p?dadMKNMQ(HBQxiYIj#Ssn%+}rs)Tdf<(1T>w|?q|M^cgMOl?k
z!>y^R@KVK-CaJ2jv2(Ct&#w($@UL|@d`PM9)%})(eC;QNimEWwV^&D3!5#{6R6VQ8
zE(P>j+f>`27JsdS_{Tr~&W@AeYD)z%IxZCGsLemL-mCSqmA790EB_b^^AY-15w7;=
zS}3Ipt+CG82TyOh1o7J_x3MbRvk=<{UwSPq+BrkGJpA)#R10jHFnsJZ?xD&#-LLLX
z9~`6)W>O`6d3gp4DgC(-+Q)Zo-N_WhrEN^dWTUh!hdwAs_ovr&z4j~QwATwCfYxip
z&)ITdRelWGmasfQX~6~(twT~}YtLG}yZQ9r@Vqzx7>NK7z(@ysJ8oxV+3oFY_)zPS
zTlPWO?%M3oSE+SVYrwR_q}#koAXN9+Cz6^BtZF)2^DVsD+~0cb7M^}<Az#n`d&381
z8WJ)-ea?RAy=3>GZ5L*`Kr7yKo>sATjV+R0b9Nu?asNiO<y>p*s{b|NCT7mLvB?=X
zbLoZ;G!OiJ?puYU+LJXcHGHDoaP6rx{%dZ!>2nv|<jh5P?&>Xf{<{C~8RtX9hU@HZ
zyWRB_8;a69(8BO_*RMC@BGJ`*7iQ114Ri?=0;*V9Sg6~Zd|gBiuM1bcuu!0&3uCoE
zsqIwXuWCG9w5p0g>;CCtxV*T&!aKD)DrnLI_1$h}3-fCYzjFSNE|zrRaO>txck}vn
zx8yH~b&<Zky=8Bbb>Tba13-PRTI_}^VMO86o)31%C&n$H7%Nr9>EgfLiY<U~T_t;l
z`-gT?9*{Jxy{>WSqFa?nx^N1U8{IMcyKa?>!`~lT5u5gJx~Mu;NM={Ub*sA6MV$f_
ztwW`dR3Sr{QaYL*%g$~HkhH*ix@fhQ?^<Xn)ML?k>-u|cd#hs?jXEAu8{6njs#ztW
zo~xHHU)t^Jdpb4^^(5(If?|J%cE+ad^Rh-Oe7I0APxv0Of9zs-#P{d>yV=P1_duZI
zPA?1usM~EdOA9sG5DdRR)hZa)C{536QArmn%`}0w=L4`X<y9@aI+hg(>9`)Q<kUXV
zFI}8pc;|vYC$3o)t}4b9Kxn-vRsZPw&z+mGD%#<2PZydBh|~tIb>=i3SLac&?Qv3P
zGYo7QeCgAFw5$SLfr36r+Syun_wGHgU|)~<{Q2`X=wj4ytg0gY(gz3%ur@bCW$DIN
zs2<Wea>0MU9{W}QK|u4E#jg}3s@?E=AAD;)z@_CSJN|UHseN57)(U5|zlOI*uVMP7
z^F{kg;h$bJ=H}jaYjG_>RV-?X`1NboZL+w+$>IH}3w2ey>UC4c{L1p83$J_i7>e(P
zKyQ8BKJ9(yTT@%}c0>^kQjS!qa`d2dQ2~__1+mdf0)#FiC4?dnq=q7(pkM=}i}Zxh
z6FQ*?96>q+2pvR(5IRX9g*WGY{*B-MG#~a_d#-iOtUYV)nRRPjnB$$zp~U0#7QgAX
z3GvMC43-if3$3qVw~6CuN(S2VKK3s@e9~*F7+st2$!}|2D<>4Nz<<u#sQBy1o)rjO
zzCGjhD%Vx)tMiRY<kD9;&KE7Wv<!N39HcQB(8Z8*_<&|omY2GTDqu~JYU4e~1KaSP
z&iE9P5$G7g9P*PSMDr{<0@nnU3*lq)BsXj{{mqZF=<EH(;Y~}czJJcKvoA-ih=93b
zzQK;K34%J^6L2IRI&v4}0xx;(U?6socW}mxweSzPrsyjn?m~(#7$6$^pA(BGs?4x9
zi%7JKz7t$g%p8=TZi>klU-9Tx=(%W5Iogdpu0mmz0=mtm)4`2jx1e<AiTLN}3aR+O
zw1KRkCu_>HVnIg8S(MhjEuK(q^sGMtC<f^Vxn9t1=<R@XRH2$T?~Rt~p{IG^eL(R+
z$Ai3)pPXn&ZwTti4A%3mQAeV5H=TT;t^&+m2~CB+f6bSNQ}^@^j38iIBi3<n;I4xo
ze$x#tax_)A{r5RLv&m%@S#=nszxt_ABn<JvZ>$nvKlJC@yli{7uc=4{o7N+UYUw;G
zW|#Y<CrKW*-whG+%m9XTJ8q+@yCiR{4#*A|=T=>EM<Tm(Ol-f*_@u?fyagTyfc*U{
zW~2CC4Q6Y@?mfH>_&ITGenybmUgC0H$S<}x;lY^@Ue1?=)3+Wd;qQtau_h@K?t%j6
zxjMg@X$W)Ng=Z;?)+&GEI1Sz<OK&tSbC5#LQ7yF#7fM3E27)pX$5;l-KC4JR-TvAp
zne=xhDd|%e;#VME5_R2@WQ~gRyF|FC84xajzx=9D##fTpE(3U+k;l2^uCL#>y#wnp
z){1ywQlQ1ux0<v9(lQXL_K><t4G9(Or7MozTRRn9p8i%s#iuQ1nuGh3G&pq*T%?K#
zZ%3IWU3)VPC#M6l<AIZEm9Cbq^S!+pp_GkSPD5aUY`D8AF942S>NpPZ3YKwcwe9V6
z-&d%SS2J44P7hwFV>aSvYfg@LcGlWEYqzM{=5I!WTK8q5y{)F7k}G>&AyEOALxl%i
zcv_FuCc2^(cg=J)nnFeK9d9D3LppbdT(WX9aAYz4#dso2D8u~@3U!*g6cXvYe((xD
zIJUq4FSC>k;mqH(sK}ljFb?@F?2Y=iEgd0V;mGp|>2nD18H0Jc+qXWW`ssgaVGdSG
zN{@Kjw?oPR<A{=veq&U0tVK#23OMeM79QIVn>x0-2vDpuT#vb^bYpnm=d>7eyS)$$
zh*R+eVFd?XMM)f4Ob?7(?mW+XR`XYU#LWm_T3Ug>isb}W?~%qFcB2304~<iwV!**3
zzOPZ{SVAsGL*+Xo%~sENhs?zFLqUgizh_g{#E(&nLTjrJ8gn0<dp1w=pLhJw95@^6
zdaC-?LXp+F10XV=pMB8uI2aem96<wHW3r970pk5bzhN;qjoXzunEKBfA!O?Gj=*Nz
z@h=-CB-%R&Hme4Oqfd=BrJHiz+Kj2cHZ`D3*o$th3$_?dCLPlvw=VWoJPaJx*15fm
z%$AcsM}JrWc;;g~?SdF?UIpErw+<oKg^%}Z(>hw3j~i?=k?SWvSgu&2pOJjbTQ8n<
zHkl{>1^%(i%zp^cF9PT$uENYB>?bd;XcVI)9w8yLZFU?lXedaeFudU94RB<cb=N(+
zL_?WxvY+D;FKb+rRGlqX4j_`bcfPG`Q?3BNTJi*Ju})Gwz2~CO+0zsPGI#GiZ1go2
z;yEf*%St+`)wW;wV-#FG{R4fmH^nBVZZYW@Siw)sGhLWehp<Jq=g3Nm<W0HXxkC4Y
zKZ*56A<Qp+1GY`q`4BTaQ5@p>DUN+ClF&y_Om(I4bC6H2AsshXE5!A#%x2|_?gOx;
zR7e<$KCaI4jF{^`8q(|ez|noJv^ITyb7A@4W5G>1<!EoZCXTR1eX)>-Cv`EyvrKnJ
zs+dsk__=Am!NsW5yF=$W_3HLyqmUqDud(ow#-f?0neuKUdv|DA-Q1vKv6-zkh6hwX
z69vHb-$4o%uon4{mBPaeR-7^rqc+L)+~Si(aMPr3pYu^pghcAjfkx0wXZ*aaYdWF8
zqOxGEaHXOyVZr)#0F9$HY%Z1$QJXrye8q&>I-6V}paz?_8n+`}=~RmL1VgTYw7SNN
zCJ3;2DId?ev5I1r#PRgJjz7Dmq>$c|=6HB<yBvgPkPzV`Nhw$?cp9lLGc%9u0S&q=
zANQn6iH@V(Q_`S%LqeUR9m|Row?ol$@RY^i;{mRB^V%;La<syqr&Q~Y`*-5*<&|@o
z$10-&7<;*_KdfnKB&gDH1XmJxyJesV*H&L8>|NN_&`iEFkjmgvzq6%7-{7W_Tj;{4
z<gJYct%L;g{KM=arr);Fd3>b|Qc*{#0CWne*eUSb!qxlG?UzR@HGako^-(%7cg>Bk
zJz?wm0v(K^KU#GK0x;_=!DOE?xcLut;=-@_p(EHhvL)wa<fs4q<uSR;8Jdm%vL~WI
z=$+<U%(jOYYy2z@i4lIP0UND>eE50#HO=5fU0v()Z|QKMxzBX^a7J{-`5Cd?0D&8B
z;eUSD<q7EW7n|HsbH8jLba@SDf|kBAQhL6G9AFRefoh=9J-Ye3L!JEcUC@-A8j3Ts
z6>s66+2`-=M~MnWtXAlpV$6`sl<NoXp#X;Cx8<742$_?^xyo+d?T+8q|E`|k5y_Pf
z+m7NqwbdHhsr!$leB<jcqPdlka2jF^s8#eH>wq%fF?nzQeqT@jOVOqEr}yEBo{l4T
z9zgjW>nc(;!TC1h2In#oxW9DTO3dAi*BGc#aiBRZ_*2KN=IbZ86WM3b%Af^hhnGFG
z^$}|L*Yh<A`TWhX2Z*PC)N2inRQVraZqw<KnfL8@+X8HbQ-Are3Ap<_3#~NEP)of5
zq0qPX;|a44R7(s<{ok+iKytGt3Sp1+w{Cw;IKlYS$+If$yQagt%Q=k&G|TGCmrc$Q
zAK9kOdmj#80SbzgxxOUGYpMNZ?TF&n;JhGwUs1)@wkpRFvs0An3%lU26tsVMqdo`P
zC<?SF<x?z?=PR!?#Z1d_MyhEnz2U|LXD4B!=x=Xp^(xjdG5k3HYZCQ25I;w`vN8YS
zX(R5rcnG_qKkE?wh%_qM_)n~u4r7#B;t7KXP7R#J4q|L<*S>)fC?!b1OljjFG16r_
z!Y<`?&Zlcp0X-cyMyrh91NNHpmTD!_4S}R0?YMn*X=I*$rAv=j73^u`1%;aykBVF#
z!v77)@tOjJGEiZmn<szH+no7=>I1i@rv6njVN#xf?Hz5o7WP1<?({jitKp14Z|KP5
z;|f;bx@Klv)&XJ{Ufb4wTsbvA-G8M9m0>*iro$4<p>Pw7t;V@1;&fUcBMST<8c3A5
z(gw0aH@8@7Jw>IdX+|aS>K<74b%t4Jkpn3;jp4tc7Z6_mZB~PvYl8JG4!@4VQm=;a
zwjvpmITJm}IgNNaU>kN!EcSI=eN4MRU^Axh#*7jX??TSJCF!*XdAj`*cC^E@Wg$Oq
z?DlnOP>3Wr9dDn#oo8^Aev@&J7jW(pJ3C@d;8qG{j+r~be*FQKI{<OU3K4!sI!)<u
z+}Y8Aup1C@3<}!qHembm8~^stuDyZP$a0c@@<4>PAq6Xw*b?<5QDeL=)k*)&f$8nf
zU2Q5}#*>!C2%IQCAu-DW4-5a^zcS%{xI*=wijO35*OV7i9@8^KoeG0Ig)GaphKJ&R
z#zsDBj}@-A%FO0yjg9@M$$GrePmJRm!2!&Zt(_UG7O`Qq<MK#kV|Fu2Jm<L>!F;UC
zeL`0ad}%ExR+~F95x2l1+tx9tc(;^mavQfi?nW7jP(<c5HK#Y*J0EWLso-${)Ak?z
z;u>MRYyy&u-p+f1!s}^L`5hp%7&)2vQ1x?y64;}qxO%MmQ?_qadXZJC!VUAnFP!&h
zbFlSP7q#CzLXp_!j_a85IyPxKWP(tpYchB*okM=M9QyJgOx_L%Pg;3W-p*ByV@7yr
z)-44*#7Mg9Ny~=QCd4EZ^9~9LO!cc}!;xGV(sN7|B1=+)CfLXO84Va;avL;xeCBaH
z<zSIf;Vz)aBU9yT=3J%i*23@Gg<90GQs6L<P7P|D{RXX_kksm~_WBiWjkR_0?Sy}%
z^jSGu_jMOxgB<aQe%THAnU<j@{)tL2$zbnS3zts$1D9@o*I%4s()lpvCMh0Ji_vH{
zNBrsur!vp6kmwlck@^vma~OGhu`o5f()E;=QMIIa-0)G6D`|Mj_Z)KmhECKt|NBf0
zAE*KO*R$uVw8sIVDDTm&!SMRyg{FAn4N&;e&sio#Q+(#Hf#M-v=~V1{(fzGhVY{Y!
zO2r9(l}@qrt+{6Bo}vA8Iaq1-%a|Yk66+ET3^rLY@!kkZVN)p8R+^<<>wih&le6vq
z-X%WN9s6l%DuYWw{ctKb6gUj0#UDHAJEED_)zp{|K-@xcI(vD?bwRB)C^DOfx?Y5(
zD$n4K^4C<{GF#-A$zB#-LXlhjUShO$+oY`;#6Cr?_y3aQ-C-lNfE$)?+>-Q!+C2VC
z<10b3UzwI|cD!z`t_!PkPP{u2c6W@@t}hz-{!l|T)4*T&lzLD1Zj^-QaNyKiJU_3<
zXF`W%>+3KBVb&VO&i$#Dyh@c?Bhd)WTl*u5wPkstmd3~lW$uepkAB!obLhNi66a>Y
zrqvIvNSp*-l?d?dHKS(m?sz9>Lr3IzimP;)hwf@QnA>A9IMx6-dec&m<e3c$(lHi>
z$Ff=SYLlj@$x`&YK2y<eb<2j_O^D&B-ADJ>`8*VOxWsdVc!1vgWTNvzfweWzpM~WP
z#N-tw{u;Wj^;}P!jk$e&JnEyg@RBlv8WrTw**~!`52DXR^MZ+`OZ(mLNWvUfow71=
zsu5Z|Tthe%90E2FgPxZkKh5_ydUID~6gVCrje1nprLpZc*k5lXJ@oSk?r5$yOEG4!
zc89+BGX7j0ZxiH^fBC!4iqtIUTXmNlC|dtisfHD;bE>3e3HKoDQjAj0qQt~^7+A!E
zzuiR|=+1*%TYHRVKy4lO@~obdSmC6YPg5c)@DLa#m80OOZRh=FzO-~ArLz$vRV$5e
z2^y4d7F;j6zW?G}tlF#l$>c5ru!u6zKYt5`?&t;0Gkx<nD^1(ei1L9mC1S?+@^!yi
z{>aBlsTnSIZDcXaUGg1??7~Or;9hjBz6p79c(&w)0kW>Kab1|fg0vMa7i7jiD!xFo
z7_76cxD+z*+i|ezN^&kSH&C^>7lf4~9okohSGj_7n0ak#wT;3S_vr5`Bdo+4ual(F
zNqpHzsEDaEbp@S<IokRL%25-2`Zr|PW;~zoW}ue}y{EX%V0C0xbDp>@sjcCeY;_Cm
zX$n?Y&oY~&4a8o7oGn@HiTgqGcj!SS*>H2%%Ux8#E@&vx_@WGiWAr3rGQ1hzx!yIJ
zfdAO<Oo#Qw)5XPYSrS>bl?Epby}}0&s(FxAoc!+%24%1U1s1yKscp`g7PK|DcVbyV
z<M@fd`&A_gNTN@^w#x}vV?E)8AVTYqY{vf2XQ*{S>+%-%J|%-{;psc8m4v^?8pAwA
zyi+*HW<8&A1{hpM0Bg$axDw|Wiwt=y_X;&$yyR~?IN>=8i_@jTrCC$&dGXpnKm~oG
zdA>Z%Yc-Wve~?l9=69+5&Q;VAm{z*FzBhQh$mWPv$ozv@n-+%|7<Yz2$vCATGw_P%
z-4^dL&+PiaY>agJX$C)wdGicw&Ky)0#h&`0k&?6Db{ZLAV375;#FHyh=2Rr$!N}dW
zwUp1Xrw@*j$3~#FC#Snwh@yx(hWHoBIy~0>7>93J#94{h1tEK~@e~JlE}V?Ss^VKO
zTB1F7z){{u6+7p+M5DmV-Qy7t=7P*t(jXhCl<R3B67~Enj9ZH0fO4BgngcN;R*a$=
zx&@j|3`GVR)KF&$)v}l3J-W*0ad}rZt;Tc;T=Hi<CtD{n0+?RYr6+0Z>r=Ul9Gb&C
z?sW@E%a`sNh-{*=svZ|tfvucBp-y3CQ<YhI7mK**KXcq3iyV34e};(ZEOsVMWP1BK
z&)L63{OCweQ~B+6^t<7ubNN?~u<PgOrjsR}I@lq(XHyiJK?CXMrSgwt+H2fu2*UL(
z4NlZO+G8a{041s?flqCmQevvN_#WjeSpDaljmR(5_3B=0t5?_M7#3&zdgA#q$`6^H
zJ)4^=iNeqR=-R>SfKpg;o>-|+5pY^FnE7&ZGOy*Ao>{EVodR%sf!ZxKPB7`0oT%yD
zyhx*I!J_o_X3rGe#`aZ(v@|TD198;$@VIfK^9oi{{_WK36Q5a(v8_wmppc)C^ykx)
zcbau_9TY;GwKd?$(So)U1CC|xxoe_l+P8u=PYb@6f63fzq6>2%G@F!P#rJFd6b*iy
zf4*MP?q5=bpaiP=iStheBbq$TZhIuER<7uY8-;_L3JI#`w2xQd6E0`TxI40f5o@=H
zClV=GvJdtq-l10A7%UHMdWL$A&h=d^l)u5_RMjqNyLq@#7Hf@DU)rw)`CLcS%w5sC
zkXSvS>%rEdQ0axuzQT(d<>Br^GU=p^pqV39s-#Arftu#lO(CoCGXDyP=~mN{qXErT
zc*w^7uK>GG)jrNe(IHH8dd<L_Ez5&dYPuBZ+x!)qtu}%oPp4Z3!tg5Ff!01|9|LQI
z{#CdPp_Qy&CJ71sa$O6<$y=lElaJoN=s5<0(=twLlLp;dyk}aO<&xA-76Q1iNZt0D
z8>m)p(iacMjl<P@c^j>K?FR-a{{kBcPibW?&K`cl5d#IeJT}NX$E-1PH>KU9uXk4i
zKw)I&0cR-OOsK|TG~lfV85G|36}ajl-R5DWs~!K2cH~HveruQ%?<^0@R!a$*+Y-R!
z(+(zr6eBZpkt-kuFeV^_?9s%dUF@NY0>4=g{GOUR8N_n^mx6|_9puI5j0X8QP*>Lr
zko}slPF-0htnU@i#q`=s4`iZ}c(ezByWk(Uwy25GMD`WhBeQ!I!MM%&Iq0McGp7ad
zr&+?<pz^7C7yM2TyA#-xC+v|qFLzY#XkK8#GJV$A>yQUFi`bn=_*Ok~qOIx-;Dkge
z#L(yr{`e|ssu1CXCRZPCPK;!js&OAf9KyC#o(FAIAT+FIeimkyA8z(|ug`F1W?1=*
zm8ofv#_gzI7soJV)NR)F0hUz_;&o-WWpLzc?YB^jwTm$Zv~zMaL@{IJ)DlGV*KMv)
zwI*`RY|^xKFdW_s+Z&ug$2&Hrq$SU=DJ>Mfy?H*K$V#%@cnXg2n2&>iV*^otk9L)#
zti5_mh%{MQc!DpKVJFfGG#7le#t}LJHPpLiCN8yMW*}qhHMl>B<<JB7TzzEfTbSs`
z8RG2e+!uHHCd0oRC50wdt1VG583rj<D2SbnLlw4lWUrK5mHNG6i-?fhAG%`~>i4e3
zUV1@p%wqhr_l+zCU`q!@egk#Le@_VB*ftj1bo%Di%R>=Ecyzy?pYsn4jeJJtaqyCh
z0v<DN-Bs{)=L6p}K~s_rc&GSBi`YOOy$bN%$Hm&M=63aYcPG(TEN$2%^J*lR`zue_
zcCv=oa+J0RaLdc--(6Jf1yB8RP-mkd8H%WwM>sww_VXHt{$gHH4@y5&9<nC4k%1H{
zdhdxR?ujeJCM!IzL}go-x-6FCrDGL|4xAaNpXRU8YBC4Sr5%QYg{Yzp9BJijD!j?j
z-f)d1r7ksvumSwR-_P61A=vHH?U5Bdd2Pe;G4R_lM{kr?DS<6G&YBQqA@e{NY_1Ui
z`=oy8d^x`X62C!h(0wS9{ATyibnZ6RT1{A1E52e_9qnmyr9}S0b7ocXvNdTkJN>rH
zc;veWUpCmd^4_CqSEUA&bxlHzY3!HOS3|MIMJF`G1~+!lKvTN4ZN9Ia%>Md%qvUk9
z_Z8&a-o+sIwnwexmKXXS^8>0a&r5b~MH+#-UOab?m$dvTZzc6g*NyA)$>u59l;TY*
zq2wbeZ7Fy~PK}~M-Gauhd<8LYSpx&MZXTF~y_!!O45P7c^(TJ36M;RQt8@8G3~x6%
zP^rZm>++?5iK1Htu5(LEwT2w@4uEYZ2vR<467oStF#3iBd6ll;r+76h5X)~Zr!}E7
zd{~h82xUDU@whW?|4X1&X$#n~V&c5yaY&Bf+w#)g+EFD*1HV~(!fA&?e+O<*S&gEW
zvE-hInC~Dls`F{vK|L#8sr>Gl*SR(kjDy7GT3Fwk?|ITt-OJ^4E<iCj^UIf|D`Js)
zjW*NFtd6d9XeSYJVsu+XRb-y|-9BO~XmbQJ-<X-p%4`awTWF{UcVl}p%hfjL&jofI
zMV3C1DU12Y13n?lbi<D5?t428ZwbC0Q*`o5j^83q{X5f&pPaVN@E^o8(YB_2TQe@y
zqa8`KY3<f}JOw*cKJJTuu#$LGtL%VrFa(?vS$|jW6w#^tag_Qhc9P@==!mduMuOt}
zm{Dgl-h?knig=IVi|Ir9K9|Z@pOLbrm}ARBk@cw#Dwu{eo0p^S^n}MK_0m^*)=49O
z9|QmD1M8MPy`Q}21PTkEC~82EMU4dnNRU!7;olSRsn#JJF5~dxsaS|Qm>_#<i?8{E
zN$z^_drSOCSNIXtwEa9mw-)|}bRuv$<HZ$Db7$nf7buSIZd>_5$|odiP1j~xJT5n2
zX}N#KEb-l{($c%_Foj6>p0AfBPxjY$I|4;JS(C|nXFR)tgMU(rmsK{l;xKX^J@>Sf
z&F>b#jXr%*`>u~q(<`aP>%AXMqKAe#Wp`MrelFTCO02wDO0}d<Bk`@q(_fNoW*upB
z5mkt1GY;fWqZ?bhtVehSnpZa)Zjh>($1ov-k8hm%UJCn(8d%EsyvPdmbBv{%h-7+9
z!<E`;q4|Q8xYF)yhV_NHqWl73+^*jz2aS>2pNkmk%eeSOp1^5VKv`<M)~{8B1khzX
zE~I=3_E1drg=LdlgZ#CuCd|l=kVD`8`~hvRz)ae!siMauZG>60Y}XzhLLRONVC4M1
z%|p)@qCU2Mh?R2W5?^7OOMCTKbiEihw$rf0!!$QeeyC0Ql2j3*J+Fd~YeQ>cAcLjh
zP6ZRC4{mIX(z03)+oTub<?zarN7$B12QSguvHl4mDVnLzqnd~XfRpHni;*89QUTWv
zD)kY6x#@8s$avDbvq6;J(9Na(<e4V?@%&~l7t;6B4UyUXhD7g?V<2oBrc`YD#<DJU
zr*n+AX+HteEPV30GVY9<^NC|cLjhjo=5HjVFcJC*dwQ{v7@+~#po&mgzuD+Ai6G)o
zpN&mZHUu4r?6`aiM*kynrb~Ccs|ztmr0f3Ezs<V9+A`HIKHIO)*|*4D5ipz+f4yZl
z{Mo}9%GH&?@i5adcRs@+GIjs=VcWYoV~?o}n*&kxLjE39{ga+lsFwx!*8;o{H-L-f
zZd@>Q#<A=Y7r)5Msd3((d2sxi>|+yJLU?94KMl$g(zbVc1#FD5(3)c-5Ft0_9kP+7
z2}NN|YtfgnFNuCmb>U-s0zOT{19}6W28zc{XF_Gk*2Bdd<^JE9-+Q0n@wQ}$7gYj_
zR~vdb9Wuk>)jL1pFO8$pVkbvg#(854xFq80yLyuh;iIcxZ^^$F<@Hj0J4g*xnKNNk
zY(A^HOiUV#Ybh^s`KNZH2riACHPTes2yB3eLxWz7;o`Symes<{*06fh4muU{&*)rr
z4+p`(1d}@&9f(4gTQ#}d&W@>rE2G{9Hg~K#b(E5_FHsEe_3^Acrup2lPord4MAcry
z)a#y!3b(_AT~*UC_tAe9?qsUI(m{O`qgA~F?v4y5Zr^jEIsIdq;8v9|DS6n=&$b6M
z_Y<eL2L&Kh6Qplv&5hdMmL;|5rsttEajy)s@f!p74J!lot**#oN48Ov5z%v=O;u-^
zQjOx6wyV#stB+nLp$h9Z@6e67!AGo)>S9zyi#<1tmx7x~;$t*&g|Y#ae#`(UFqDN4
zBBafX?9sjb*HW-oixY>JcqS@psX+zpgzv-fWu`#uar{isA$2q?e67J?cI^so^t1G`
znX?V@J1CjR$Be?8q`y3}MEcqu_4pjyB2EYe`He+rdgG;ZD1Aa_WyVS+{X(xWXFVi>
zHYEc=51GtubFM2JTl;l~%i6P~w#C)`U*w-wF1`<E^^U*bgEQZ|?;~Q>m-BHAj20hX
z6XuAjH814!=BiP0a^6IqOmT2gFXmehc~)b-+#<piUoxY)&*#(P*gO3Jbutkz78nGE
zL}WjaK3yQc9ma1ECTTn#iTeDrL!-fQxV*!p<j(^+luyk_?Ytm>-C?14T(^joKe2F=
z9icG<cv`{<WA;W|n`&jxOoYy(nkOA>eG^Sc-h=Tz7OTn)<O5gw-sG>he8+QDeKnNH
zSFj_;cinGcg@k)89bKUHmKI=_mk|h)jjM4Tj|<flXAca|xL-Ep17B?5JCUaJ(k>mj
z#LHm1i~blmN?<zFm8QFu5sMx8g5C@N^>Db?O~erTXbu$zrG)Xy8*%lk+$RNdLx&0B
z_s{&L_7t2<XeOnhAoMG7g4ifPooMUgE@a5CE)#1|2kt|sY#fuEx8tGAUXk}7<)2hD
zcBp)Cs|F!$>`YO7sug>0hbkeb-}$x&|HPfEyOCpAXg>EGoq#f-^=PX5N;_-v%_mD}
zT>NThBY<1`!(4b06E|0IP#Gq^7_q+d64sNr7a{jkffCdbQU6rKQZ=quSqb!Y`9~LI
zXIK3<vV0<9ft9oxCs`Ad5_8BZ=b7vAgTL-XW)sCa?;yxS6euw%fAHNdr>pAZ<=l_3
zl#gAvwbz3Ur|rwL?)10HZBDGLI<kD2e{Zj+<&5S_=^cIv+^I*U>8)wp>P~Q}S6vd-
z@wQE1ntNFd=VZ#un=~FX%(@`+5kwUmvlSv}Hzt+%8h(MP<?2)Eh;q7h^YN;+`#&m5
z`KJDa^JUsDxmSul?@y$rF1dZs$uf;~H0hK7p31B(X!oUY0eljKodB1ZGcZ7EVJcB^
z&nJZU<{LANvC)KBrk}u#)!8Y9y4eQU)|BN!X^qJ2RG&sT;MU5?Hb0Hv-_fvS6XHz=
zFqeD*H>Qiu!qs|DwDK_sv+V;#><alA-V;t0(^d0UzjL7r^(!au8nOECXyTM)&X{I?
zmSy6W^tT_&2mk=ILT+ge!KjKxVD}O<8#mxpb9;NSy<}Yh8sqnId+I()eT%P_mIksj
z$a936sO6r^iOmbXg886O3pgnn3%m=!8^(v!GK#;_#mn(IHicgaf5bDtyjUJ}o9*r>
ziw#FfNn~bFd<Z>Wvx=B|g|Wm=4tB7z+ZQ$zR9Uy|1Jh89YsHg!5p|dmQ>C^{g$kuJ
zGY2xxTTY`wFq7EcH|+`MfB?3dR#pxXGU4^b&PpEjDTK2);ABXNtP(MX+(cGSLMbbu
zKJ36$O=GiI%B;?|n*kyy=8=uo03&xa1nKeeJ;o&aAl_RXFvlyz&UzfVK>$SY%OcRM
zkv3kKZS|XPN)u1Wtr;_`ojPEa+#d_DL;g4p)HG)P1+U6y!Q1&aMN(YC`Q*6}d-~S3
zzpw()_rTl;-Y`JDRjti<g7Em*lSfBffV*mii+6$an>#j`Hq<$<uCvRXp9+#~c_Y``
z9MjB{8dp%myQ&uDG;Tdm0;qW9?%e7Bl=-igas;FXP&9CMvg1NYPpnkSwXVnjAC~u6
zI&jJ1hoh#Yt@D43Cm#H}B<2GEELeS$Mp1Mh3Czjf^jZq)By3sQR&w04B?Y?Mn-QLO
z`o-CX*9Za-cZ3-SyUx-rQClB0v~lcx=B+OGwMfTWDC<~;Rs%U>v|AZ?0{LoDyz`_m
z*|lnMJ^Z*2`{dB+9SQ^h$SY%hrV==R#^30|bAxSL!X_;;__N~r3uNwiWaD0-x7);g
zOH%8L9BFNh?o2jI;H~v|#Qe5?xk!A-AFBy@K&T(Tk&3ja{?~I0Jr4k97DW2zu8t?j
z<s3Xv;$3i0Ez(<mH&U|pZKbmOr2x3kqUGDJ%0J<Y??Q$NH?|*SZ}R~npC~}pMw6NK
zpI>*R)1>rHd~Lb1v*>sO!(&}x6YJEHI#>LCVX*fMN&n2F5{t)q^OspjPp%;6*I7nW
z106>Zgda;Wzr4>Kb=(=BYAc|c={*N5^xXYVlk(b^IP6K7Qd{Fmwq42bm>ep}RyBr&
zx0Uk&NC(@i&u{FVaH8?6Vq`>h49aXCSziK_DQfE2ouPJAE$yl?%nux)(<*&O!G-fB
z2Qs%G02r3+)n(i0!kLrs>~d@STV?FdTM%dD(bky$&}%*2%SL=`vl}QZG&1G%NEch(
zh0K@zd9v2^Ud8e#_Dw5};)puEA<{2v$vQzRRXufzJr(;YxpwsDe^MlnjVS$3lz$80
z|DRNHjpOeBq^}+S`#b>fe=q*u^8BAs{C}_bKUdhm0}#9-Jt&@}w*OY-vA*&Ba$TqB
F{|Ej))*=7^

diff --git a/apps/web/app/page.tsx b/apps/web/app/page.tsx
index 60c4991..41faba0 100644
--- a/apps/web/app/page.tsx
+++ b/apps/web/app/page.tsx
@@ -1,13 +1,172 @@
 'use client';
-import { useTRPC } from '@repo/client';
-import { useQuery } from '@tanstack/react-query';
-import { useEffect } from 'react';
 
-export default function Home() {
-	const trpc = useTRPC();
-	const { data, isLoading } = useQuery(trpc.user.getUser.queryOptions());
-	useEffect(() => {
-		console.log(data);
-	}, [data]);
-	return <div>123</div>;
+import { useAuth } from '@/providers/auth-provider';
+import { UserProfile } from '@/components/user-profile';
+import { LoginButton } from '@/components/login-button';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@repo/ui/components/card';
+import { Badge } from '@repo/ui/components/badge';
+import { Separator } from '@repo/ui/components/separator';
+import { Shield, Key, Users, CheckCircle, Info } from 'lucide-react';
+
+export default function HomePage() {
+	const { isAuthenticated, isLoading, error } = useAuth();
+
+	return (
+		<div className="min-h-screen bg-gradient-to-br from-blue-50 to-indigo-100 dark:from-gray-900 dark:to-gray-800">
+			<div className="container mx-auto px-4 py-8">
+				{/* 页面标题 */}
+				<div className="text-center mb-8">
+					<h1 className="text-4xl font-bold text-gray-900 dark:text-white mb-4">OIDC 认证演示</h1>
+					<p className="text-xl text-gray-600 dark:text-gray-300 max-w-2xl mx-auto">
+						基于 OpenID Connect 协议的安全认证系统演示
+					</p>
+					<div className="mt-4">
+						<a
+							href="/test-oidc"
+							className="inline-flex items-center px-4 py-2 text-sm font-medium text-blue-600 hover:text-blue-800 border border-blue-300 rounded-lg hover:bg-blue-50 dark:text-blue-400 dark:border-blue-600 dark:hover:bg-blue-900"
+						>
+							测试 OIDC 流程
+						</a>
+					</div>
+				</div>
+
+				{/* 功能特性卡片 */}
+				<div className="grid grid-cols-1 md:grid-cols-3 gap-6 mb-8">
+					<Card>
+						<CardHeader>
+							<Shield className="h-8 w-8 text-blue-600 mb-2" />
+							<CardTitle className="text-lg">安全认证</CardTitle>
+							<CardDescription>基于 OAuth 2.0 和 OpenID Connect 标准的安全认证流程</CardDescription>
+						</CardHeader>
+					</Card>
+
+					<Card>
+						<CardHeader>
+							<Key className="h-8 w-8 text-green-600 mb-2" />
+							<CardTitle className="text-lg">Token 管理</CardTitle>
+							<CardDescription>自动管理访问令牌、刷新令牌和 ID 令牌的生命周期</CardDescription>
+						</CardHeader>
+					</Card>
+
+					<Card>
+						<CardHeader>
+							<Users className="h-8 w-8 text-purple-600 mb-2" />
+							<CardTitle className="text-lg">用户信息</CardTitle>
+							<CardDescription>获取和展示完整的用户配置文件信息</CardDescription>
+						</CardHeader>
+					</Card>
+				</div>
+
+				{/* 状态显示 */}
+				{error && (
+					<Card className="mb-6 border-red-200 bg-red-50 dark:border-red-800 dark:bg-red-900/20">
+						<CardContent className="p-4">
+							<div className="flex items-center gap-2 text-red-700 dark:text-red-300">
+								<Info className="h-5 w-5" />
+								<span className="font-medium">错误:</span>
+								<span>{error}</span>
+							</div>
+						</CardContent>
+					</Card>
+				)}
+
+				{/* 主要内容区域 */}
+				<div className="flex flex-col items-center space-y-8">
+					{isLoading ? (
+						<Card className="w-full max-w-2xl">
+							<CardContent className="p-8">
+								<div className="animate-pulse space-y-4">
+									<div className="h-4 bg-gray-200 rounded w-1/3 mx-auto"></div>
+									<div className="h-4 bg-gray-200 rounded w-1/2 mx-auto"></div>
+									<div className="h-4 bg-gray-200 rounded w-2/3 mx-auto"></div>
+								</div>
+							</CardContent>
+						</Card>
+					) : isAuthenticated ? (
+						<UserProfile />
+					) : (
+						<Card className="w-full max-w-md">
+							<CardHeader className="text-center">
+								<CardTitle className="text-2xl">欢迎使用</CardTitle>
+								<CardDescription>请点击下方按钮开始 OIDC 认证流程</CardDescription>
+							</CardHeader>
+							<CardContent className="flex flex-col items-center space-y-4">
+								<LoginButton size="lg" className="w-full" />
+
+								<Separator />
+
+								<div className="text-sm text-gray-600 dark:text-gray-400 space-y-2">
+									<p className="font-medium">演示账户信息：</p>
+									<div className="bg-gray-100 dark:bg-gray-800 p-3 rounded-md">
+										<p>
+											用户名: <code className="text-sm">demouser</code>
+										</p>
+										<p>
+											密码: <code className="text-sm">demo123</code>
+										</p>
+									</div>
+								</div>
+							</CardContent>
+						</Card>
+					)}
+
+					{/* 技术信息 */}
+					<Card className="w-full max-w-4xl">
+						<CardHeader>
+							<CardTitle className="flex items-center gap-2">
+								<CheckCircle className="h-5 w-5 text-green-600" />
+								技术实现特性
+							</CardTitle>
+						</CardHeader>
+						<CardContent>
+							<div className="grid grid-cols-1 md:grid-cols-2 gap-6">
+								<div>
+									<h4 className="font-semibold mb-3">前端技术栈</h4>
+									<div className="flex flex-wrap gap-2">
+										<Badge variant="outline">Next.js 15</Badge>
+										<Badge variant="outline">React 19</Badge>
+										<Badge variant="outline">TypeScript</Badge>
+										<Badge variant="outline">oidc-client-ts</Badge>
+										<Badge variant="outline">Tailwind CSS</Badge>
+									</div>
+								</div>
+
+								<div>
+									<h4 className="font-semibold mb-3">后端技术栈</h4>
+									<div className="flex flex-wrap gap-2">
+										<Badge variant="outline">Hono</Badge>
+										<Badge variant="outline">OIDC Provider</Badge>
+										<Badge variant="outline">Redis</Badge>
+										<Badge variant="outline">JWT</Badge>
+										<Badge variant="outline">PKCE</Badge>
+									</div>
+								</div>
+
+								<div>
+									<h4 className="font-semibold mb-3">安全特性</h4>
+									<div className="flex flex-wrap gap-2">
+										<Badge variant="secondary">授权码流程</Badge>
+										<Badge variant="secondary">PKCE 支持</Badge>
+										<Badge variant="secondary">Token 轮换</Badge>
+										<Badge variant="secondary">安全存储</Badge>
+									</div>
+								</div>
+
+								<div>
+									<h4 className="font-semibold mb-3">支持的作用域</h4>
+									<div className="flex flex-wrap gap-2">
+										<Badge variant="default">openid</Badge>
+										<Badge variant="default">profile</Badge>
+										<Badge variant="default">email</Badge>
+										<Badge variant="default">phone</Badge>
+										<Badge variant="default">address</Badge>
+									</div>
+								</div>
+							</div>
+						</CardContent>
+					</Card>
+				</div>
+			</div>
+		</div>
+	);
 }
diff --git a/apps/web/app/test-oidc/page.tsx b/apps/web/app/test-oidc/page.tsx
new file mode 100644
index 0000000..c680bb0
--- /dev/null
+++ b/apps/web/app/test-oidc/page.tsx
@@ -0,0 +1,248 @@
+'use client';
+
+import { useState } from 'react';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@repo/ui/components/card';
+import { Button } from '@repo/ui/components/button';
+import { Badge } from '@repo/ui/components/badge';
+import { Alert, AlertDescription } from '@repo/ui/components/alert';
+import { CheckCircle, XCircle, Loader2, ArrowRight, Key, User, Shield } from 'lucide-react';
+
+export default function TestOidcPage() {
+	const [testResults, setTestResults] = useState<{
+		discovery: 'idle' | 'loading' | 'success' | 'error';
+		discoveryData?: any;
+		discoveryError?: string;
+	}>({
+		discovery: 'idle',
+	});
+
+	const testDiscoveryEndpoint = async () => {
+		setTestResults((prev) => ({ ...prev, discovery: 'loading' }));
+
+		try {
+			const response = await fetch('http://localhost:3000/oidc/.well-known/openid_configuration');
+			if (!response.ok) {
+				throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+			}
+
+			const data = await response.json();
+			setTestResults((prev) => ({
+				...prev,
+				discovery: 'success',
+				discoveryData: data,
+			}));
+		} catch (error) {
+			setTestResults((prev) => ({
+				...prev,
+				discovery: 'error',
+				discoveryError: error instanceof Error ? error.message : '未知错误',
+			}));
+		}
+	};
+
+	const startOidcFlow = () => {
+		const params = new URLSearchParams({
+			response_type: 'code',
+			client_id: 'demo-client',
+			redirect_uri: 'http://localhost:3001/auth/callback',
+			scope: 'openid profile email',
+			state: `test-${Date.now()}`,
+		});
+
+		window.location.href = `http://localhost:3000/oidc/auth?${params.toString()}`;
+	};
+
+	const getStatusIcon = (status: string) => {
+		switch (status) {
+			case 'loading':
+				return <Loader2 className="h-5 w-5 animate-spin text-blue-500" />;
+			case 'success':
+				return <CheckCircle className="h-5 w-5 text-green-500" />;
+			case 'error':
+				return <XCircle className="h-5 w-5 text-red-500" />;
+			default:
+				return <div className="h-5 w-5 rounded-full border-2 border-gray-300" />;
+		}
+	};
+
+	return (
+		<div className="min-h-screen bg-gradient-to-br from-blue-50 to-indigo-100 dark:from-gray-900 dark:to-gray-800 p-8">
+			<div className="max-w-4xl mx-auto space-y-8">
+				{/* 页面标题 */}
+				<div className="text-center">
+					<h1 className="text-3xl font-bold text-gray-900 dark:text-white mb-4">OIDC 流程测试</h1>
+					<p className="text-lg text-gray-600 dark:text-gray-300">测试和验证 OpenID Connect 认证流程的各个环节</p>
+				</div>
+
+				{/* OIDC 流程步骤 */}
+				<Card>
+					<CardHeader>
+						<CardTitle className="flex items-center gap-2">
+							<Shield className="h-5 w-5" />
+							标准 OIDC 认证流程
+						</CardTitle>
+						<CardDescription>按照正确的 OIDC 架构，所有登录都在 OIDC Provider 中处理</CardDescription>
+					</CardHeader>
+					<CardContent className="space-y-6">
+						{/* 流程步骤图示 */}
+						<div className="grid grid-cols-1 md:grid-cols-5 gap-4 text-center">
+							<div className="flex flex-col items-center space-y-2">
+								<div className="w-12 h-12 bg-blue-100 dark:bg-blue-900 rounded-full flex items-center justify-center">
+									<User className="h-6 w-6 text-blue-600 dark:text-blue-300" />
+								</div>
+								<p className="text-sm font-medium">用户点击登录</p>
+							</div>
+
+							<div className="flex items-center justify-center">
+								<ArrowRight className="h-5 w-5 text-gray-400" />
+							</div>
+
+							<div className="flex flex-col items-center space-y-2">
+								<div className="w-12 h-12 bg-green-100 dark:bg-green-900 rounded-full flex items-center justify-center">
+									<Shield className="h-6 w-6 text-green-600 dark:text-green-300" />
+								</div>
+								<p className="text-sm font-medium">重定向到 Provider</p>
+							</div>
+
+							<div className="flex items-center justify-center">
+								<ArrowRight className="h-5 w-5 text-gray-400" />
+							</div>
+
+							<div className="flex flex-col items-center space-y-2">
+								<div className="w-12 h-12 bg-purple-100 dark:bg-purple-900 rounded-full flex items-center justify-center">
+									<Key className="h-6 w-6 text-purple-600 dark:text-purple-300" />
+								</div>
+								<p className="text-sm font-medium">返回授权码</p>
+							</div>
+						</div>
+
+						{/* 测试按钮 */}
+						<div className="flex justify-center">
+							<Button onClick={startOidcFlow} size="lg" className="px-8">
+								开始 OIDC 认证流程
+							</Button>
+						</div>
+
+						{/* 提示信息 */}
+						<Alert>
+							<Shield className="h-4 w-4" />
+							<AlertDescription>
+								点击上方按钮将重定向到 OIDC Provider 的登录页面。
+								<br />
+								<strong>演示账号:</strong> demouser / demo123
+							</AlertDescription>
+						</Alert>
+					</CardContent>
+				</Card>
+
+				{/* Discovery 端点测试 */}
+				<Card>
+					<CardHeader>
+						<CardTitle className="flex items-center gap-2">
+							{getStatusIcon(testResults.discovery)}
+							Discovery 端点测试
+						</CardTitle>
+						<CardDescription>测试 OIDC Provider 的配置发现端点</CardDescription>
+					</CardHeader>
+					<CardContent className="space-y-4">
+						<Button onClick={testDiscoveryEndpoint} disabled={testResults.discovery === 'loading'}>
+							{testResults.discovery === 'loading' ? '测试中...' : '测试 Discovery 端点'}
+						</Button>
+
+						{testResults.discovery === 'error' && (
+							<Alert variant="destructive">
+								<XCircle className="h-4 w-4" />
+								<AlertDescription>
+									<strong>错误:</strong> {testResults.discoveryError}
+								</AlertDescription>
+							</Alert>
+						)}
+
+						{testResults.discovery === 'success' && testResults.discoveryData && (
+							<div className="space-y-4">
+								<Alert>
+									<CheckCircle className="h-4 w-4" />
+									<AlertDescription>
+										<strong>成功!</strong> OIDC Provider 配置已获取
+									</AlertDescription>
+								</Alert>
+
+								<div className="bg-gray-50 dark:bg-gray-800 p-4 rounded-lg">
+									<h4 className="font-semibold mb-3">Provider 信息</h4>
+									<div className="space-y-2 text-sm">
+										<p>
+											<strong>Issuer:</strong>{' '}
+											<code className="bg-gray-200 dark:bg-gray-700 px-1 rounded">
+												{testResults.discoveryData.issuer}
+											</code>
+										</p>
+										<p>
+											<strong>授权端点:</strong>{' '}
+											<code className="bg-gray-200 dark:bg-gray-700 px-1 rounded">
+												{testResults.discoveryData.authorization_endpoint}
+											</code>
+										</p>
+										<p>
+											<strong>令牌端点:</strong>{' '}
+											<code className="bg-gray-200 dark:bg-gray-700 px-1 rounded">
+												{testResults.discoveryData.token_endpoint}
+											</code>
+										</p>
+									</div>
+								</div>
+
+								<div>
+									<h4 className="font-semibold mb-3">支持的功能</h4>
+									<div className="flex flex-wrap gap-2">
+										{testResults.discoveryData.response_types_supported?.map((type: string) => (
+											<Badge key={type} variant="outline">
+												{type}
+											</Badge>
+										))}
+									</div>
+									<div className="flex flex-wrap gap-2 mt-2">
+										{testResults.discoveryData.scopes_supported?.map((scope: string) => (
+											<Badge key={scope} variant="secondary">
+												{scope}
+											</Badge>
+										))}
+									</div>
+								</div>
+							</div>
+						)}
+					</CardContent>
+				</Card>
+
+				{/* 架构说明 */}
+				<Card>
+					<CardHeader>
+						<CardTitle>正确的 OIDC 架构</CardTitle>
+					</CardHeader>
+					<CardContent className="space-y-4">
+						<div className="grid grid-cols-1 md:grid-cols-2 gap-6">
+							<div>
+								<h4 className="font-semibold text-green-600 mb-2">✅ 已实现</h4>
+								<ul className="space-y-1 text-sm">
+									<li>• OIDC Provider 包含登录页面</li>
+									<li>• 标准授权码流程</li>
+									<li>• PKCE 支持</li>
+									<li>• 内置会话管理</li>
+									<li>• 自动令牌刷新</li>
+								</ul>
+							</div>
+							<div>
+								<h4 className="font-semibold text-red-600 mb-2">❌ 已移除</h4>
+								<ul className="space-y-1 text-sm">
+									<li>• 客户端应用的登录页面</li>
+									<li>• 自定义认证逻辑</li>
+									<li>• 重复的用户管理</li>
+									<li>• 混合认证流程</li>
+								</ul>
+							</div>
+						</div>
+					</CardContent>
+				</Card>
+			</div>
+		</div>
+	);
+}
diff --git a/apps/web/components/login-button.tsx b/apps/web/components/login-button.tsx
new file mode 100644
index 0000000..08e9490
--- /dev/null
+++ b/apps/web/components/login-button.tsx
@@ -0,0 +1,31 @@
+'use client';
+
+import { useAuth } from '@/providers/auth-provider';
+import { Button } from '@repo/ui/components/button';
+import { LogIn, Loader2 } from 'lucide-react';
+
+interface LoginButtonProps {
+	className?: string;
+	variant?: 'default' | 'destructive' | 'outline' | 'secondary' | 'ghost' | 'link';
+	size?: 'default' | 'sm' | 'lg' | 'icon';
+}
+
+export function LoginButton({ className, variant = 'default', size = 'default' }: LoginButtonProps) {
+	const { login, isLoading } = useAuth();
+
+	return (
+		<Button onClick={login} disabled={isLoading} variant={variant} size={size} className={className}>
+			{isLoading ? (
+				<>
+					<Loader2 className="mr-2 h-4 w-4 animate-spin" />
+					连接中...
+				</>
+			) : (
+				<>
+					<LogIn className="mr-2 h-4 w-4" />
+					登录
+				</>
+			)}
+		</Button>
+	);
+}
diff --git a/apps/web/components/providers.tsx b/apps/web/components/providers.tsx
index e112edb..8832538 100644
--- a/apps/web/components/providers.tsx
+++ b/apps/web/components/providers.tsx
@@ -3,6 +3,7 @@
 import * as React from 'react';
 import { ThemeProvider as NextThemesProvider } from 'next-themes';
 import QueryProvider from '@/providers/query-provider';
+import { AuthProvider } from '@/providers/auth-provider';
 
 export function Providers({ children }: { children: React.ReactNode }) {
 	return (
@@ -13,7 +14,9 @@ export function Providers({ children }: { children: React.ReactNode }) {
 			disableTransitionOnChange
 			enableColorScheme
 		>
-			<QueryProvider>{children}</QueryProvider>
+			<QueryProvider>
+				<AuthProvider>{children}</AuthProvider>
+			</QueryProvider>
 		</NextThemesProvider>
 	);
 }
diff --git a/apps/web/components/user-profile.tsx b/apps/web/components/user-profile.tsx
new file mode 100644
index 0000000..d638dc6
--- /dev/null
+++ b/apps/web/components/user-profile.tsx
@@ -0,0 +1,251 @@
+'use client';
+
+import { useAuth } from '@/providers/auth-provider';
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from '@repo/ui/components/card';
+import { Button } from '@repo/ui/components/button';
+import { Badge } from '@repo/ui/components/badge';
+import { Separator } from '@repo/ui/components/separator';
+import { Avatar, AvatarFallback, AvatarImage } from '@repo/ui/components/avatar';
+import { LogOut, User, Mail, Phone, MapPin, Calendar, Globe } from 'lucide-react';
+
+export function UserProfile() {
+	const { user, isAuthenticated, logout, isLoading } = useAuth();
+
+	if (isLoading) {
+		return (
+			<Card className="w-full max-w-2xl">
+				<CardContent className="p-6">
+					<div className="animate-pulse space-y-4">
+						<div className="h-4 bg-gray-200 rounded w-1/3"></div>
+						<div className="h-4 bg-gray-200 rounded w-1/2"></div>
+						<div className="h-4 bg-gray-200 rounded w-2/3"></div>
+					</div>
+				</CardContent>
+			</Card>
+		);
+	}
+
+	if (!isAuthenticated || !user) {
+		return (
+			<Card className="w-full max-w-2xl">
+				<CardHeader>
+					<CardTitle>未登录</CardTitle>
+					<CardDescription>请先登录以查看用户信息</CardDescription>
+				</CardHeader>
+			</Card>
+		);
+	}
+
+	const profile = user.profile;
+	const formatDate = (timestamp?: number) => {
+		if (!timestamp) return '未知';
+		return new Date(timestamp * 1000).toLocaleString('zh-CN');
+	};
+
+	return (
+		<Card className="w-full max-w-2xl">
+			<CardHeader className="pb-4">
+				<div className="flex items-center justify-between">
+					<div className="flex items-center space-x-4">
+						<Avatar className="h-12 w-12">
+							<AvatarImage src={profile.picture} alt={profile.name} />
+							<AvatarFallback>{profile.name?.charAt(0) || profile.preferred_username?.charAt(0) || 'U'}</AvatarFallback>
+						</Avatar>
+						<div>
+							<CardTitle className="text-xl">{profile.name || profile.preferred_username || '未知用户'}</CardTitle>
+							<CardDescription>用户ID: {profile.sub}</CardDescription>
+						</div>
+					</div>
+					<Button variant="outline" onClick={logout} className="gap-2">
+						<LogOut className="h-4 w-4" />
+						登出
+					</Button>
+				</div>
+			</CardHeader>
+
+			<CardContent className="space-y-6">
+				{/* 基本信息 */}
+				<div>
+					<h3 className="text-lg font-semibold mb-3 flex items-center gap-2">
+						<User className="h-5 w-5" />
+						基本信息
+					</h3>
+					<div className="grid grid-cols-1 md:grid-cols-2 gap-4">
+						{profile.given_name && (
+							<div>
+								<label className="text-sm font-medium text-gray-600 dark:text-gray-400">名</label>
+								<p className="text-sm">{profile.given_name}</p>
+							</div>
+						)}
+						{profile.family_name && (
+							<div>
+								<label className="text-sm font-medium text-gray-600 dark:text-gray-400">姓</label>
+								<p className="text-sm">{profile.family_name}</p>
+							</div>
+						)}
+						{profile.nickname && (
+							<div>
+								<label className="text-sm font-medium text-gray-600 dark:text-gray-400">昵称</label>
+								<p className="text-sm">{profile.nickname}</p>
+							</div>
+						)}
+						{profile.gender && (
+							<div>
+								<label className="text-sm font-medium text-gray-600 dark:text-gray-400">性别</label>
+								<p className="text-sm">{profile.gender}</p>
+							</div>
+						)}
+					</div>
+				</div>
+
+				<Separator />
+
+				{/* 联系信息 */}
+				<div>
+					<h3 className="text-lg font-semibold mb-3 flex items-center gap-2">
+						<Mail className="h-5 w-5" />
+						联系信息
+					</h3>
+					<div className="space-y-3">
+						{profile.email && (
+							<div className="flex items-center justify-between">
+								<div>
+									<label className="text-sm font-medium text-gray-600 dark:text-gray-400">邮箱</label>
+									<p className="text-sm">{profile.email}</p>
+								</div>
+								<Badge variant={profile.email_verified ? 'default' : 'secondary'}>
+									{profile.email_verified ? '已验证' : '未验证'}
+								</Badge>
+							</div>
+						)}
+						{profile.phone_number && (
+							<div className="flex items-center justify-between">
+								<div>
+									<label className="text-sm font-medium text-gray-600 dark:text-gray-400">电话</label>
+									<p className="text-sm">{profile.phone_number}</p>
+								</div>
+								<Badge variant={profile.phone_number_verified ? 'default' : 'secondary'}>
+									{profile.phone_number_verified ? '已验证' : '未验证'}
+								</Badge>
+							</div>
+						)}
+					</div>
+				</div>
+
+				{profile.address && (
+					<>
+						<Separator />
+						<div>
+							<h3 className="text-lg font-semibold mb-3 flex items-center gap-2">
+								<MapPin className="h-5 w-5" />
+								地址信息
+							</h3>
+							<div className="space-y-2">
+								{profile.address.formatted && (
+									<div>
+										<label className="text-sm font-medium text-gray-600 dark:text-gray-400">完整地址</label>
+										<p className="text-sm">{profile.address.formatted}</p>
+									</div>
+								)}
+								<div className="grid grid-cols-2 md:grid-cols-4 gap-4">
+									{profile.address.country && (
+										<div>
+											<label className="text-sm font-medium text-gray-600 dark:text-gray-400">国家</label>
+											<p className="text-sm">{profile.address.country}</p>
+										</div>
+									)}
+									{profile.address.region && (
+										<div>
+											<label className="text-sm font-medium text-gray-600 dark:text-gray-400">省/州</label>
+											<p className="text-sm">{profile.address.region}</p>
+										</div>
+									)}
+									{profile.address.locality && (
+										<div>
+											<label className="text-sm font-medium text-gray-600 dark:text-gray-400">城市</label>
+											<p className="text-sm">{profile.address.locality}</p>
+										</div>
+									)}
+									{profile.address.postal_code && (
+										<div>
+											<label className="text-sm font-medium text-gray-600 dark:text-gray-400">邮编</label>
+											<p className="text-sm">{profile.address.postal_code}</p>
+										</div>
+									)}
+								</div>
+							</div>
+						</div>
+					</>
+				)}
+
+				<Separator />
+
+				{/* 其他信息 */}
+				<div>
+					<h3 className="text-lg font-semibold mb-3 flex items-center gap-2">
+						<Globe className="h-5 w-5" />
+						其他信息
+					</h3>
+					<div className="grid grid-cols-1 md:grid-cols-2 gap-4">
+						{profile.birthdate && (
+							<div>
+								<label className="text-sm font-medium text-gray-600 dark:text-gray-400">生日</label>
+								<p className="text-sm">{profile.birthdate}</p>
+							</div>
+						)}
+						{profile.zoneinfo && (
+							<div>
+								<label className="text-sm font-medium text-gray-600 dark:text-gray-400">时区</label>
+								<p className="text-sm">{profile.zoneinfo}</p>
+							</div>
+						)}
+						{profile.locale && (
+							<div>
+								<label className="text-sm font-medium text-gray-600 dark:text-gray-400">语言</label>
+								<p className="text-sm">{profile.locale}</p>
+							</div>
+						)}
+						{profile.updated_at && (
+							<div>
+								<label className="text-sm font-medium text-gray-600 dark:text-gray-400">更新时间</label>
+								<p className="text-sm">{formatDate(profile.updated_at)}</p>
+							</div>
+						)}
+					</div>
+				</div>
+
+				<Separator />
+
+				{/* Token 信息 */}
+				<div>
+					<h3 className="text-lg font-semibold mb-3 flex items-center gap-2">
+						<Calendar className="h-5 w-5" />
+						Token 信息
+					</h3>
+					<div className="grid grid-cols-1 md:grid-cols-2 gap-4">
+						{user.expires_at && (
+							<div>
+								<label className="text-sm font-medium text-gray-600 dark:text-gray-400">访问令牌过期时间</label>
+								<p className="text-sm">{new Date(user.expires_at * 1000).toLocaleString('zh-CN')}</p>
+							</div>
+						)}
+						<div>
+							<label className="text-sm font-medium text-gray-600 dark:text-gray-400">Token类型</label>
+							<p className="text-sm">{user.token_type}</p>
+						</div>
+						<div className="md:col-span-2">
+							<label className="text-sm font-medium text-gray-600 dark:text-gray-400">作用域</label>
+							<div className="flex flex-wrap gap-1 mt-1">
+								{user.scope?.split(' ').map((scope) => (
+									<Badge key={scope} variant="outline" className="text-xs">
+										{scope}
+									</Badge>
+								))}
+							</div>
+						</div>
+					</div>
+				</div>
+			</CardContent>
+		</Card>
+	);
+}
diff --git a/apps/web/lib/oidc-config.ts b/apps/web/lib/oidc-config.ts
new file mode 100644
index 0000000..09ba761
--- /dev/null
+++ b/apps/web/lib/oidc-config.ts
@@ -0,0 +1,27 @@
+import { UserManager, WebStorageStateStore } from 'oidc-client-ts';
+
+// OIDC 客户端配置
+export const oidcConfig = {
+    authority: 'http://localhost:3000/oidc', // 后端OIDC provider地址
+    client_id: 'demo-client',
+    client_secret: 'demo-client-secret',
+    redirect_uri: 'http://localhost:3001/auth/callback',
+    post_logout_redirect_uri: 'http://localhost:3001',
+    response_type: 'code',
+    scope: 'openid profile email',
+    automaticSilentRenew: true,
+    includeIdTokenInSilentRenew: true,
+    revokeTokensOnSignout: true,
+    userStore: new WebStorageStateStore({ store: window?.localStorage }),
+};
+
+// 创建用户管理器实例
+export const userManager = typeof window !== 'undefined' ? new UserManager(oidcConfig) : null;
+
+// OIDC 相关的URL
+export const oidcUrls = {
+    login: `${oidcConfig.authority}/auth`,
+    logout: `${oidcConfig.authority}/logout`,
+    token: `${oidcConfig.authority}/token`,
+    userinfo: `${oidcConfig.authority}/userinfo`,
+}; 
\ No newline at end of file
diff --git a/apps/web/package.json b/apps/web/package.json
index cf560aa..78e928e 100644
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -4,12 +4,16 @@
   "type": "module",
   "private": true,
   "scripts": {
-    "dev": "next dev --turbopack",
+    "dev": "next dev --turbopack -p 3001",
     "build": "next build",
     "start": "next start",
     "lint": "next lint"
   },
   "dependencies": {
+    "@radix-ui/react-avatar": "^1.1.10",
+    "@radix-ui/react-label": "^2.1.7",
+    "@radix-ui/react-separator": "^1.1.7",
+    "@radix-ui/react-slot": "^1.2.3",
     "@repo/client": "workspace:*",
     "@repo/db": "workspace:*",
     "@repo/ui": "workspace:*",
@@ -23,15 +27,16 @@
     "lucide-react": "0.511.0",
     "next": "15.3.2",
     "next-themes": "^0.4.6",
+    "oidc-client-ts": "^3.2.1",
     "react": "^19.1.0",
     "react-dom": "^19.1.0",
-    "superjson": "^2.2.2"
+    "superjson": "^2.2.2",
+    "valibot": "^1.1.0"
   },
   "devDependencies": {
     "@repo/eslint-config": "workspace:*",
     "@repo/typescript-config": "workspace:*",
     "@tailwindcss/postcss": "^4",
-
     "@types/react": "^19.1.4",
     "@types/react-dom": "^19.1.5",
     "tailwindcss": "^4",
diff --git a/apps/web/providers/auth-provider.tsx b/apps/web/providers/auth-provider.tsx
new file mode 100644
index 0000000..55d5326
--- /dev/null
+++ b/apps/web/providers/auth-provider.tsx
@@ -0,0 +1,130 @@
+'use client';
+
+import React, { createContext, useContext, useEffect, useState, ReactNode } from 'react';
+import { User } from 'oidc-client-ts';
+import { userManager } from '@/lib/oidc-config';
+
+interface AuthContextType {
+	user: User | null;
+	isLoading: boolean;
+	isAuthenticated: boolean;
+	login: () => Promise<void>;
+	logout: () => Promise<void>;
+	error: string | null;
+}
+
+const AuthContext = createContext<AuthContextType | undefined>(undefined);
+
+export const useAuth = () => {
+	const context = useContext(AuthContext);
+	if (context === undefined) {
+		throw new Error('useAuth必须在AuthProvider内部使用');
+	}
+	return context;
+};
+
+interface AuthProviderProps {
+	children: ReactNode;
+}
+
+export const AuthProvider: React.FC<AuthProviderProps> = ({ children }) => {
+	const [user, setUser] = useState<User | null>(null);
+	const [isLoading, setIsLoading] = useState(true);
+	const [error, setError] = useState<string | null>(null);
+
+	const isAuthenticated = !!user && !user.expired;
+
+	useEffect(() => {
+		if (!userManager) return;
+
+		const initAuth = async () => {
+			try {
+				setIsLoading(true);
+				const currentUser = await userManager.getUser();
+				setUser(currentUser);
+			} catch (err) {
+				console.error('初始化认证失败:', err);
+				setError('认证初始化失败');
+			} finally {
+				setIsLoading(false);
+			}
+		};
+
+		initAuth();
+
+		// 监听用户状态变化
+		const handleUserLoaded = (user: User) => {
+			setUser(user);
+			setError(null);
+		};
+
+		const handleUserUnloaded = () => {
+			setUser(null);
+		};
+
+		const handleAccessTokenExpired = () => {
+			setUser(null);
+			setError('访问令牌已过期');
+		};
+
+		const handleSilentRenewError = (error: Error) => {
+			console.error('静默续约失败:', error);
+			setError('令牌续约失败');
+		};
+
+		userManager.events.addUserLoaded(handleUserLoaded);
+		userManager.events.addUserUnloaded(handleUserUnloaded);
+		userManager.events.addAccessTokenExpired(handleAccessTokenExpired);
+		userManager.events.addSilentRenewError(handleSilentRenewError);
+
+		return () => {
+			if (userManager) {
+				userManager.events.removeUserLoaded(handleUserLoaded);
+				userManager.events.removeUserUnloaded(handleUserUnloaded);
+				userManager.events.removeAccessTokenExpired(handleAccessTokenExpired);
+				userManager.events.removeSilentRenewError(handleSilentRenewError);
+			}
+		};
+	}, []);
+
+	const login = async () => {
+		if (!userManager) {
+			setError('用户管理器未初始化');
+			return;
+		}
+
+		try {
+			setError(null);
+			await userManager.signinRedirect();
+		} catch (err) {
+			console.error('登录失败:', err);
+			setError('登录失败');
+		}
+	};
+
+	const logout = async () => {
+		if (!userManager) {
+			setError('用户管理器未初始化');
+			return;
+		}
+
+		try {
+			setError(null);
+			await userManager.signoutRedirect();
+		} catch (err) {
+			console.error('登出失败:', err);
+			setError('登出失败');
+		}
+	};
+
+	const value: AuthContextType = {
+		user,
+		isLoading,
+		isAuthenticated,
+		login,
+		logout,
+		error,
+	};
+
+	return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;
+};
diff --git a/packages/client/package.json b/packages/client/package.json
index 165800c..ed3abe8 100755
--- a/packages/client/package.json
+++ b/packages/client/package.json
@@ -3,15 +3,12 @@
 	"version": "1.0.0",
 	"exports": {
 		".": "./src/index.ts"
-	  },
+	},
 	"sideEffects": false,
 	"files": [
 		"dist",
 		"src"
 	],
-	"dependencies": {
-		
-	},
 	"peerDependencies": {
 		"@tanstack/query-async-storage-persister": "^5.51.9",
 		"@tanstack/react-query": "^5.51.21",
@@ -25,9 +22,9 @@
 		"react": "^19.1.0"
 	},
 	"devDependencies": {
-		"rimraf": "^6.0.1",
-		"tsup": "^8.3.5",
 		"@types/react": "^19.1.4",
-		"@types/react-dom": "^19.1.5"
+		"@types/react-dom": "^19.1.5",
+		"rimraf": "^6.0.1",
+		"tsup": "^8.3.5"
 	}
 }
diff --git a/packages/oidc-provider/package.json b/packages/oidc-provider/package.json
new file mode 100644
index 0000000..542fc97
--- /dev/null
+++ b/packages/oidc-provider/package.json
@@ -0,0 +1,60 @@
+{
+  "name": "@repo/oidc-provider",
+  "version": "2.0.0",
+  "description": "OpenID Connect Provider implementation for Hono - 完全兼容 Hono 的 OIDC Provider",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "@hono/zod-validator": "^0.5.0",
+    "hono": "^4.7.10",
+    "ioredis": "5.4.1",
+    "jose": "^6.0.11",
+    "nanoid": "^5.1.5",
+    "zod": "^3.25.23"
+  },
+  "devDependencies": {
+    "@types/node": "^22.15.21",
+    "typescript": "^5.0.0"
+  },
+  "peerDependencies": {
+    "hono": "^4.0.0",
+    "ioredis": "^5.0.0"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "keywords": [
+    "oidc",
+    "openid-connect",
+    "oauth2",
+    "hono",
+    "authentication",
+    "authorization",
+    "redis",
+    "typescript"
+  ],
+  "author": "Your Name",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/your-org/your-repo.git",
+    "directory": "packages/oidc-provider"
+  },
+  "bugs": {
+    "url": "https://github.com/your-org/your-repo/issues"
+  },
+  "homepage": "https://github.com/your-org/your-repo/tree/main/packages/oidc-provider#readme"
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/auth/auth-manager.ts b/packages/oidc-provider/src/auth/auth-manager.ts
new file mode 100644
index 0000000..201c97c
--- /dev/null
+++ b/packages/oidc-provider/src/auth/auth-manager.ts
@@ -0,0 +1,157 @@
+import type { Context } from 'hono';
+import type { AuthorizationRequest, OIDCProviderConfig } from '../types';
+import { PasswordAuthStrategy, type AuthenticationResult, type PasswordAuthConfig } from './strategies/password-auth-strategy';
+
+/**
+ * 密码验证器类型
+ */
+export type PasswordValidator = (username: string, password: string) => Promise<string | null>;
+
+/**
+ * 认证管理器配置
+ */
+export interface AuthManagerConfig {
+  /** 会话TTL（秒） */
+  sessionTTL?: number;
+  /** 记住我最大存活时间（秒） */
+  rememberMeMaxAge?: number;
+  /** 页面配置 */
+  pageConfig?: {
+    title?: string;
+    brandName?: string;
+    logoUrl?: string;
+  };
+}
+
+/**
+ * 认证管理器
+ * 专门处理密码认证
+ */
+export class AuthManager {
+  private readonly passwordAuth: PasswordAuthStrategy;
+
+  constructor(
+    oidcConfig: OIDCProviderConfig,
+    passwordValidator: PasswordValidator,
+    config: AuthManagerConfig = {}
+  ) {
+    const passwordConfig: PasswordAuthConfig = {
+      sessionTTL: config.sessionTTL || 24 * 60 * 60, // 默认24小时
+      rememberMeMaxAge: config.rememberMeMaxAge || 30 * 24 * 60 * 60, // 默认30天
+      pageConfig: config.pageConfig || {}
+    };
+
+    this.passwordAuth = new PasswordAuthStrategy(
+      oidcConfig,
+      passwordValidator,
+      passwordConfig
+    );
+  }
+
+  /**
+   * 检查当前用户是否已认证
+   */
+  async getCurrentUser(c: Context): Promise<string | null> {
+    return await this.passwordAuth.getCurrentUser(c);
+  }
+
+  /**
+   * 处理认证要求
+   */
+  async handleAuthenticationRequired(
+    c: Context,
+    authRequest: AuthorizationRequest
+  ): Promise<Response> {
+    return await this.passwordAuth.handleAuthenticationRequired(c, authRequest);
+  }
+
+  /**
+   * 处理认证请求
+   */
+  async authenticate(c: Context): Promise<AuthenticationResult> {
+    return await this.passwordAuth.authenticate(c);
+  }
+
+  /**
+   * 处理登出请求
+   */
+  async logout(c: Context): Promise<Response> {
+    return await this.passwordAuth.logout(c);
+  }
+
+  /**
+   * 处理完整的登录流程
+   */
+  async handleLogin(c: Context, authRequest: AuthorizationRequest): Promise<Response> {
+    try {
+      // 执行认证
+      const authResult = await this.passwordAuth.authenticate(c);
+
+      if (authResult.success) {
+        // 认证成功，处理后续操作
+        return await this.handleAuthenticationSuccess(c, authResult);
+      } else {
+        // 认证失败，返回错误页面
+        return await this.handleAuthenticationFailure(c, authResult, authRequest);
+      }
+    } catch (error) {
+      console.error('登录流程处理失败:', error);
+
+      // 返回通用错误页面
+      return await this.handleAuthenticationFailure(
+        c,
+        { success: false, error: '服务器内部错误' },
+        authRequest
+      );
+    }
+  }
+
+  /**
+   * 检查认证状态并处理
+   */
+  async checkAuthenticationStatus(
+    c: Context,
+    authRequest: AuthorizationRequest
+  ): Promise<{ authenticated: boolean; userId?: string; response?: Response }> {
+    try {
+      const userId = await this.getCurrentUser(c);
+
+      if (userId) {
+        return {
+          authenticated: true,
+          userId
+        };
+      } else {
+        const response = await this.handleAuthenticationRequired(c, authRequest);
+        return {
+          authenticated: false,
+          response
+        };
+      }
+    } catch (error) {
+      console.error('检查认证状态失败:', error);
+      throw error;
+    }
+  }
+
+  /**
+   * 处理认证成功
+   */
+  private async handleAuthenticationSuccess(
+    c: Context,
+    result: AuthenticationResult
+  ): Promise<Response> {
+    return await this.passwordAuth.handleAuthenticationSuccess(c, result);
+  }
+
+  /**
+   * 处理认证失败
+   */
+  private async handleAuthenticationFailure(
+    c: Context,
+    result: AuthenticationResult,
+    authRequest: AuthorizationRequest
+  ): Promise<Response> {
+    return await this.passwordAuth.handleAuthenticationFailure(c, result, authRequest);
+  }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/auth/index.ts b/packages/oidc-provider/src/auth/index.ts
new file mode 100644
index 0000000..4220fce
--- /dev/null
+++ b/packages/oidc-provider/src/auth/index.ts
@@ -0,0 +1,13 @@
+// 核心管理器
+export { AuthManager, type AuthManagerConfig, type PasswordValidator } from './auth-manager';
+
+// 密码认证
+export { PasswordAuthStrategy, type AuthenticationResult, type PasswordAuthConfig } from './strategies/password-auth-strategy';
+
+// 工具类
+export { CookieUtils, type CookieConfig } from './utils/cookie-utils';
+export { HtmlTemplates, type PageConfig } from './utils/html-templates';
+
+// 原有组件（向后兼容）
+export { TokenManager } from './token-manager';
+export { SessionManager } from './session-manager'; 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/auth/session-manager.ts b/packages/oidc-provider/src/auth/session-manager.ts
new file mode 100644
index 0000000..0baedfb
--- /dev/null
+++ b/packages/oidc-provider/src/auth/session-manager.ts
@@ -0,0 +1,83 @@
+import type { StorageAdapter } from '../storage';
+import type { AuthorizationRequest } from '../types';
+
+/**
+ * 会话数据接口
+ */
+interface SessionData {
+    session_id: string;
+    user_id: string;
+    client_id: string;
+    created_at: number;
+    auth_params?: AuthorizationRequest;
+}
+
+/**
+ * 会话管理器
+ * 处理用户会话的存储业务逻辑
+ */
+export class SessionManager {
+    constructor(private storage: StorageAdapter, private sessionTTL: number = 3600) { }
+
+    private getSessionKey(sessionId: string): string {
+        return `session:${sessionId}`;
+    }
+
+    /**
+     * 生成唯一的会话ID
+     */
+    private generateSessionId(): string {
+        return Math.random().toString(36).substring(2) + Date.now().toString(36);
+    }
+
+    /**
+     * 创建新会话
+     */
+    async createSession(
+        userId: string,
+        clientId: string,
+        authParams?: AuthorizationRequest
+    ): Promise<SessionData> {
+        const sessionId = this.generateSessionId();
+        const sessionData: SessionData = {
+            session_id: sessionId,
+            user_id: userId,
+            client_id: clientId,
+            created_at: Date.now(),
+            auth_params: authParams,
+        };
+
+        await this.storeSession(sessionId, sessionData);
+        return sessionData;
+    }
+
+    /**
+     * 销毁会话
+     */
+    async destroySession(sessionId: string): Promise<void> {
+        await this.deleteSession(sessionId);
+    }
+
+    async storeSession(sessionId: string, data: any): Promise<void> {
+        const key = this.getSessionKey(sessionId);
+        await this.storage.set(key, data, this.sessionTTL);
+    }
+
+    async getSession(sessionId: string): Promise<any> {
+        const key = this.getSessionKey(sessionId);
+        return await this.storage.get(key);
+    }
+
+    async deleteSession(sessionId: string): Promise<void> {
+        const key = this.getSessionKey(sessionId);
+        await this.storage.delete(key);
+    }
+
+    async updateSession(sessionId: string, updates: any): Promise<void> {
+        const existingSession = await this.getSession(sessionId);
+        if (existingSession) {
+            const updatedSession = { ...existingSession, ...updates };
+            await this.storeSession(sessionId, updatedSession);
+        }
+    }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/auth/strategies/password-auth-strategy.ts b/packages/oidc-provider/src/auth/strategies/password-auth-strategy.ts
new file mode 100644
index 0000000..036bf53
--- /dev/null
+++ b/packages/oidc-provider/src/auth/strategies/password-auth-strategy.ts
@@ -0,0 +1,304 @@
+import type { Context } from 'hono';
+import type { AuthorizationRequest, LoginCredentials, PasswordValidator, OIDCProviderConfig } from '../../types';
+import { SessionManager } from '../session-manager';
+import { CookieUtils } from '../utils/cookie-utils';
+import { HtmlTemplates, type PageConfig } from '../utils/html-templates';
+
+/**
+ * 认证结果接口
+ */
+export interface AuthenticationResult {
+    /** 是否认证成功 */
+    success: boolean;
+    /** 用户ID（认证成功时） */
+    userId?: string;
+    /** 错误信息（认证失败时） */
+    error?: string;
+    /** 附加数据 */
+    metadata?: Record<string, any>;
+}
+
+/**
+ * 密码认证策略配置
+ */
+export interface PasswordAuthConfig {
+    /** 会话TTL（秒） */
+    sessionTTL?: number;
+    /** 页面配置 */
+    pageConfig?: PageConfig;
+    /** 记住我功能的最大时长（秒） */
+    rememberMeMaxAge?: number;
+}
+
+/**
+ * 密码认证服务
+ * 实现基于用户名和密码的传统认证方式
+ */
+export class PasswordAuthStrategy {
+    readonly name = 'password';
+
+    private readonly sessionManager: SessionManager;
+    private readonly config: PasswordAuthConfig;
+
+    constructor(
+        private readonly oidcConfig: OIDCProviderConfig,
+        private readonly passwordValidator: PasswordValidator,
+        config: PasswordAuthConfig = {}
+    ) {
+        this.config = {
+            sessionTTL: 24 * 60 * 60, // 默认24小时
+            rememberMeMaxAge: 30 * 24 * 60 * 60, // 默认30天
+            ...config
+        };
+        this.sessionManager = new SessionManager(oidcConfig.storage, this.config.sessionTTL);
+    }
+
+    /**
+     * 检查当前用户是否已认证
+     */
+    async getCurrentUser(c: Context): Promise<string | null> {
+        const sessionId = CookieUtils.getSessionIdFromCookie(c);
+        if (!sessionId) {
+            return null;
+        }
+
+        try {
+            const session = await this.sessionManager.getSession(sessionId);
+            return session?.user_id || null;
+        } catch (error) {
+            console.error('获取会话失败:', error);
+            return null;
+        }
+    }
+
+    /**
+     * 处理认证要求 - 显示登录页面
+     */
+    async handleAuthenticationRequired(c: Context, authRequest: AuthorizationRequest): Promise<Response> {
+        const loginHtml = HtmlTemplates.generateLoginPage(authRequest, this.config.pageConfig);
+
+        c.header('Content-Type', 'text/html; charset=utf-8');
+        return c.body(loginHtml);
+    }
+
+    /**
+     * 处理认证请求
+     */
+    async authenticate(c: Context): Promise<AuthenticationResult> {
+        try {
+            // 解析表单数据
+            const formData = await c.req.formData();
+            const credentials = this.parseCredentials(formData);
+            const authParams = this.extractAuthParams(formData);
+
+            // 验证输入
+            const validationError = this.validateCredentials(credentials);
+            if (validationError) {
+                return {
+                    success: false,
+                    error: validationError
+                };
+            }
+
+            // 验证用户密码
+            const userId = await this.passwordValidator(credentials.username, credentials.password);
+            if (!userId) {
+                return {
+                    success: false,
+                    error: '用户名或密码错误'
+                };
+            }
+
+            // 检查用户是否存在
+            const user = await this.oidcConfig.findUser(userId);
+            if (!user) {
+                return {
+                    success: false,
+                    error: '用户不存在'
+                };
+            }
+
+            // 创建会话
+            const session = await this.sessionManager.createSession(
+                userId,
+                authParams.client_id,
+                authParams
+            );
+
+            // 设置Cookie
+            const maxAge = credentials.remember_me
+                ? this.config.rememberMeMaxAge!
+                : this.config.sessionTTL!;
+
+            return {
+                success: true,
+                userId,
+                metadata: {
+                    sessionId: session.session_id,
+                    maxAge,
+                    authParams,
+                    rememberMe: credentials.remember_me
+                }
+            };
+
+        } catch (error) {
+            console.error('认证处理失败:', error);
+            return {
+                success: false,
+                error: '服务器内部错误，请稍后重试'
+            };
+        }
+    }
+
+    /**
+     * 处理登出请求
+     */
+    async logout(c: Context): Promise<Response> {
+        const sessionId = CookieUtils.getSessionIdFromCookie(c);
+
+        if (sessionId) {
+            try {
+                await this.sessionManager.destroySession(sessionId);
+            } catch (error) {
+                console.error('销毁会话失败:', error);
+            }
+        }
+
+        // 清除Cookie
+        CookieUtils.clearSessionCookie(c);
+
+        // 处理重定向
+        const postLogoutRedirectUri = c.req.query('post_logout_redirect_uri');
+        const state = c.req.query('state');
+
+        if (postLogoutRedirectUri) {
+            const redirectUrl = this.buildPostLogoutRedirectUrl(postLogoutRedirectUri, state);
+            return c.redirect(redirectUrl);
+        }
+
+        return c.json({
+            message: '已成功登出',
+            timestamp: new Date().toISOString()
+        });
+    }
+
+    /**
+     * 处理认证成功后的操作
+     */
+    async handleAuthenticationSuccess(
+        c: Context,
+        result: AuthenticationResult
+    ): Promise<Response> {
+        if (!result.success || !result.metadata) {
+            throw new Error('认证结果无效');
+        }
+
+        const { sessionId, maxAge, authParams } = result.metadata;
+
+        // 设置会话Cookie
+        CookieUtils.setSessionCookie(c, sessionId, maxAge);
+
+        // 重定向到授权端点
+        const authUrl = this.buildAuthorizationUrl(authParams);
+        return c.redirect(authUrl);
+    }
+
+    /**
+     * 处理认证失败后的操作
+     */
+    async handleAuthenticationFailure(
+        c: Context,
+        result: AuthenticationResult,
+        authRequest: AuthorizationRequest
+    ): Promise<Response> {
+        const errorHtml = HtmlTemplates.generateLoginPage(
+            authRequest,
+            this.config.pageConfig,
+            result.error
+        );
+
+        c.header('Content-Type', 'text/html; charset=utf-8');
+        return c.body(errorHtml);
+    }
+
+    /**
+     * 解析登录凭据
+     */
+    private parseCredentials(formData: FormData): LoginCredentials {
+        return {
+            username: formData.get('username')?.toString() || '',
+            password: formData.get('password')?.toString() || '',
+            remember_me: formData.get('remember_me') === 'on',
+        };
+    }
+
+    /**
+     * 验证登录凭据
+     */
+    private validateCredentials(credentials: LoginCredentials): string | null {
+        if (!credentials.username.trim()) {
+            return '请输入用户名';
+        }
+
+        if (!credentials.password) {
+            return '请输入密码';
+        }
+
+        if (credentials.username.length > 100) {
+            return '用户名过长';
+        }
+
+        if (credentials.password.length > 200) {
+            return '密码过长';
+        }
+
+        return null;
+    }
+
+    /**
+     * 构建登出后重定向URL
+     */
+    private buildPostLogoutRedirectUrl(redirectUri: string, state?: string): string {
+        if (!state) {
+            return redirectUri;
+        }
+
+        const url = new URL(redirectUri);
+        url.searchParams.set('state', state);
+        return url.toString();
+    }
+
+    /**
+     * 构建授权URL
+     */
+    protected buildAuthorizationUrl(authParams: AuthorizationRequest): string {
+        const params = new URLSearchParams();
+        params.set('response_type', authParams.response_type);
+        params.set('client_id', authParams.client_id);
+        params.set('redirect_uri', authParams.redirect_uri);
+        params.set('scope', authParams.scope);
+
+        if (authParams.state) params.set('state', authParams.state);
+        if (authParams.nonce) params.set('nonce', authParams.nonce);
+        if (authParams.code_challenge) params.set('code_challenge', authParams.code_challenge);
+        if (authParams.code_challenge_method) params.set('code_challenge_method', authParams.code_challenge_method);
+
+        return `/oidc/auth?${params.toString()}`;
+    }
+
+    /**
+     * 从表单数据提取授权参数
+     */
+    protected extractAuthParams(formData: FormData): AuthorizationRequest {
+        return {
+            response_type: formData.get('response_type')?.toString() || '',
+            client_id: formData.get('client_id')?.toString() || '',
+            redirect_uri: formData.get('redirect_uri')?.toString() || '',
+            scope: formData.get('scope')?.toString() || '',
+            state: formData.get('state')?.toString(),
+            nonce: formData.get('nonce')?.toString(),
+            code_challenge: formData.get('code_challenge')?.toString(),
+            code_challenge_method: formData.get('code_challenge_method')?.toString() as 'plain' | 'S256' | undefined,
+        };
+    }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/auth/token-manager.ts b/packages/oidc-provider/src/auth/token-manager.ts
new file mode 100644
index 0000000..0e18d26
--- /dev/null
+++ b/packages/oidc-provider/src/auth/token-manager.ts
@@ -0,0 +1,205 @@
+import type {
+    AuthorizationCode,
+    AccessToken,
+    RefreshToken,
+    IDToken,
+} from '../types';
+import type { StorageAdapter } from '../storage';
+
+/**
+ * 令牌管理器
+ * 处理所有令牌相关的存储业务逻辑
+ */
+export class TokenManager {
+    constructor(private storage: StorageAdapter) { }
+
+    // 生成存储键
+    private getTokenKey(type: string, token: string): string {
+        return `${type}:${token}`;
+    }
+
+    private getUserClientKey(type: string, userId: string, clientId: string): string {
+        return `${type}:user:${userId}:client:${clientId}`;
+    }
+
+    // 授权码管理
+    async storeAuthorizationCode(authCode: AuthorizationCode): Promise<void> {
+        const key = this.getTokenKey('auth_code', authCode.code);
+        const ttl = Math.floor((authCode.expires_at.getTime() - Date.now()) / 1000);
+
+        const data = {
+            ...authCode,
+            expires_at: authCode.expires_at.toISOString(),
+            created_at: authCode.created_at.toISOString(),
+        };
+
+        await this.storage.set(key, data, Math.max(ttl, 1));
+    }
+
+    async getAuthorizationCode(code: string): Promise<AuthorizationCode | null> {
+        const key = this.getTokenKey('auth_code', code);
+        const data = await this.storage.get(key);
+        if (!data) return null;
+
+        return {
+            ...data,
+            expires_at: new Date(data.expires_at),
+            created_at: new Date(data.created_at),
+        };
+    }
+
+    async deleteAuthorizationCode(code: string): Promise<void> {
+        const key = this.getTokenKey('auth_code', code);
+        await this.storage.delete(key);
+    }
+
+    // 访问令牌管理
+    async storeAccessToken(token: AccessToken): Promise<void> {
+        const key = this.getTokenKey('access_token', token.token);
+        const userClientKey = this.getUserClientKey('access_tokens', token.user_id, token.client_id);
+        const ttl = Math.floor((token.expires_at.getTime() - Date.now()) / 1000);
+
+        const data = {
+            ...token,
+            expires_at: token.expires_at.toISOString(),
+            created_at: token.created_at.toISOString(),
+        };
+
+        // 存储令牌数据
+        await this.storage.set(key, data, Math.max(ttl, 1));
+
+        // 存储用户-客户端索引
+        const existingTokens = await this.storage.get<string[]>(userClientKey) || [];
+        existingTokens.push(token.token);
+        await this.storage.set(userClientKey, existingTokens, Math.max(ttl, 1));
+    }
+
+    async getAccessToken(token: string): Promise<AccessToken | null> {
+        const key = this.getTokenKey('access_token', token);
+        const data = await this.storage.get(key);
+        if (!data) return null;
+
+        return {
+            ...data,
+            expires_at: new Date(data.expires_at),
+            created_at: new Date(data.created_at),
+        };
+    }
+
+    async deleteAccessToken(token: string): Promise<void> {
+        const key = this.getTokenKey('access_token', token);
+
+        // 获取令牌数据以清理索引
+        const tokenData = await this.storage.get(key);
+        if (tokenData) {
+            const userClientKey = this.getUserClientKey('access_tokens', tokenData.user_id, tokenData.client_id);
+            const tokens = await this.storage.get<string[]>(userClientKey) || [];
+            const filteredTokens = tokens.filter(t => t !== token);
+
+            if (filteredTokens.length > 0) {
+                await this.storage.set(userClientKey, filteredTokens);
+            } else {
+                await this.storage.delete(userClientKey);
+            }
+        }
+
+        await this.storage.delete(key);
+    }
+
+    async deleteAccessTokensByUserAndClient(userId: string, clientId: string): Promise<void> {
+        const userClientKey = this.getUserClientKey('access_tokens', userId, clientId);
+        const tokens = await this.storage.get<string[]>(userClientKey) || [];
+
+        // 删除所有相关令牌
+        for (const token of tokens) {
+            await this.storage.delete(this.getTokenKey('access_token', token));
+        }
+
+        // 删除索引
+        await this.storage.delete(userClientKey);
+    }
+
+    // 刷新令牌管理
+    async storeRefreshToken(token: RefreshToken): Promise<void> {
+        const key = this.getTokenKey('refresh_token', token.token);
+        const userClientKey = this.getUserClientKey('refresh_tokens', token.user_id, token.client_id);
+        const ttl = Math.floor((token.expires_at.getTime() - Date.now()) / 1000);
+
+        const data = {
+            ...token,
+            expires_at: token.expires_at.toISOString(),
+            created_at: token.created_at.toISOString(),
+        };
+
+        // 存储令牌数据
+        await this.storage.set(key, data, Math.max(ttl, 1));
+
+        // 存储用户-客户端索引
+        const existingTokens = await this.storage.get<string[]>(userClientKey) || [];
+        existingTokens.push(token.token);
+        await this.storage.set(userClientKey, existingTokens, Math.max(ttl, 1));
+    }
+
+    async getRefreshToken(token: string): Promise<RefreshToken | null> {
+        const key = this.getTokenKey('refresh_token', token);
+        const data = await this.storage.get(key);
+        if (!data) return null;
+
+        return {
+            ...data,
+            expires_at: new Date(data.expires_at),
+            created_at: new Date(data.created_at),
+        };
+    }
+
+    async deleteRefreshToken(token: string): Promise<void> {
+        const key = this.getTokenKey('refresh_token', token);
+
+        // 获取令牌数据以清理索引
+        const tokenData = await this.storage.get(key);
+        if (tokenData) {
+            const userClientKey = this.getUserClientKey('refresh_tokens', tokenData.user_id, tokenData.client_id);
+            const tokens = await this.storage.get<string[]>(userClientKey) || [];
+            const filteredTokens = tokens.filter(t => t !== token);
+
+            if (filteredTokens.length > 0) {
+                await this.storage.set(userClientKey, filteredTokens);
+            } else {
+                await this.storage.delete(userClientKey);
+            }
+        }
+
+        await this.storage.delete(key);
+    }
+
+    // ID令牌管理
+    async storeIDToken(token: IDToken): Promise<void> {
+        const key = this.getTokenKey('id_token', token.token);
+        const ttl = Math.floor((token.expires_at.getTime() - Date.now()) / 1000);
+
+        const data = {
+            ...token,
+            expires_at: token.expires_at.toISOString(),
+            created_at: token.created_at.toISOString(),
+        };
+
+        await this.storage.set(key, data, Math.max(ttl, 1));
+    }
+
+    async getIDToken(token: string): Promise<IDToken | null> {
+        const key = this.getTokenKey('id_token', token);
+        const data = await this.storage.get(key);
+        if (!data) return null;
+
+        return {
+            ...data,
+            expires_at: new Date(data.expires_at),
+            created_at: new Date(data.created_at),
+        };
+    }
+
+    async deleteIDToken(token: string): Promise<void> {
+        const key = this.getTokenKey('id_token', token);
+        await this.storage.delete(key);
+    }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/auth/utils/cookie-utils.ts b/packages/oidc-provider/src/auth/utils/cookie-utils.ts
new file mode 100644
index 0000000..18a754b
--- /dev/null
+++ b/packages/oidc-provider/src/auth/utils/cookie-utils.ts
@@ -0,0 +1,121 @@
+import type { Context } from 'hono';
+
+/**
+ * Cookie配置接口
+ */
+export interface CookieConfig {
+  /** Cookie名称 */
+  name: string;
+  /** 过期时间（秒） */
+  maxAge?: number;
+  /** 路径 */
+  path?: string;
+  /** 域名 */
+  domain?: string;
+  /** 是否安全连接 */
+  secure?: boolean;
+  /** HttpOnly标志 */
+  httpOnly?: boolean;
+  /** SameSite属性 */
+  sameSite?: 'Strict' | 'Lax' | 'None';
+}
+
+/**
+ * Cookie工具类
+ */
+export class CookieUtils {
+  private static readonly DEFAULT_SESSION_COOKIE_NAME = 'oidc-session';
+  private static readonly DEFAULT_MAX_AGE = 24 * 60 * 60; // 24小时
+
+  /**
+   * 设置Cookie
+   */
+  static setCookie(c: Context, value: string, config: Partial<CookieConfig> = {}): void {
+    const {
+      name = this.DEFAULT_SESSION_COOKIE_NAME,
+      maxAge = this.DEFAULT_MAX_AGE,
+      path = '/',
+      secure = process.env.NODE_ENV === 'production',
+      httpOnly = true,
+      sameSite = process.env.NODE_ENV === 'production' ? 'None' : 'Lax'
+    } = config;
+
+    const cookieParts = [
+      `${name}=${encodeURIComponent(value)}`,
+      `Path=${path}`,
+      `Max-Age=${maxAge}`
+    ];
+
+    if (httpOnly) cookieParts.push('HttpOnly');
+    if (secure) cookieParts.push('Secure');
+    cookieParts.push(`SameSite=${sameSite}`);
+
+    c.header('Set-Cookie', cookieParts.join('; '));
+  }
+
+  /**
+   * 设置会话Cookie
+   */
+  static setSessionCookie(c: Context, sessionId: string, maxAge?: number): void {
+    this.setCookie(c, sessionId, {
+      name: this.DEFAULT_SESSION_COOKIE_NAME,
+      maxAge: maxAge || this.DEFAULT_MAX_AGE
+    });
+  }
+
+  /**
+   * 清除Cookie
+   */
+  static clearCookie(c: Context, name: string = this.DEFAULT_SESSION_COOKIE_NAME): void {
+    this.setCookie(c, '', {
+      name,
+      maxAge: 0
+    });
+  }
+
+  /**
+   * 清除会话Cookie
+   */
+  static clearSessionCookie(c: Context): void {
+    this.clearCookie(c, this.DEFAULT_SESSION_COOKIE_NAME);
+  }
+
+  /**
+   * 获取Cookie值
+   */
+  static getCookie(c: Context, name: string): string | null {
+    const cookieHeader = c.req.header('Cookie');
+    if (!cookieHeader) return null;
+
+    const regex = new RegExp(`(?:^|; )${name}=([^;]*)`);
+    const match = cookieHeader.match(regex);
+    
+    return match && match[1] ? decodeURIComponent(match[1]) : null;
+  }
+
+  /**
+   * 获取会话ID从Cookie
+   */
+  static getSessionIdFromCookie(c: Context): string | null {
+    return this.getCookie(c, this.DEFAULT_SESSION_COOKIE_NAME);
+  }
+
+  /**
+   * 解析所有Cookie
+   */
+  static parseAllCookies(c: Context): Record<string, string> {
+    const cookieHeader = c.req.header('Cookie');
+    if (!cookieHeader) return {};
+
+    const cookies: Record<string, string> = {};
+    
+    cookieHeader.split(';').forEach(cookie => {
+      const [name, ...rest] = cookie.trim().split('=');
+      if (name && rest.length > 0) {
+        cookies[name] = decodeURIComponent(rest.join('='));
+      }
+    });
+
+    return cookies;
+  }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/auth/utils/html-templates.ts b/packages/oidc-provider/src/auth/utils/html-templates.ts
new file mode 100644
index 0000000..4f6f057
--- /dev/null
+++ b/packages/oidc-provider/src/auth/utils/html-templates.ts
@@ -0,0 +1,341 @@
+import type { AuthorizationRequest } from '../../types';
+
+/**
+ * 页面配置接口
+ */
+export interface PageConfig {
+    /** 页面标题 */
+    title?: string;
+    /** 品牌名称 */
+    brandName?: string;
+    /** 自定义CSS */
+    customCSS?: string;
+    /** 自定义Logo URL */
+    logoUrl?: string;
+}
+
+/**
+ * HTML模板工具类
+ */
+export class HtmlTemplates {
+    private static readonly DEFAULT_TITLE = '用户登录';
+    private static readonly DEFAULT_BRAND_NAME = 'OIDC Provider';
+
+    /**
+     * 生成登录页面HTML
+     */
+    static generateLoginPage(
+        authRequest: AuthorizationRequest,
+        config: PageConfig = {},
+        error?: string
+    ): string {
+        const {
+            title = this.DEFAULT_TITLE,
+            brandName = this.DEFAULT_BRAND_NAME,
+            customCSS = '',
+            logoUrl
+        } = config;
+
+        return `
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>${this.escapeHtml(title)}</title>
+    <style>
+        ${this.getDefaultStyles()}
+        ${customCSS}
+    </style>
+</head>
+<body>
+    <div class="login-container">
+        <div class="login-header">
+            ${logoUrl ? `<img src="${this.escapeHtml(logoUrl)}" alt="Logo" class="logo" />` : ''}
+            <h1>${this.escapeHtml(brandName)}</h1>
+            <p>请登录以继续访问应用</p>
+        </div>
+        
+        <form class="login-form" method="POST" action="/oidc/login">
+            ${error ? `<div class="error-message">${this.escapeHtml(error)}</div>` : ''}
+            
+            <div class="client-info">
+                <h3>应用授权</h3>
+                <p>应用 <strong>${this.escapeHtml(authRequest.client_id)}</strong> 请求访问您的账户信息</p>
+                <p class="scope-info">权限范围: <code>${this.escapeHtml(authRequest.scope)}</code></p>
+            </div>
+            
+            <div class="form-group">
+                <label for="username">用户名</label>
+                <input type="text" id="username" name="username" required autocomplete="username" />
+            </div>
+            
+            <div class="form-group">
+                <label for="password">密码</label>
+                <input type="password" id="password" name="password" required autocomplete="current-password" />
+            </div>
+            
+            <div class="checkbox-group">
+                <input type="checkbox" id="remember_me" name="remember_me" />
+                <label for="remember_me">记住我</label>
+            </div>
+            
+            ${this.generateHiddenFields(authRequest)}
+            
+            <button type="submit" class="login-button">登录</button>
+        </form>
+    </div>
+</body>
+</html>`;
+    }
+
+    /**
+     * 生成错误页面HTML
+     */
+    static generateErrorPage(
+        error: string,
+        description?: string,
+        config: PageConfig = {}
+    ): string {
+        const {
+            title = '认证错误',
+            brandName = this.DEFAULT_BRAND_NAME
+        } = config;
+
+        return `
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>${this.escapeHtml(title)}</title>
+    <style>
+        ${this.getDefaultStyles()}
+        .error-container {
+            max-width: 500px;
+            margin: 2rem auto;
+            padding: 2rem;
+            background: white;
+            border-radius: 12px;
+            box-shadow: 0 10px 30px rgba(0, 0, 0, 0.1);
+            text-align: center;
+        }
+        .error-icon {
+            font-size: 3rem;
+            color: #dc2626;
+            margin-bottom: 1rem;
+        }
+    </style>
+</head>
+<body>
+    <div class="error-container">
+        <div class="error-icon">⚠️</div>
+        <h1>${this.escapeHtml(brandName)}</h1>
+        <h2>认证失败</h2>
+        <div class="error-message">
+            <strong>${this.escapeHtml(error)}</strong>
+            ${description ? `<p>${this.escapeHtml(description)}</p>` : ''}
+        </div>
+        <button onclick="history.back()" class="login-button" style="margin-top: 1rem;">返回</button>
+    </div>
+</body>
+</html>`;
+    }
+
+    /**
+     * 获取默认样式
+     */
+    private static getDefaultStyles(): string {
+        return `
+        * {
+            margin: 0;
+            padding: 0;
+            box-sizing: border-box;
+        }
+        
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', sans-serif;
+            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+            min-height: 100vh;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            padding: 20px;
+        }
+        
+        .login-container {
+            background: white;
+            border-radius: 12px;
+            box-shadow: 0 10px 30px rgba(0, 0, 0, 0.1);
+            overflow: hidden;
+            max-width: 400px;
+            width: 100%;
+        }
+        
+        .login-header {
+            background: #4f46e5;
+            color: white;
+            padding: 2rem;
+            text-align: center;
+        }
+        
+        .logo {
+            max-width: 60px;
+            height: auto;
+            margin-bottom: 1rem;
+            border-radius: 8px;
+        }
+        
+        .login-header h1 {
+            font-size: 1.5rem;
+            margin-bottom: 0.5rem;
+        }
+        
+        .login-header p {
+            opacity: 0.9;
+            font-size: 0.875rem;
+        }
+        
+        .login-form {
+            padding: 2rem;
+        }
+        
+        .form-group {
+            margin-bottom: 1.5rem;
+        }
+        
+        .form-group label {
+            display: block;
+            margin-bottom: 0.5rem;
+            font-weight: 500;
+            color: #374151;
+        }
+        
+        .form-group input {
+            width: 100%;
+            padding: 0.75rem;
+            border: 1px solid #d1d5db;
+            border-radius: 6px;
+            font-size: 1rem;
+            transition: border-color 0.2s, box-shadow 0.2s;
+        }
+        
+        .form-group input:focus {
+            outline: none;
+            border-color: #4f46e5;
+            box-shadow: 0 0 0 3px rgba(79, 70, 229, 0.1);
+        }
+        
+        .checkbox-group {
+            display: flex;
+            align-items: center;
+            margin-bottom: 1.5rem;
+        }
+        
+        .checkbox-group input {
+            margin-right: 0.5rem;
+        }
+        
+        .checkbox-group label {
+            margin: 0;
+            font-weight: normal;
+            font-size: 0.875rem;
+            color: #6b7280;
+            cursor: pointer;
+        }
+        
+        .login-button {
+            width: 100%;
+            background: #4f46e5;
+            color: white;
+            border: none;
+            border-radius: 6px;
+            padding: 0.75rem;
+            font-size: 1rem;
+            font-weight: 500;
+            cursor: pointer;
+            transition: background-color 0.2s;
+        }
+        
+        .login-button:hover {
+            background: #4338ca;
+        }
+        
+        .login-button:active {
+            background: #3730a3;
+        }
+        
+        .error-message {
+            background: #fee2e2;
+            border: 1px solid #fecaca;
+            color: #dc2626;
+            padding: 0.75rem;
+            border-radius: 6px;
+            margin-bottom: 1.5rem;
+            font-size: 0.875rem;
+        }
+        
+        .client-info {
+            background: #f9fafb;
+            border: 1px solid #e5e7eb;
+            border-radius: 6px;
+            padding: 1rem;
+            margin-bottom: 1.5rem;
+        }
+        
+        .client-info h3 {
+            font-size: 0.875rem;
+            font-weight: 600;
+            color: #374151;
+            margin-bottom: 0.5rem;
+        }
+        
+        .client-info p {
+            font-size: 0.75rem;
+            color: #6b7280;
+            margin-bottom: 0.25rem;
+        }
+        
+        .scope-info code {
+            background: #e5e7eb;
+            padding: 0.125rem 0.25rem;
+            border-radius: 3px;
+            font-size: 0.7rem;
+        }
+    `;
+    }
+
+    /**
+     * 生成隐藏字段
+     */
+    private static generateHiddenFields(authRequest: AuthorizationRequest): string {
+        const fields = [
+            { name: 'response_type', value: authRequest.response_type },
+            { name: 'client_id', value: authRequest.client_id },
+            { name: 'redirect_uri', value: authRequest.redirect_uri },
+            { name: 'scope', value: authRequest.scope },
+        ];
+
+        // 可选字段
+        if (authRequest.state) fields.push({ name: 'state', value: authRequest.state });
+        if (authRequest.nonce) fields.push({ name: 'nonce', value: authRequest.nonce });
+        if (authRequest.code_challenge) fields.push({ name: 'code_challenge', value: authRequest.code_challenge });
+        if (authRequest.code_challenge_method) fields.push({ name: 'code_challenge_method', value: authRequest.code_challenge_method });
+
+        return fields
+            .map(field => `<input type="hidden" name="${this.escapeHtml(field.name)}" value="${this.escapeHtml(field.value)}" />`)
+            .join('\n            ');
+    }
+
+    /**
+     * 转义HTML字符
+     */
+    private static escapeHtml(unsafe: string): string {
+        return unsafe
+            .replace(/&/g, '&amp;')
+            .replace(/</g, '&lt;')
+            .replace(/>/g, '&gt;')
+            .replace(/"/g, '&quot;')
+            .replace(/'/g, '&#039;');
+    }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/index.ts b/packages/oidc-provider/src/index.ts
new file mode 100644
index 0000000..db6c9c7
--- /dev/null
+++ b/packages/oidc-provider/src/index.ts
@@ -0,0 +1,60 @@
+// 核心类
+export { OIDCProvider } from './provider';
+
+// 类型定义
+export type {
+    OIDCProviderConfig,
+    OIDCClient,
+    OIDCUser,
+    AuthorizationCode,
+    AccessToken,
+    RefreshToken,
+    IDToken,
+    AuthorizationRequest,
+    TokenRequest,
+    TokenResponse,
+    OIDCError,
+    DiscoveryDocument,
+    UserSession,
+    LoginCredentials,
+    PasswordValidator,
+} from './types';
+
+// 存储适配器接口和示例实现
+export type { StorageAdapter } from './storage';
+export { RedisStorageAdapter } from './storage';
+
+// Hono中间件
+export {
+    createOIDCProvider,
+    oidcProvider,
+    getOIDCProvider
+} from './middleware/hono';
+
+// 导出中间件配置类型
+export type {
+    OIDCHonoOptions
+} from './middleware/hono';
+
+// 工具类
+export { JWTUtils } from './utils/jwt';
+export { PKCEUtils } from './utils/pkce';
+export { ValidationUtils } from './utils/validation';
+
+// 认证模块
+export {
+    AuthManager,
+    PasswordAuthStrategy,
+    CookieUtils,
+    HtmlTemplates,
+    SessionManager,
+    TokenManager
+} from './auth';
+
+export type {
+    AuthManagerConfig,
+    PasswordAuthConfig,
+    AuthenticationResult,
+    CookieConfig,
+    PageConfig
+} from './auth'; 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/middleware/hono.ts b/packages/oidc-provider/src/middleware/hono.ts
new file mode 100644
index 0000000..d4b2293
--- /dev/null
+++ b/packages/oidc-provider/src/middleware/hono.ts
@@ -0,0 +1,335 @@
+import { Hono } from 'hono';
+import type { Context, Next } from 'hono';
+import { OIDCProvider } from '../provider';
+import type { OIDCProviderConfig, AuthorizationRequest, TokenRequest } from '../types';
+import { AuthManager, type PasswordValidator } from '../auth';
+
+/**
+ * OIDC Provider配置选项
+ */
+export interface OIDCHonoOptions {
+    /** OIDC Provider配置 */
+    config: OIDCProviderConfig;
+    /** 密码验证器 - 用于验证用户名和密码 */
+    passwordValidator: PasswordValidator;
+    /** 认证配置选项 */
+    authConfig?: {
+        /** 会话TTL（秒） */
+        sessionTTL?: number;
+        /** 登录页面标题 */
+        loginPageTitle?: string;
+        /** 品牌名称 */
+        brandName?: string;
+        /** 品牌Logo URL */
+        logoUrl?: string;
+    };
+}
+
+/**
+ * 创建OIDC Provider Hono应用
+ */
+export function createOIDCProvider(options: OIDCHonoOptions): Hono {
+    const { config, passwordValidator, authConfig = {} } = options;
+
+    // 创建认证管理器
+    const authManager = new AuthManager(
+        config,
+        passwordValidator,
+        {
+            sessionTTL: authConfig.sessionTTL,
+            pageConfig: {
+                title: authConfig.loginPageTitle,
+                brandName: authConfig.brandName,
+                logoUrl: authConfig.logoUrl
+            }
+        }
+    );
+
+    const app = new Hono();
+    const provider = new OIDCProvider(config);
+
+    // 登录端点
+    app.post('/login', async (c: Context) => {
+        // 从表单中提取授权参数
+        const formData = await c.req.formData();
+        const authRequest = {
+            response_type: formData.get('response_type')?.toString() || '',
+            client_id: formData.get('client_id')?.toString() || '',
+            redirect_uri: formData.get('redirect_uri')?.toString() || '',
+            scope: formData.get('scope')?.toString() || '',
+            state: formData.get('state')?.toString(),
+            nonce: formData.get('nonce')?.toString(),
+            code_challenge: formData.get('code_challenge')?.toString(),
+            code_challenge_method: formData.get('code_challenge_method')?.toString() as 'plain' | 'S256' | undefined,
+        };
+
+        return await authManager.handleLogin(c, authRequest);
+    });
+
+    // 登出端点
+    app.get('/logout', async (c: Context) => {
+        return await authManager.logout(c);
+    });
+
+    app.post('/logout', async (c: Context) => {
+        return await authManager.logout(c);
+    });
+
+    // 发现文档端点
+    app.get('/.well-known/openid-configuration', async (c: Context) => {
+        const discovery = provider.getDiscoveryDocument();
+        return c.json(discovery);
+    });
+
+    // JWKS端点
+    app.get('/.well-known/jwks.json', async (c: Context) => {
+        const jwks = await provider.getJWKS();
+        return c.json(jwks);
+    });
+
+    // 授权端点 - 使用认证管理器
+    app.get('/auth', async (c: Context) => {
+        const query = c.req.query();
+
+        const authRequest: AuthorizationRequest = {
+            response_type: query.response_type || '',
+            client_id: query.client_id || '',
+            redirect_uri: query.redirect_uri || '',
+            scope: query.scope || '',
+            state: query.state,
+            nonce: query.nonce,
+            code_challenge: query.code_challenge,
+            code_challenge_method: query.code_challenge_method as 'plain' | 'S256' | undefined,
+            prompt: query.prompt,
+            max_age: query.max_age ? parseInt(query.max_age) : undefined,
+            id_token_hint: query.id_token_hint,
+            login_hint: query.login_hint,
+            acr_values: query.acr_values,
+        };
+
+        // 检查用户认证状态
+        const userId = await authManager.getCurrentUser(c);
+        if (!userId) {
+            // 用户未认证，显示登录页面
+            return await authManager.handleAuthenticationRequired(c, authRequest);
+        }
+
+        // 用户已认证，处理授权请求
+        const result = await provider.handleAuthorizationRequest(authRequest, userId);
+
+        if (!result.success) {
+            const error = result.error;
+            const errorParams = new URLSearchParams({
+                error: error.error,
+                ...(error.error_description && { error_description: error.error_description }),
+                ...(error.error_uri && { error_uri: error.error_uri }),
+                ...(error.state && { state: error.state }),
+            });
+
+            const redirectUri = result.redirectUri || query.redirect_uri;
+            if (redirectUri) {
+                return c.redirect(`${redirectUri}?${errorParams.toString()}`);
+            } else {
+                c.status(400);
+                return c.json({
+                    error: error.error,
+                    error_description: error.error_description,
+                });
+            }
+        }
+
+        // 成功生成授权码，重定向回客户端
+        const params = new URLSearchParams({
+            code: result.code,
+            ...(query.state && { state: query.state }),
+        });
+
+        return c.redirect(`${result.redirectUri}?${params.toString()}`);
+    });
+
+    // 令牌端点
+    app.post('/token', async (c: Context) => {
+        const body = await c.req.formData();
+        // 将可选字段的类型处理为可选的而不是undefined
+        const clientId = body.get('client_id')?.toString();
+        const tokenRequest: TokenRequest = {
+            grant_type: body.get('grant_type')?.toString() || '',
+            client_id: clientId || '',
+        };
+        // 可选参数，只有存在时才添加
+        const code = body.get('code')?.toString();
+        if (code) tokenRequest.code = code;
+
+        const redirectUri = body.get('redirect_uri')?.toString();
+        if (redirectUri) tokenRequest.redirect_uri = redirectUri;
+
+        const clientSecret = body.get('client_secret')?.toString();
+        if (clientSecret) tokenRequest.client_secret = clientSecret;
+
+        const refreshToken = body.get('refresh_token')?.toString();
+        if (refreshToken) tokenRequest.refresh_token = refreshToken;
+
+        const codeVerifier = body.get('code_verifier')?.toString();
+        if (codeVerifier) tokenRequest.code_verifier = codeVerifier;
+
+        const scope = body.get('scope')?.toString();
+        if (scope) tokenRequest.scope = scope;
+
+        // 客户端认证
+        const authHeader = c.req.header('Authorization');
+        if (authHeader?.startsWith('Basic ')) {
+            const decoded = atob(authHeader.substring(6));
+            const [headerClientId, headerClientSecret] = decoded.split(':');
+            if (headerClientId) {
+                tokenRequest.client_id = headerClientId;
+            }
+            if (headerClientSecret) {
+                tokenRequest.client_secret = headerClientSecret;
+            }
+        }
+
+        // 请求令牌
+        const result = await provider.handleTokenRequest(tokenRequest);
+
+        if (!result.success) {
+            c.status(400);
+            return c.json({
+                error: result.error.error,
+                error_description: result.error.error_description,
+            });
+        }
+
+        return c.json(result.response);
+    });
+
+    // 用户信息端点
+    app.get('/userinfo', async (c: Context) => {
+        const authHeader = c.req.header('Authorization');
+        if (!authHeader || !authHeader.startsWith('Bearer ')) {
+            c.status(401);
+            c.header('WWW-Authenticate', 'Bearer');
+            return c.json({
+                error: 'invalid_token',
+                error_description: '无效的访问令牌',
+            });
+        }
+
+        const accessToken = authHeader.substring(7);
+        const result = await provider.getUserInfo(accessToken);
+
+        if (!result.success) {
+            c.status(401);
+            c.header('WWW-Authenticate', `Bearer error="${result.error.error}"`);
+            return c.json({
+                error: result.error.error,
+                error_description: result.error.error_description,
+            });
+        }
+
+        return c.json(result.user);
+    });
+
+    // 令牌撤销端点
+    app.post('/revoke', async (c: Context) => {
+        const body = await c.req.formData();
+
+        const token = body.get('token')?.toString() || '';
+        const tokenTypeHint = body.get('token_type_hint')?.toString();
+        const clientId = body.get('client_id')?.toString();
+        const clientSecret = body.get('client_secret')?.toString();
+
+        if (!token) {
+            c.status(400);
+            return c.json({
+                error: 'invalid_request',
+                error_description: '缺少token参数',
+            });
+        }
+
+        // 客户端认证
+        let authClientId = clientId;
+        let authClientSecret = clientSecret;
+
+        const authHeader = c.req.header('Authorization');
+        if (authHeader?.startsWith('Basic ')) {
+            const decoded = atob(authHeader.substring(6));
+            const [id, secret] = decoded.split(':');
+            authClientId = id;
+            authClientSecret = secret;
+        }
+
+        // 撤销令牌
+        const result = await provider.revokeToken(token, tokenTypeHint);
+
+        if (!result.success && result.error) {
+            c.status(400);
+            return c.json({
+                error: result.error.error,
+                error_description: result.error.error_description,
+            });
+        }
+
+        // 撤销成功
+        c.status(200);
+        return c.body(null);
+    });
+
+    // 令牌内省端点
+    app.post('/introspect', async (c: Context) => {
+        const body = await c.req.formData();
+
+        const token = body.get('token')?.toString() || '';
+        const tokenTypeHint = body.get('token_type_hint')?.toString();
+        const clientId = body.get('client_id')?.toString();
+        const clientSecret = body.get('client_secret')?.toString();
+
+        if (!token) {
+            c.status(400);
+            return c.json({
+                error: 'invalid_request',
+                error_description: '缺少token参数',
+            });
+        }
+
+        // 客户端认证
+        let authClientId = clientId;
+        let authClientSecret = clientSecret;
+
+        const authHeader = c.req.header('Authorization');
+        if (authHeader?.startsWith('Basic ')) {
+            const decoded = atob(authHeader.substring(6));
+            const [id, secret] = decoded.split(':');
+            authClientId = id;
+            authClientSecret = secret;
+        }
+
+        // 内省令牌
+        const result = await provider.introspectToken(token);
+
+        // 返回内省结果
+        return c.json(result);
+    });
+
+    // 返回应用实例
+    return app;
+}
+
+/**
+ * OIDC Provider中间件
+ */
+export function oidcProvider(config: OIDCProviderConfig) {
+    const provider = new OIDCProvider(config);
+
+    return (c: Context, next: Next) => {
+        c.set('oidc:provider', provider);
+        return next();
+    };
+}
+
+/**
+ * 获取OIDC Provider实例
+ */
+export function getOIDCProvider(c: Context): OIDCProvider {
+    return c.get('oidc:provider');
+}
+
diff --git a/packages/oidc-provider/src/provider.ts b/packages/oidc-provider/src/provider.ts
new file mode 100644
index 0000000..dfc99cf
--- /dev/null
+++ b/packages/oidc-provider/src/provider.ts
@@ -0,0 +1,932 @@
+import { nanoid } from 'nanoid';
+import type {
+    OIDCProviderConfig,
+    OIDCClient,
+    OIDCUser,
+    AuthorizationCode,
+    AccessToken,
+    RefreshToken,
+    IDToken,
+    AuthorizationRequest,
+    TokenRequest,
+    TokenResponse,
+    OIDCError,
+    DiscoveryDocument,
+} from './types';
+import type { StorageAdapter } from './storage/adapter';
+import { TokenManager } from './auth/token-manager';
+import { JWTUtils } from './utils/jwt';
+import { PKCEUtils } from './utils/pkce';
+import { ValidationUtils } from './utils/validation';
+
+/**
+ * OIDC Provider核心类
+ */
+export class OIDCProvider {
+    private config: OIDCProviderConfig & {
+        tokenTTL: {
+            accessToken: number;
+            refreshToken: number;
+            authorizationCode: number;
+            idToken: number;
+        };
+        responseTypes: string[];
+        grantTypes: string[];
+        scopes: string[];
+        claims: string[];
+        enablePKCE: boolean;
+        requirePKCE: boolean;
+        rotateRefreshTokens: boolean;
+    };
+    private storage: StorageAdapter;
+    private tokenManager: TokenManager;
+    private jwtUtils: JWTUtils;
+    private findUser: (userId: string) => Promise<OIDCUser | null>;
+    private findClient: (clientId: string) => Promise<OIDCClient | null>;
+
+    constructor(config: OIDCProviderConfig) {
+        // 设置默认配置
+        const defaultTokenTTL = {
+            accessToken: 3600, // 1小时
+            refreshToken: 30 * 24 * 3600, // 30天
+            authorizationCode: 600, // 10分钟
+            idToken: 3600, // 1小时
+        };
+
+        this.config = {
+            ...config,
+            tokenTTL: {
+                ...defaultTokenTTL,
+                ...config.tokenTTL,
+            },
+            responseTypes: config.responseTypes || ['code', 'id_token', 'token', 'code id_token', 'code token', 'id_token token', 'code id_token token'],
+            grantTypes: config.grantTypes || ['authorization_code', 'refresh_token', 'implicit'],
+            scopes: config.scopes || ['openid', 'profile', 'email', 'phone', 'address'],
+            claims: config.claims || [
+                'sub', 'name', 'given_name', 'family_name', 'middle_name', 'nickname',
+                'preferred_username', 'profile', 'picture', 'website', 'email',
+                'email_verified', 'gender', 'birthdate', 'zoneinfo', 'locale',
+                'phone_number', 'phone_number_verified', 'address', 'updated_at'
+            ],
+            enablePKCE: config.enablePKCE ?? true,
+            requirePKCE: config.requirePKCE ?? false,
+            rotateRefreshTokens: config.rotateRefreshTokens ?? true,
+        };
+
+        this.storage = config.storage;
+        this.tokenManager = new TokenManager(config.storage);
+        this.findUser = config.findUser;
+        this.findClient = config.findClient;
+        this.jwtUtils = new JWTUtils(config.signingKey, config.signingAlgorithm);
+    }
+
+    /**
+     * 获取发现文档
+     */
+    getDiscoveryDocument(): DiscoveryDocument {
+        const baseUrl = this.config.issuer;
+
+        return {
+            issuer: this.config.issuer,
+            authorization_endpoint: `${baseUrl}/auth`,
+            token_endpoint: `${baseUrl}/token`,
+            userinfo_endpoint: `${baseUrl}/userinfo`,
+            jwks_uri: `${baseUrl}/.well-known/jwks.json`,
+            registration_endpoint: `${baseUrl}/register`,
+            revocation_endpoint: `${baseUrl}/revoke`,
+            introspection_endpoint: `${baseUrl}/introspect`,
+            end_session_endpoint: `${baseUrl}/logout`,
+            response_types_supported: this.config.responseTypes,
+            grant_types_supported: this.config.grantTypes,
+            scopes_supported: this.config.scopes,
+            claims_supported: this.config.claims,
+            token_endpoint_auth_methods_supported: ['client_secret_basic', 'client_secret_post', 'none'],
+            id_token_signing_alg_values_supported: ['HS256', 'RS256', 'ES256'],
+            subject_types_supported: ['public'],
+            code_challenge_methods_supported: this.config.enablePKCE ? ['plain', 'S256'] : undefined,
+            response_modes_supported: ['query', 'fragment', 'form_post'],
+            claims_parameter_supported: false,
+            request_parameter_supported: false,
+            request_uri_parameter_supported: false,
+            require_request_uri_registration: false,
+        };
+    }
+
+    /**
+     * 处理授权请求
+     */
+    async handleAuthorizationRequest(
+        request: Partial<AuthorizationRequest>,
+        userId?: string
+    ): Promise<{ success: true; code: string; redirectUri: string } | { success: false; error: OIDCError; redirectUri?: string }> {
+        try {
+            // 获取客户端信息
+            if (!request.client_id) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_request',
+                        error_description: 'Missing client_id parameter',
+                        state: request.state,
+                    },
+                };
+            }
+
+            const client = await this.findClient(request.client_id);
+            if (!client) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_client',
+                        error_description: 'Invalid client_id',
+                        state: request.state,
+                    },
+                };
+            }
+
+            // 验证请求
+            const validation = ValidationUtils.validateAuthorizationRequest(
+                request,
+                client,
+                this.config.scopes,
+                this.config.responseTypes
+            );
+
+            if (!validation.valid) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_request',
+                        error_description: validation.errors.join(', '),
+                        state: request.state,
+                    },
+                    redirectUri: request.redirect_uri,
+                };
+            }
+
+            // 检查是否需要用户认证
+            if (!userId) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'login_required',
+                        error_description: 'User authentication is required',
+                        state: request.state,
+                    },
+                    redirectUri: request.redirect_uri,
+                };
+            }
+
+            // 强制PKCE检查
+            if (this.config.requirePKCE && client.client_type === 'public' && !request.code_challenge) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_request',
+                        error_description: 'PKCE is required for public clients',
+                        state: request.state,
+                    },
+                    redirectUri: request.redirect_uri,
+                };
+            }
+
+            // 验证PKCE（如果启用且提供了代码挑战）
+            if (this.config.enablePKCE && request.code_challenge) {
+                if (!request.code_challenge_method) {
+                    return {
+                        success: false,
+                        error: {
+                            error: 'invalid_request',
+                            error_description: 'Missing code_challenge_method',
+                            state: request.state,
+                        },
+                        redirectUri: request.redirect_uri,
+                    };
+                }
+
+                if (!PKCEUtils.isSupportedMethod(request.code_challenge_method)) {
+                    return {
+                        success: false,
+                        error: {
+                            error: 'invalid_request',
+                            error_description: 'Unsupported code_challenge_method',
+                            state: request.state,
+                        },
+                        redirectUri: request.redirect_uri,
+                    };
+                }
+
+                if (!PKCEUtils.isValidCodeChallenge(request.code_challenge, request.code_challenge_method)) {
+                    return {
+                        success: false,
+                        error: {
+                            error: 'invalid_request',
+                            error_description: 'Invalid code_challenge',
+                            state: request.state,
+                        },
+                        redirectUri: request.redirect_uri,
+                    };
+                }
+            }
+
+            // 生成授权码
+            const code = nanoid(32);
+            const now = new Date();
+            const expiresAt = new Date(now.getTime() + this.config.tokenTTL.authorizationCode * 1000);
+
+            const authCode: AuthorizationCode = {
+                code,
+                client_id: request.client_id,
+                user_id: userId,
+                redirect_uri: request.redirect_uri!,
+                scope: request.scope!,
+                code_challenge: request.code_challenge,
+                code_challenge_method: request.code_challenge_method,
+                nonce: request.nonce,
+                state: request.state,
+                expires_at: expiresAt,
+                created_at: now,
+            };
+
+            await this.tokenManager.storeAuthorizationCode(authCode);
+
+            return {
+                success: true,
+                code,
+                redirectUri: request.redirect_uri!,
+            };
+        } catch (error) {
+            return {
+                success: false,
+                error: {
+                    error: 'server_error',
+                    error_description: 'Internal server error',
+                    state: request.state,
+                },
+                redirectUri: request.redirect_uri,
+            };
+        }
+    }
+
+    /**
+     * 处理令牌请求
+     */
+    async handleTokenRequest(
+        request: Partial<TokenRequest>
+    ): Promise<{ success: true; response: TokenResponse } | { success: false; error: OIDCError }> {
+        try {
+            // 获取客户端信息
+            if (!request.client_id) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_request',
+                        error_description: 'Missing client_id parameter',
+                    },
+                };
+            }
+
+            const client = await this.findClient(request.client_id);
+            if (!client) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_client',
+                        error_description: 'Invalid client_id',
+                    },
+                };
+            }
+
+            // 验证客户端认证（如果需要）
+            if (client.client_type === 'confidential') {
+                if (!request.client_secret) {
+                    return {
+                        success: false,
+                        error: {
+                            error: 'invalid_client',
+                            error_description: 'Client authentication required',
+                        },
+                    };
+                }
+
+                if (request.client_secret !== client.client_secret) {
+                    return {
+                        success: false,
+                        error: {
+                            error: 'invalid_client',
+                            error_description: 'Invalid client credentials',
+                        },
+                    };
+                }
+            }
+
+            // 验证请求
+            const validation = ValidationUtils.validateTokenRequest(
+                request,
+                client,
+                this.config.grantTypes
+            );
+
+            if (!validation.valid) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_request',
+                        error_description: validation.errors.join(', '),
+                    },
+                };
+            }
+
+            if (request.grant_type === 'authorization_code') {
+                return await this.handleAuthorizationCodeGrant(request, client);
+            } else if (request.grant_type === 'refresh_token') {
+                return await this.handleRefreshTokenGrant(request, client);
+            } else {
+                return {
+                    success: false,
+                    error: {
+                        error: 'unsupported_grant_type',
+                        error_description: 'Grant type not supported',
+                    },
+                };
+            }
+        } catch (error) {
+            return {
+                success: false,
+                error: {
+                    error: 'server_error',
+                    error_description: 'Internal server error',
+                },
+            };
+        }
+    }
+
+    /**
+     * 处理授权码授权类型
+     */
+    private async handleAuthorizationCodeGrant(
+        request: Partial<TokenRequest>,
+        client: OIDCClient
+    ): Promise<{ success: true; response: TokenResponse } | { success: false; error: OIDCError }> {
+        if (!request.code) {
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_request',
+                    error_description: 'Missing authorization code',
+                },
+            };
+        }
+
+        // 获取授权码
+        const authCode = await this.tokenManager.getAuthorizationCode(request.code);
+        if (!authCode) {
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_grant',
+                    error_description: 'Invalid authorization code',
+                },
+            };
+        }
+
+        // 检查授权码是否过期
+        if (authCode.expires_at < new Date()) {
+            await this.tokenManager.deleteAuthorizationCode(request.code);
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_grant',
+                    error_description: 'Authorization code expired',
+                },
+            };
+        }
+
+        // 验证客户端ID
+        if (authCode.client_id !== request.client_id) {
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_grant',
+                    error_description: 'Authorization code was not issued to this client',
+                },
+            };
+        }
+
+        // 验证重定向URI
+        if (authCode.redirect_uri !== request.redirect_uri) {
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_grant',
+                    error_description: 'Redirect URI mismatch',
+                },
+            };
+        }
+
+        // 验证PKCE（如果使用）
+        if (authCode.code_challenge) {
+            if (!request.code_verifier) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_request',
+                        error_description: 'Missing code_verifier',
+                    },
+                };
+            }
+
+            const isValidPKCE = PKCEUtils.verifyCodeChallenge(
+                request.code_verifier,
+                authCode.code_challenge,
+                authCode.code_challenge_method || 'plain'
+            );
+
+            if (!isValidPKCE) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_grant',
+                        error_description: 'Invalid code_verifier',
+                    },
+                };
+            }
+        }
+
+        // 获取用户信息
+        const user = await this.findUser(authCode.user_id);
+        if (!user) {
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_grant',
+                    error_description: 'User not found',
+                },
+            };
+        }
+
+        // 生成令牌
+        const now = new Date();
+        const accessTokenExpiry = new Date(now.getTime() + this.config.tokenTTL.accessToken * 1000);
+        const refreshTokenExpiry = new Date(now.getTime() + this.config.tokenTTL.refreshToken * 1000);
+        const idTokenExpiry = new Date(now.getTime() + this.config.tokenTTL.idToken * 1000);
+
+        // 生成访问令牌
+        const accessTokenJWT = await this.jwtUtils.generateAccessToken({
+            issuer: this.config.issuer,
+            subject: user.sub,
+            audience: request.client_id!,
+            clientId: request.client_id!,
+            scope: authCode.scope,
+            expiresIn: this.config.tokenTTL.accessToken,
+        });
+
+        const accessToken: AccessToken = {
+            token: accessTokenJWT,
+            client_id: request.client_id!,
+            user_id: user.sub,
+            scope: authCode.scope,
+            expires_at: accessTokenExpiry,
+            created_at: now,
+        };
+
+        // 生成刷新令牌
+        const refreshTokenValue = nanoid(64);
+        const refreshToken: RefreshToken = {
+            token: refreshTokenValue,
+            client_id: request.client_id!,
+            user_id: user.sub,
+            scope: authCode.scope,
+            expires_at: refreshTokenExpiry,
+            created_at: now,
+        };
+
+        // 生成ID令牌（如果请求了openid作用域）
+        let idTokenJWT: string | undefined;
+        if (authCode.scope.includes('openid')) {
+            const requestedClaims = this.getRequestedClaims(authCode.scope);
+
+            idTokenJWT = await this.jwtUtils.generateIDToken({
+                issuer: this.config.issuer,
+                subject: user.sub,
+                audience: request.client_id!,
+                user,
+                authTime: Math.floor(now.getTime() / 1000),
+                nonce: authCode.nonce,
+                expiresIn: this.config.tokenTTL.idToken,
+                requestedClaims,
+            });
+
+            const idToken: IDToken = {
+                token: idTokenJWT,
+                client_id: request.client_id!,
+                user_id: user.sub,
+                nonce: authCode.nonce,
+                expires_at: idTokenExpiry,
+                created_at: now,
+            };
+
+            await this.tokenManager.storeIDToken(idToken);
+        }
+
+        // 存储令牌
+        await this.tokenManager.storeAccessToken(accessToken);
+        await this.tokenManager.storeRefreshToken(refreshToken);
+
+        // 删除已使用的授权码
+        await this.tokenManager.deleteAuthorizationCode(request.code);
+
+        const response: TokenResponse = {
+            access_token: accessTokenJWT,
+            token_type: 'Bearer',
+            expires_in: this.config.tokenTTL.accessToken,
+            refresh_token: refreshTokenValue,
+            scope: authCode.scope,
+        };
+
+        if (idTokenJWT) {
+            response.id_token = idTokenJWT;
+        }
+
+        return {
+            success: true,
+            response,
+        };
+    }
+
+    /**
+     * 处理刷新令牌授权类型 - 修复以符合OIDC规范
+     */
+    private async handleRefreshTokenGrant(
+        request: Partial<TokenRequest>,
+        client: OIDCClient
+    ): Promise<{ success: true; response: TokenResponse } | { success: false; error: OIDCError }> {
+        if (!request.refresh_token) {
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_request',
+                    error_description: 'Missing refresh_token',
+                },
+            };
+        }
+
+        // 获取刷新令牌
+        const refreshToken = await this.tokenManager.getRefreshToken(request.refresh_token);
+        if (!refreshToken) {
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_grant',
+                    error_description: 'Invalid refresh_token',
+                },
+            };
+        }
+
+        // 检查刷新令牌是否过期
+        if (refreshToken.expires_at < new Date()) {
+            await this.tokenManager.deleteRefreshToken(request.refresh_token);
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_grant',
+                    error_description: 'Refresh token expired',
+                },
+            };
+        }
+
+        // 验证客户端ID
+        if (refreshToken.client_id !== request.client_id) {
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_grant',
+                    error_description: 'Refresh token was not issued to this client',
+                },
+            };
+        }
+
+        // 获取用户信息
+        const user = await this.findUser(refreshToken.user_id);
+        if (!user) {
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_grant',
+                    error_description: 'User not found',
+                },
+            };
+        }
+
+        // 确定作用域（使用请求的作用域或原始作用域）
+        let scope = refreshToken.scope;
+        if (request.scope) {
+            const requestedScopes = request.scope.split(' ');
+            const originalScopes = refreshToken.scope.split(' ');
+
+            // 请求的作用域不能超过原始作用域
+            if (!requestedScopes.every(s => originalScopes.includes(s))) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_scope',
+                        error_description: 'Requested scope exceeds original scope',
+                    },
+                };
+            }
+            scope = request.scope;
+        }
+
+        // 生成新的访问令牌
+        const now = new Date();
+        const accessTokenExpiry = new Date(now.getTime() + this.config.tokenTTL.accessToken * 1000);
+
+        const accessTokenJWT = await this.jwtUtils.generateAccessToken({
+            issuer: this.config.issuer,
+            subject: user.sub,
+            audience: request.client_id!,
+            clientId: request.client_id!,
+            scope,
+            expiresIn: this.config.tokenTTL.accessToken,
+        });
+
+        const accessToken: AccessToken = {
+            token: accessTokenJWT,
+            client_id: request.client_id!,
+            user_id: user.sub,
+            scope,
+            expires_at: accessTokenExpiry,
+            created_at: now,
+        };
+
+        await this.tokenManager.storeAccessToken(accessToken);
+
+        // 可选：生成新的刷新令牌（刷新令牌轮换）
+        let newRefreshToken: string | undefined;
+        if (this.config.rotateRefreshTokens !== false) { // 默认启用刷新令牌轮换
+            const refreshTokenExpiry = new Date(now.getTime() + this.config.tokenTTL.refreshToken * 1000);
+            newRefreshToken = nanoid(64);
+
+            const newRefreshTokenRecord: RefreshToken = {
+                token: newRefreshToken,
+                client_id: request.client_id!,
+                user_id: user.sub,
+                scope,
+                expires_at: refreshTokenExpiry,
+                created_at: now,
+            };
+
+            await this.tokenManager.storeRefreshToken(newRefreshTokenRecord);
+            // 删除旧的刷新令牌
+            await this.tokenManager.deleteRefreshToken(request.refresh_token);
+        }
+
+        const response: TokenResponse = {
+            access_token: accessTokenJWT,
+            token_type: 'Bearer',
+            expires_in: this.config.tokenTTL.accessToken,
+            scope,
+        };
+
+        if (newRefreshToken) {
+            response.refresh_token = newRefreshToken;
+        }
+
+        return {
+            success: true,
+            response,
+        };
+    }
+
+    /**
+     * 获取用户信息
+     */
+    async getUserInfo(accessToken: string): Promise<{ success: true; user: Partial<OIDCUser> } | { success: false; error: OIDCError }> {
+        try {
+            // 验证访问令牌
+            const payload = await this.jwtUtils.verifyToken(accessToken);
+
+            // 检查令牌类型
+            if ((payload as any).token_type !== 'access_token') {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_token',
+                        error_description: 'Invalid token type',
+                    },
+                };
+            }
+
+            // 获取令牌数据
+            const tokenData = await this.tokenManager.getAccessToken(accessToken);
+            if (!tokenData) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_token',
+                        error_description: 'Token not found',
+                    },
+                };
+            }
+
+            // 检查令牌是否过期
+            if (tokenData.expires_at < new Date()) {
+                await this.tokenManager.deleteAccessToken(accessToken);
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_token',
+                        error_description: 'Token expired',
+                    },
+                };
+            }
+
+            // 获取用户信息
+            const user = await this.findUser(tokenData.user_id);
+            if (!user) {
+                return {
+                    success: false,
+                    error: {
+                        error: 'invalid_token',
+                        error_description: 'User not found',
+                    },
+                };
+            }
+
+            // 获取请求的声明
+            const requestedClaims = this.getRequestedClaims(tokenData.scope);
+            const filteredUser = this.filterUserClaims(user, requestedClaims);
+
+            return {
+                success: true,
+                user: filteredUser,
+            };
+        } catch (error) {
+            return {
+                success: false,
+                error: {
+                    error: 'invalid_token',
+                    error_description: 'Invalid token',
+                },
+            };
+        }
+    }
+
+    /**
+     * 根据作用域获取请求的声明
+     */
+    private getRequestedClaims(scope: string): string[] {
+        const scopes = scope.split(' ');
+        const claims: string[] = ['sub']; // 总是包含sub
+
+        if (scopes.includes('profile')) {
+            claims.push(
+                'name', 'family_name', 'given_name', 'middle_name', 'nickname',
+                'preferred_username', 'profile', 'picture', 'website', 'gender',
+                'birthdate', 'zoneinfo', 'locale', 'updated_at'
+            );
+        }
+
+        if (scopes.includes('email')) {
+            claims.push('email', 'email_verified');
+        }
+
+        if (scopes.includes('phone')) {
+            claims.push('phone_number', 'phone_number_verified');
+        }
+
+        if (scopes.includes('address')) {
+            claims.push('address');
+        }
+
+        return claims;
+    }
+
+    /**
+     * 根据请求的声明过滤用户信息
+     */
+    private filterUserClaims(user: OIDCUser, requestedClaims: string[]): Partial<OIDCUser> {
+        const filtered: Partial<OIDCUser> = {};
+
+        for (const claim of requestedClaims) {
+            if (claim in user && user[claim as keyof OIDCUser] !== undefined) {
+                (filtered as any)[claim] = user[claim as keyof OIDCUser];
+            }
+        }
+
+        return filtered;
+    }
+
+    /**
+     * 撤销令牌
+     */
+    async revokeToken(token: string, tokenTypeHint?: string): Promise<{ success: boolean; error?: OIDCError }> {
+        try {
+            // 尝试作为访问令牌撤销
+            const accessToken = await this.tokenManager.getAccessToken(token);
+            if (accessToken) {
+                await this.tokenManager.deleteAccessToken(token);
+                return { success: true };
+            }
+
+            // 尝试作为刷新令牌撤销
+            const refreshToken = await this.tokenManager.getRefreshToken(token);
+            if (refreshToken) {
+                await this.tokenManager.deleteRefreshToken(token);
+                // 同时撤销相关的访问令牌
+                await this.tokenManager.deleteAccessTokensByUserAndClient(refreshToken.user_id, refreshToken.client_id);
+                return { success: true };
+            }
+
+            // 令牌不存在，根据RFC 7009，这应该返回成功
+            return { success: true };
+        } catch (error) {
+            return {
+                success: false,
+                error: {
+                    error: 'server_error',
+                    error_description: 'Internal server error',
+                },
+            };
+        }
+    }
+
+    /**
+     * 内省令牌
+     */
+    async introspectToken(token: string): Promise<{
+        active: boolean;
+        scope?: string;
+        client_id?: string;
+        username?: string;
+        token_type?: string;
+        exp?: number;
+        iat?: number;
+        sub?: string;
+        aud?: string;
+        iss?: string;
+    }> {
+        try {
+            // 尝试作为访问令牌内省
+            const accessToken = await this.tokenManager.getAccessToken(token);
+            if (accessToken) {
+                const isExpired = accessToken.expires_at < new Date();
+                if (isExpired) {
+                    await this.tokenManager.deleteAccessToken(token);
+                    return { active: false };
+                }
+
+                const user = await this.findUser(accessToken.user_id);
+
+                return {
+                    active: true,
+                    scope: accessToken.scope,
+                    client_id: accessToken.client_id,
+                    username: user?.username,
+                    token_type: 'Bearer',
+                    exp: Math.floor(accessToken.expires_at.getTime() / 1000),
+                    iat: Math.floor(accessToken.created_at.getTime() / 1000),
+                    sub: accessToken.user_id,
+                    aud: accessToken.client_id,
+                    iss: this.config.issuer,
+                };
+            }
+
+            // 尝试作为刷新令牌内省
+            const refreshToken = await this.tokenManager.getRefreshToken(token);
+            if (refreshToken) {
+                const isExpired = refreshToken.expires_at < new Date();
+                if (isExpired) {
+                    await this.tokenManager.deleteRefreshToken(token);
+                    return { active: false };
+                }
+
+                const user = await this.findUser(refreshToken.user_id);
+
+                return {
+                    active: true,
+                    scope: refreshToken.scope,
+                    client_id: refreshToken.client_id,
+                    username: user?.username,
+                    token_type: 'refresh_token',
+                    exp: Math.floor(refreshToken.expires_at.getTime() / 1000),
+                    iat: Math.floor(refreshToken.created_at.getTime() / 1000),
+                    sub: refreshToken.user_id,
+                    aud: refreshToken.client_id,
+                    iss: this.config.issuer,
+                };
+            }
+
+            return { active: false };
+        } catch (error) {
+            return { active: false };
+        }
+    }
+
+    /**
+     * 获取JWKS
+     */
+    async getJWKS(): Promise<{ keys: any[] }> {
+        return await this.jwtUtils.generateJWKS();
+    }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/storage/adapter.ts b/packages/oidc-provider/src/storage/adapter.ts
new file mode 100644
index 0000000..75fed24
--- /dev/null
+++ b/packages/oidc-provider/src/storage/adapter.ts
@@ -0,0 +1,44 @@
+/**
+ * 通用存储适配器接口
+ * 使用简单的key-value存储模式支持所有OIDC存储需求
+ */
+export interface StorageAdapter {
+    /**
+     * 存储数据
+     * @param key 存储键
+     * @param value 存储值
+     * @param ttl 过期时间（秒），可选
+     */
+    set(key: string, value: any, ttl?: number): Promise<void>;
+
+    /**
+     * 获取数据
+     * @param key 存储键
+     */
+    get<T = any>(key: string): Promise<T | null>;
+
+    /**
+     * 删除数据
+     * @param key 存储键
+     */
+    delete(key: string): Promise<void>;
+
+    /**
+     * 批量删除匹配模式的键
+     * @param pattern 键模式（支持通配符）
+     */
+    deletePattern(pattern: string): Promise<void>;
+
+    /**
+     * 检查键是否存在
+     * @param key 存储键
+     */
+    exists(key: string): Promise<boolean>;
+
+    /**
+     * 设置键的过期时间
+     * @param key 存储键
+     * @param ttl 过期时间（秒）
+     */
+    expire(key: string, ttl: number): Promise<void>;
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/storage/index.ts b/packages/oidc-provider/src/storage/index.ts
new file mode 100644
index 0000000..42f0fc3
--- /dev/null
+++ b/packages/oidc-provider/src/storage/index.ts
@@ -0,0 +1,2 @@
+export type { StorageAdapter } from './adapter';
+export { RedisStorageAdapter } from './redis-adapter'; 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/storage/redis-adapter.ts b/packages/oidc-provider/src/storage/redis-adapter.ts
new file mode 100644
index 0000000..4444de8
--- /dev/null
+++ b/packages/oidc-provider/src/storage/redis-adapter.ts
@@ -0,0 +1,69 @@
+import type { Redis } from 'ioredis';
+import type { StorageAdapter } from './adapter';
+
+/**
+ * Redis存储适配器实现
+ * 使用Redis作为通用key-value存储
+ */
+export class RedisStorageAdapter implements StorageAdapter {
+    private redis: Redis;
+    private keyPrefix: string;
+
+    constructor(redis: Redis, keyPrefix = 'oidc:') {
+        this.redis = redis;
+        this.keyPrefix = keyPrefix;
+    }
+
+    private getKey(key: string): string {
+        return `${this.keyPrefix}${key}`;
+    }
+
+    async set(key: string, value: any, ttl?: number): Promise<void> {
+        const redisKey = this.getKey(key);
+        const serializedValue = JSON.stringify(value);
+
+        if (ttl) {
+            await this.redis.setex(redisKey, ttl, serializedValue);
+        } else {
+            await this.redis.set(redisKey, serializedValue);
+        }
+    }
+
+    async get<T = any>(key: string): Promise<T | null> {
+        const redisKey = this.getKey(key);
+        const data = await this.redis.get(redisKey);
+
+        if (!data) return null;
+
+        try {
+            return JSON.parse(data);
+        } catch {
+            return data as T;
+        }
+    }
+
+    async delete(key: string): Promise<void> {
+        const redisKey = this.getKey(key);
+        await this.redis.del(redisKey);
+    }
+
+    async deletePattern(pattern: string): Promise<void> {
+        const redisPattern = this.getKey(pattern);
+        const keys = await this.redis.keys(redisPattern);
+
+        if (keys.length > 0) {
+            await this.redis.del(...keys);
+        }
+    }
+
+    async exists(key: string): Promise<boolean> {
+        const redisKey = this.getKey(key);
+        const result = await this.redis.exists(redisKey);
+        return result === 1;
+    }
+
+    async expire(key: string, ttl: number): Promise<void> {
+        const redisKey = this.getKey(key);
+        await this.redis.expire(redisKey, ttl);
+    }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/types/index.ts b/packages/oidc-provider/src/types/index.ts
new file mode 100644
index 0000000..7432a09
--- /dev/null
+++ b/packages/oidc-provider/src/types/index.ts
@@ -0,0 +1,342 @@
+import type { StorageAdapter } from '../storage/adapter';
+
+export interface OIDCProviderConfig {
+    /** 发行者标识符 */
+    issuer: string;
+    /** 签名密钥 */
+    signingKey: string;
+    /** 签名算法 */
+    signingAlgorithm?: 'HS256' | 'RS256' | 'ES256';
+    /** 存储适配器实例（仅用于令牌存储） */
+    storage: StorageAdapter;
+    /** 查找用户的回调函数 */
+    findUser: (userId: string) => Promise<OIDCUser | null>;
+    /** 获取客户端的回调函数 */
+    findClient: (clientId: string) => Promise<OIDCClient | null>;
+    /** 令牌过期时间配置 */
+    tokenTTL?: {
+        accessToken?: number; // 默认 3600 秒
+        refreshToken?: number; // 默认 30 天
+        authorizationCode?: number; // 默认 600 秒
+        idToken?: number; // 默认 3600 秒
+    };
+    /** 支持的响应类型 */
+    responseTypes?: string[];
+    /** 支持的授权类型 */
+    grantTypes?: string[];
+    /** 支持的作用域 */
+    scopes?: string[];
+    /** 支持的声明 */
+    claims?: string[];
+    /** 是否启用PKCE */
+    enablePKCE?: boolean;
+    /** 是否强制要求PKCE（针对public客户端） */
+    requirePKCE?: boolean;
+    /** 是否启用刷新令牌轮换 */
+    rotateRefreshTokens?: boolean;
+}
+
+export interface OIDCClient {
+    /** 客户端ID */
+    client_id: string;
+    /** 客户端密钥 */
+    client_secret?: string;
+    /** 重定向URI列表 */
+    redirect_uris: string[];
+    /** 客户端名称 */
+    client_name?: string;
+    /** 客户端类型 */
+    client_type: 'public' | 'confidential';
+    /** 支持的授权类型 */
+    grant_types: string[];
+    /** 支持的响应类型 */
+    response_types: string[];
+    /** 支持的作用域 */
+    scopes: string[];
+    /** 令牌端点认证方法 */
+    token_endpoint_auth_method?: string;
+    /** 创建时间 */
+    created_at: Date;
+    /** 更新时间 */
+    updated_at: Date;
+}
+
+export interface OIDCUser {
+    /** 用户ID */
+    sub: string;
+    /** 用户名 */
+    username?: string;
+    /** 邮箱 */
+    email?: string;
+    /** 邮箱是否已验证 */
+    email_verified?: boolean;
+    /** 姓名 */
+    name?: string;
+    /** 名字 */
+    given_name?: string;
+    /** 姓氏 */
+    family_name?: string;
+    /** 头像 */
+    picture?: string;
+    /** 个人资料 */
+    profile?: string;
+    /** 网站 */
+    website?: string;
+    /** 性别 */
+    gender?: string;
+    /** 生日 */
+    birthdate?: string;
+    /** 时区 */
+    zoneinfo?: string;
+    /** 语言 */
+    locale?: string;
+    /** 电话号码 */
+    phone_number?: string;
+    /** 电话号码是否已验证 */
+    phone_number_verified?: boolean;
+    /** 地址 */
+    address?: {
+        formatted?: string;
+        street_address?: string;
+        locality?: string;
+        region?: string;
+        postal_code?: string;
+        country?: string;
+    };
+    /** 更新时间 */
+    updated_at?: number;
+    /** 自定义声明 */
+    [key: string]: any;
+}
+
+export interface AuthorizationCode {
+    /** 授权码 */
+    code: string;
+    /** 客户端ID */
+    client_id: string;
+    /** 用户ID */
+    user_id: string;
+    /** 重定向URI */
+    redirect_uri: string;
+    /** 作用域 */
+    scope: string;
+    /** PKCE代码挑战 */
+    code_challenge?: string;
+    /** PKCE代码挑战方法 */
+    code_challenge_method?: string;
+    /** 随机数 */
+    nonce?: string;
+    /** 状态 */
+    state?: string;
+    /** 过期时间 */
+    expires_at: Date;
+    /** 创建时间 */
+    created_at: Date;
+}
+
+export interface AccessToken {
+    /** 访问令牌 */
+    token: string;
+    /** 客户端ID */
+    client_id: string;
+    /** 用户ID */
+    user_id: string;
+    /** 作用域 */
+    scope: string;
+    /** 过期时间 */
+    expires_at: Date;
+    /** 创建时间 */
+    created_at: Date;
+}
+
+export interface RefreshToken {
+    /** 刷新令牌 */
+    token: string;
+    /** 客户端ID */
+    client_id: string;
+    /** 用户ID */
+    user_id: string;
+    /** 作用域 */
+    scope: string;
+    /** 过期时间 */
+    expires_at: Date;
+    /** 创建时间 */
+    created_at: Date;
+}
+
+export interface IDToken {
+    /** ID令牌 */
+    token: string;
+    /** 客户端ID */
+    client_id: string;
+    /** 用户ID */
+    user_id: string;
+    /** 随机数 */
+    nonce?: string;
+    /** 过期时间 */
+    expires_at: Date;
+    /** 创建时间 */
+    created_at: Date;
+}
+
+export interface AuthorizationRequest {
+    /** 响应类型 */
+    response_type: string;
+    /** 客户端ID */
+    client_id: string;
+    /** 重定向URI */
+    redirect_uri: string;
+    /** 作用域 */
+    scope: string;
+    /** 状态 */
+    state?: string;
+    /** 随机数 */
+    nonce?: string;
+    /** PKCE代码挑战 */
+    code_challenge?: string;
+    /** PKCE代码挑战方法 */
+    code_challenge_method?: 'plain' | 'S256';
+    /** 提示 */
+    prompt?: string;
+    /** 最大年龄 */
+    max_age?: number;
+    /** ID令牌提示 */
+    id_token_hint?: string;
+    /** 登录提示 */
+    login_hint?: string;
+    /** ACR值 */
+    acr_values?: string;
+}
+
+export interface TokenRequest {
+    /** 授权类型 */
+    grant_type: string;
+    /** 授权码 */
+    code?: string;
+    /** 重定向URI */
+    redirect_uri?: string;
+    /** 客户端ID */
+    client_id: string;
+    /** 客户端密钥 */
+    client_secret?: string;
+    /** 刷新令牌 */
+    refresh_token?: string;
+    /** 作用域 */
+    scope?: string;
+    /** PKCE代码验证器 */
+    code_verifier?: string;
+}
+
+export interface TokenResponse {
+    /** 访问令牌 */
+    access_token: string;
+    /** 令牌类型 */
+    token_type: string;
+    /** 过期时间（秒） */
+    expires_in: number;
+    /** 刷新令牌 */
+    refresh_token?: string;
+    /** ID令牌 */
+    id_token?: string;
+    /** 作用域 */
+    scope?: string;
+}
+
+export interface OIDCError {
+    /** 错误代码 */
+    error: string;
+    /** 错误描述 */
+    error_description?: string;
+    /** 错误URI */
+    error_uri?: string;
+    /** 状态 */
+    state?: string;
+}
+
+export interface DiscoveryDocument {
+    /** 发行者 */
+    issuer: string;
+    /** 授权端点 */
+    authorization_endpoint: string;
+    /** 令牌端点 */
+    token_endpoint: string;
+    /** 用户信息端点 */
+    userinfo_endpoint: string;
+    /** JWKS URI */
+    jwks_uri: string;
+    /** 注册端点 */
+    registration_endpoint?: string;
+    /** 撤销端点 */
+    revocation_endpoint?: string;
+    /** 内省端点 */
+    introspection_endpoint?: string;
+    /** 结束会话端点 */
+    end_session_endpoint?: string;
+    /** 支持的响应类型 */
+    response_types_supported: string[];
+    /** 支持的授权类型 */
+    grant_types_supported: string[];
+    /** 支持的作用域 */
+    scopes_supported: string[];
+    /** 支持的声明 */
+    claims_supported: string[];
+    /** 支持的令牌端点认证方法 */
+    token_endpoint_auth_methods_supported: string[];
+    /** 支持的签名算法 */
+    id_token_signing_alg_values_supported: string[];
+    /** 支持的主题类型 */
+    subject_types_supported: string[];
+    /** 支持的代码挑战方法 */
+    code_challenge_methods_supported?: string[];
+    /** 支持的响应模式 */
+    response_modes_supported?: string[];
+    /** 是否支持claims参数 */
+    claims_parameter_supported?: boolean;
+    /** 是否支持request参数 */
+    request_parameter_supported?: boolean;
+    /** 是否支持request_uri参数 */
+    request_uri_parameter_supported?: boolean;
+    /** 是否要求注册request_uri */
+    require_request_uri_registration?: boolean;
+}
+
+/**
+ * 用户会话接口
+ */
+export interface UserSession {
+    /** 会话ID */
+    session_id: string;
+    /** 用户ID */
+    user_id: string;
+    /** 客户端ID */
+    client_id?: string;
+    /** 认证时间 */
+    auth_time: number;
+    /** 认证上下文类引用 */
+    acr?: string;
+    /** 认证方法引用 */
+    amr?: string[];
+    /** 过期时间 */
+    expires_at: Date;
+    /** 创建时间 */
+    created_at: Date;
+    /** 授权参数（用于重定向） */
+    authorization_params?: AuthorizationRequest;
+}
+
+/**
+ * 登录凭据接口
+ */
+export interface LoginCredentials {
+    /** 用户名 */
+    username: string;
+    /** 密码 */
+    password: string;
+    /** 记住我 */
+    remember_me?: boolean;
+}
+
+/**
+ * 密码验证函数类型
+ */
+export type PasswordValidator = (username: string, password: string) => Promise<string | null>; 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/utils/jwt.ts b/packages/oidc-provider/src/utils/jwt.ts
new file mode 100644
index 0000000..b70793f
--- /dev/null
+++ b/packages/oidc-provider/src/utils/jwt.ts
@@ -0,0 +1,252 @@
+import { SignJWT, jwtVerify, importJWK, exportJWK, generateKeyPair } from 'jose';
+import type { OIDCUser } from '../types';
+
+export interface JWTPayload {
+    iss: string;
+    sub: string;
+    aud: string | string[];
+    exp: number;
+    iat: number;
+    auth_time?: number;
+    nonce?: string;
+    acr?: string;
+    amr?: string[];
+    azp?: string;
+    [key: string]: any;
+}
+
+export interface AccessTokenPayload extends JWTPayload {
+    scope: string;
+    client_id: string;
+    token_type: 'access_token';
+}
+
+export interface IDTokenPayload extends JWTPayload {
+    nonce?: string;
+    auth_time: number;
+    [key: string]: any;
+}
+
+/**
+ * JWT工具类
+ */
+export class JWTUtils {
+    private signingKey: string;
+    private algorithm: 'HS256' | 'RS256' | 'ES256' = 'HS256';
+
+    constructor(signingKey: string, algorithm?: 'HS256' | 'RS256' | 'ES256') {
+        this.signingKey = signingKey;
+        this.algorithm = algorithm || 'HS256';
+    }
+
+    /**
+     * 生成访问令牌
+     */
+    async generateAccessToken(payload: {
+        issuer: string;
+        subject: string;
+        audience: string;
+        clientId: string;
+        scope: string;
+        expiresIn: number;
+    }): Promise<string> {
+        const now = Math.floor(Date.now() / 1000);
+
+        const jwtPayload: AccessTokenPayload = {
+            iss: payload.issuer,
+            sub: payload.subject,
+            aud: payload.audience,
+            exp: now + payload.expiresIn,
+            iat: now,
+            scope: payload.scope,
+            client_id: payload.clientId,
+            token_type: 'access_token',
+        };
+
+        return await new SignJWT(jwtPayload)
+            .setProtectedHeader({ alg: this.algorithm })
+            .sign(new TextEncoder().encode(this.signingKey));
+    }
+
+    /**
+     * 生成ID令牌
+     */
+    async generateIDToken(payload: {
+        issuer: string;
+        subject: string;
+        audience: string;
+        user: OIDCUser;
+        authTime: number;
+        nonce?: string;
+        expiresIn: number;
+        requestedClaims?: string[];
+    }): Promise<string> {
+        const now = Math.floor(Date.now() / 1000);
+
+        const jwtPayload: IDTokenPayload = {
+            iss: payload.issuer,
+            sub: payload.subject,
+            aud: payload.audience,
+            exp: now + payload.expiresIn,
+            iat: now,
+            auth_time: payload.authTime,
+        };
+
+        // 添加nonce（如果提供）
+        if (payload.nonce) {
+            jwtPayload.nonce = payload.nonce;
+        }
+
+        // 添加用户声明
+        this.addUserClaims(jwtPayload, payload.user, payload.requestedClaims);
+
+        return await new SignJWT(jwtPayload)
+            .setProtectedHeader({ alg: this.algorithm })
+            .sign(new TextEncoder().encode(this.signingKey));
+    }
+
+    /**
+     * 验证JWT令牌
+     */
+    async verifyToken(token: string): Promise<JWTPayload> {
+        try {
+            const { payload } = await jwtVerify(
+                token,
+                new TextEncoder().encode(this.signingKey)
+            );
+            return payload as JWTPayload;
+        } catch (error) {
+            throw new Error(`Invalid token: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+
+    /**
+     * 解码JWT令牌（不验证签名）
+     */
+    decodeToken(token: string): JWTPayload {
+        try {
+            const parts = token.split('.');
+            if (parts.length !== 3) {
+                throw new Error('Invalid token format');
+            }
+
+            const payloadPart = parts[1];
+            if (!payloadPart) {
+                throw new Error('Invalid token payload');
+            }
+
+            const payload = JSON.parse(
+                Buffer.from(payloadPart, 'base64url').toString('utf-8')
+            );
+            return payload;
+        } catch (error) {
+            throw new Error(`Failed to decode token: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+
+    /**
+     * 检查令牌是否过期
+     */
+    isTokenExpired(token: string): boolean {
+        try {
+            const payload = this.decodeToken(token);
+            const now = Math.floor(Date.now() / 1000);
+            return payload.exp < now;
+        } catch {
+            return true;
+        }
+    }
+
+    /**
+     * 获取令牌剩余有效时间（秒）
+     */
+    getTokenTTL(token: string): number {
+        try {
+            const payload = this.decodeToken(token);
+            const now = Math.floor(Date.now() / 1000);
+            return Math.max(0, payload.exp - now);
+        } catch {
+            return 0;
+        }
+    }
+
+    /**
+     * 添加用户声明到JWT载荷
+     */
+    private addUserClaims(
+        payload: IDTokenPayload,
+        user: OIDCUser,
+        requestedClaims?: string[]
+    ): void {
+        // 标准声明映射
+        const standardClaims = {
+            name: user.name,
+            given_name: user.given_name,
+            family_name: user.family_name,
+            preferred_username: user.username,
+            profile: user.profile,
+            picture: user.picture,
+            website: user.website,
+            email: user.email,
+            email_verified: user.email_verified,
+            gender: user.gender,
+            birthdate: user.birthdate,
+            zoneinfo: user.zoneinfo,
+            locale: user.locale,
+            phone_number: user.phone_number,
+            phone_number_verified: user.phone_number_verified,
+            address: user.address,
+            updated_at: user.updated_at,
+        };
+
+        // 如果指定了请求的声明，只添加这些声明
+        if (requestedClaims && requestedClaims.length > 0) {
+            for (const claim of requestedClaims) {
+                if (claim in standardClaims && standardClaims[claim as keyof typeof standardClaims] !== undefined) {
+                    payload[claim] = standardClaims[claim as keyof typeof standardClaims];
+                } else if (claim in user && user[claim] !== undefined) {
+                    payload[claim] = user[claim];
+                }
+            }
+        } else {
+            // 添加所有可用的标准声明
+            for (const [claim, value] of Object.entries(standardClaims)) {
+                if (value !== undefined) {
+                    payload[claim] = value;
+                }
+            }
+        }
+    }
+
+    /**
+     * 生成JWKS（JSON Web Key Set）
+     */
+    async generateJWKS(): Promise<{ keys: any[] }> {
+        // 对于HMAC算法，我们不暴露密钥
+        // 这里返回空的JWKS，实际应用中可能需要使用RSA或ECDSA
+        return { keys: [] };
+    }
+
+    /**
+     * 生成RSA密钥对（用于生产环境）
+     */
+    static async generateRSAKeyPair(): Promise<{
+        privateKey: string;
+        publicKey: string;
+        jwk: any;
+    }> {
+        const { privateKey, publicKey } = await generateKeyPair('RS256');
+        const jwk = await exportJWK(publicKey);
+
+        return {
+            privateKey: JSON.stringify(await exportJWK(privateKey)),
+            publicKey: JSON.stringify(jwk),
+            jwk: {
+                ...jwk,
+                alg: 'RS256',
+                use: 'sig',
+                kid: 'default',
+            },
+        };
+    }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/utils/pkce.ts b/packages/oidc-provider/src/utils/pkce.ts
new file mode 100644
index 0000000..5778de7
--- /dev/null
+++ b/packages/oidc-provider/src/utils/pkce.ts
@@ -0,0 +1,153 @@
+import { createHash } from 'crypto';
+
+/**
+ * PKCE工具类
+ * 实现RFC 7636 - Proof Key for Code Exchange
+ */
+export class PKCEUtils {
+    /**
+     * 支持的代码挑战方法
+     */
+    static readonly SUPPORTED_METHODS = ['plain', 'S256'] as const;
+
+    /**
+     * 验证代码挑战方法是否支持
+     */
+    static isSupportedMethod(method: string): method is typeof PKCEUtils.SUPPORTED_METHODS[number] {
+        return PKCEUtils.SUPPORTED_METHODS.includes(method as any);
+    }
+
+    /**
+     * 验证代码验证器格式
+     * 根据RFC 7636，代码验证器必须是43-128个字符的字符串
+     * 只能包含 [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
+     */
+    static isValidCodeVerifier(codeVerifier: string): boolean {
+        if (!codeVerifier || typeof codeVerifier !== 'string') {
+            return false;
+        }
+
+        // 检查长度
+        if (codeVerifier.length < 43 || codeVerifier.length > 128) {
+            return false;
+        }
+
+        // 检查字符集
+        const validChars = /^[A-Za-z0-9\-._~]+$/;
+        return validChars.test(codeVerifier);
+    }
+
+    /**
+     * 验证代码挑战格式
+     * 代码挑战的格式取决于使用的方法
+     */
+    static isValidCodeChallenge(codeChallenge: string, method: string): boolean {
+        if (!codeChallenge || typeof codeChallenge !== 'string') {
+            return false;
+        }
+
+        switch (method) {
+            case 'plain':
+                // plain方法下，代码挑战就是代码验证器
+                return PKCEUtils.isValidCodeVerifier(codeChallenge);
+
+            case 'S256':
+                // S256方法下，代码挑战是base64url编码的SHA256哈希
+                // 长度应该是43个字符（256位哈希的base64url编码）
+                if (codeChallenge.length !== 43) {
+                    return false;
+                }
+                // 检查是否是有效的base64url字符
+                const base64urlChars = /^[A-Za-z0-9\-_]+$/;
+                return base64urlChars.test(codeChallenge);
+
+            default:
+                return false;
+        }
+    }
+
+    /**
+     * 生成代码挑战
+     * 根据代码验证器和方法生成代码挑战
+     */
+    static generateCodeChallenge(codeVerifier: string, method: string): string {
+        if (!PKCEUtils.isValidCodeVerifier(codeVerifier)) {
+            throw new Error('Invalid code verifier');
+        }
+
+        if (!PKCEUtils.isSupportedMethod(method)) {
+            throw new Error(`Unsupported code challenge method: ${method}`);
+        }
+
+        switch (method) {
+            case 'plain':
+                return codeVerifier;
+
+            case 'S256':
+                const hash = createHash('sha256').update(codeVerifier).digest();
+                return hash.toString('base64url');
+
+            default:
+                throw new Error(`Unsupported code challenge method: ${method}`);
+        }
+    }
+
+    /**
+     * 验证代码验证器和代码挑战是否匹配
+     */
+    static verifyCodeChallenge(
+        codeVerifier: string,
+        codeChallenge: string,
+        method: string
+    ): boolean {
+        try {
+            if (!PKCEUtils.isValidCodeVerifier(codeVerifier)) {
+                return false;
+            }
+
+            if (!PKCEUtils.isValidCodeChallenge(codeChallenge, method)) {
+                return false;
+            }
+
+            const expectedChallenge = PKCEUtils.generateCodeChallenge(codeVerifier, method);
+            return expectedChallenge === codeChallenge;
+        } catch {
+            return false;
+        }
+    }
+
+    /**
+     * 生成随机的代码验证器
+     * 用于测试或客户端SDK
+     */
+    static generateCodeVerifier(): string {
+        const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
+        const length = 128; // 使用最大长度
+        let result = '';
+
+        for (let i = 0; i < length; i++) {
+            result += chars.charAt(Math.floor(Math.random() * chars.length));
+        }
+
+        return result;
+    }
+
+    /**
+     * 生成代码挑战对（验证器和挑战）
+     * 用于测试或客户端SDK
+     */
+    static generateCodeChallengePair(method: string = 'S256'): {
+        codeVerifier: string;
+        codeChallenge: string;
+        codeChallengeMethod: string;
+    } {
+        const codeVerifier = PKCEUtils.generateCodeVerifier();
+        const codeChallenge = PKCEUtils.generateCodeChallenge(codeVerifier, method);
+
+        return {
+            codeVerifier,
+            codeChallenge,
+            codeChallengeMethod: method,
+        };
+    }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/src/utils/validation.ts b/packages/oidc-provider/src/utils/validation.ts
new file mode 100644
index 0000000..de1cb64
--- /dev/null
+++ b/packages/oidc-provider/src/utils/validation.ts
@@ -0,0 +1,314 @@
+import { z } from 'zod';
+import type { AuthorizationRequest, TokenRequest, OIDCClient } from '../types';
+
+/**
+ * OIDC验证工具类
+ */
+export class ValidationUtils {
+    /**
+     * 验证重定向URI
+     */
+    static isValidRedirectUri(uri: string): boolean {
+        try {
+            const url = new URL(uri);
+            // 不允许fragment
+            if (url.hash) {
+                return false;
+            }
+            // 必须是HTTPS（除了localhost）
+            if (url.protocol !== 'https:' && url.hostname !== 'localhost' && url.hostname !== '127.0.0.1') {
+                return false;
+            }
+            return true;
+        } catch {
+            return false;
+        }
+    }
+
+    /**
+     * 验证作用域
+     */
+    static isValidScope(scope: string, supportedScopes: string[]): boolean {
+        if (!scope || typeof scope !== 'string') {
+            return false;
+        }
+
+        const requestedScopes = scope.split(' ').filter(s => s.length > 0);
+
+        // 必须包含openid作用域
+        if (!requestedScopes.includes('openid')) {
+            return false;
+        }
+
+        // 检查所有请求的作用域是否都被支持
+        return requestedScopes.every(s => supportedScopes.includes(s));
+    }
+
+    /**
+     * 验证响应类型
+     */
+    static isValidResponseType(responseType: string, supportedTypes: string[]): boolean {
+        if (!responseType || typeof responseType !== 'string') {
+            return false;
+        }
+
+        return supportedTypes.includes(responseType);
+    }
+
+    /**
+     * 验证授权类型
+     */
+    static isValidGrantType(grantType: string, supportedTypes: string[]): boolean {
+        if (!grantType || typeof grantType !== 'string') {
+            return false;
+        }
+
+        return supportedTypes.includes(grantType);
+    }
+
+    /**
+     * 验证客户端ID格式
+     */
+    static isValidClientId(clientId: string): boolean {
+        if (!clientId || typeof clientId !== 'string') {
+            return false;
+        }
+
+        // 客户端ID应该是非空字符串，长度在3-128之间
+        return clientId.length >= 3 && clientId.length <= 128;
+    }
+
+    /**
+     * 验证状态参数
+     */
+    static isValidState(state: string): boolean {
+        if (!state || typeof state !== 'string') {
+            return false;
+        }
+
+        // 状态参数应该是非空字符串，长度不超过512
+        return state.length > 0 && state.length <= 512;
+    }
+
+    /**
+     * 验证随机数
+     */
+    static isValidNonce(nonce: string): boolean {
+        if (!nonce || typeof nonce !== 'string') {
+            return false;
+        }
+
+        // 随机数应该是非空字符串，长度不超过512
+        return nonce.length > 0 && nonce.length <= 512;
+    }
+
+    /**
+     * 验证授权请求
+     */
+    static validateAuthorizationRequest(
+        request: Partial<AuthorizationRequest>,
+        client: OIDCClient,
+        supportedScopes: string[],
+        supportedResponseTypes: string[]
+    ): { valid: boolean; errors: string[] } {
+        const errors: string[] = [];
+
+        // 验证响应类型
+        if (!request.response_type) {
+            errors.push('Missing response_type parameter');
+        } else if (!ValidationUtils.isValidResponseType(request.response_type, supportedResponseTypes)) {
+            errors.push('Invalid or unsupported response_type');
+        } else if (!client.response_types.includes(request.response_type)) {
+            errors.push('Response type not allowed for this client');
+        }
+
+        // 验证客户端ID
+        if (!request.client_id) {
+            errors.push('Missing client_id parameter');
+        } else if (request.client_id !== client.client_id) {
+            errors.push('Invalid client_id');
+        }
+
+        // 验证重定向URI
+        if (!request.redirect_uri) {
+            errors.push('Missing redirect_uri parameter');
+        } else if (!ValidationUtils.isValidRedirectUri(request.redirect_uri)) {
+            errors.push('Invalid redirect_uri format');
+        } else if (!client.redirect_uris.includes(request.redirect_uri)) {
+            errors.push('Redirect URI not registered for this client');
+        }
+
+        // 验证作用域
+        if (!request.scope) {
+            errors.push('Missing scope parameter');
+        } else if (!ValidationUtils.isValidScope(request.scope, supportedScopes)) {
+            errors.push('Invalid or unsupported scope');
+        } else {
+            const requestedScopes = request.scope.split(' ');
+            const allowedScopes = client.scopes;
+            if (!requestedScopes.every(s => allowedScopes.includes(s))) {
+                errors.push('Scope not allowed for this client');
+            }
+        }
+
+        // 验证状态（可选）
+        if (request.state && !ValidationUtils.isValidState(request.state)) {
+            errors.push('Invalid state parameter');
+        }
+
+        // 验证随机数（可选）
+        if (request.nonce && !ValidationUtils.isValidNonce(request.nonce)) {
+            errors.push('Invalid nonce parameter');
+        }
+
+        // 验证PKCE参数（如果提供）
+        if (request.code_challenge) {
+            if (!request.code_challenge_method) {
+                errors.push('Missing code_challenge_method when code_challenge is provided');
+            } else if (!['plain', 'S256'].includes(request.code_challenge_method)) {
+                errors.push('Unsupported code_challenge_method');
+            }
+        }
+
+        return {
+            valid: errors.length === 0,
+            errors,
+        };
+    }
+
+    /**
+     * 验证令牌请求
+     */
+    static validateTokenRequest(
+        request: Partial<TokenRequest>,
+        client: OIDCClient,
+        supportedGrantTypes: string[]
+    ): { valid: boolean; errors: string[] } {
+        const errors: string[] = [];
+
+        // 验证授权类型
+        if (!request.grant_type) {
+            errors.push('Missing grant_type parameter');
+        } else if (!ValidationUtils.isValidGrantType(request.grant_type, supportedGrantTypes)) {
+            errors.push('Invalid or unsupported grant_type');
+        } else if (!client.grant_types.includes(request.grant_type)) {
+            errors.push('Grant type not allowed for this client');
+        }
+
+        // 验证客户端ID
+        if (!request.client_id) {
+            errors.push('Missing client_id parameter');
+        } else if (request.client_id !== client.client_id) {
+            errors.push('Invalid client_id');
+        }
+
+        // 根据授权类型进行特定验证
+        if (request.grant_type === 'authorization_code') {
+            if (!request.code) {
+                errors.push('Missing code parameter for authorization_code grant');
+            }
+            if (!request.redirect_uri) {
+                errors.push('Missing redirect_uri parameter for authorization_code grant');
+            }
+        } else if (request.grant_type === 'refresh_token') {
+            if (!request.refresh_token) {
+                errors.push('Missing refresh_token parameter for refresh_token grant');
+            }
+        }
+
+        return {
+            valid: errors.length === 0,
+            errors,
+        };
+    }
+
+    /**
+     * 验证用户信息请求的访问令牌
+     */
+    static validateBearerToken(authorizationHeader: string | undefined): string | null {
+        if (!authorizationHeader) {
+            return null;
+        }
+
+        const parts = authorizationHeader.split(' ');
+        if (parts.length !== 2 || parts[0]?.toLowerCase() !== 'bearer') {
+            return null;
+        }
+
+        const token = parts[1];
+        if (!token || token.length === 0) {
+            return null;
+        }
+
+        return token;
+    }
+
+    /**
+     * 验证邮箱格式
+     */
+    static isValidEmail(email: string): boolean {
+        const emailSchema = z.string().email();
+        try {
+            emailSchema.parse(email);
+            return true;
+        } catch {
+            return false;
+        }
+    }
+
+    /**
+     * 验证URL格式
+     */
+    static isValidUrl(url: string): boolean {
+        try {
+            new URL(url);
+            return true;
+        } catch {
+            return false;
+        }
+    }
+
+    /**
+     * 验证电话号码格式（简单验证）
+     */
+    static isValidPhoneNumber(phone: string): boolean {
+        // 简单的电话号码验证，支持国际格式
+        const phoneRegex = /^\+?[1-9]\d{1,14}$/;
+        return phoneRegex.test(phone);
+    }
+
+    /**
+     * 验证日期格式（YYYY-MM-DD）
+     */
+    static isValidBirthdate(birthdate: string): boolean {
+        const dateRegex = /^\d{4}-\d{2}-\d{2}$/;
+        if (!dateRegex.test(birthdate)) {
+            return false;
+        }
+
+        const date = new Date(birthdate);
+        return !isNaN(date.getTime());
+    }
+
+    /**
+     * 验证时区格式
+     */
+    static isValidZoneinfo(zoneinfo: string): boolean {
+        try {
+            // 尝试使用Intl.DateTimeFormat验证时区
+            Intl.DateTimeFormat(undefined, { timeZone: zoneinfo });
+            return true;
+        } catch {
+            return false;
+        }
+    }
+
+    /**
+     * 验证语言标签格式
+     */
+    static isValidLocale(locale: string): boolean {
+        // 简单的语言标签验证（如：en, en-US, zh-CN）
+        const localeRegex = /^[a-z]{2,3}(-[A-Z]{2})?$/;
+        return localeRegex.test(locale);
+    }
+} 
\ No newline at end of file
diff --git a/packages/oidc-provider/tsconfig.json b/packages/oidc-provider/tsconfig.json
new file mode 100644
index 0000000..3a8900e
--- /dev/null
+++ b/packages/oidc-provider/tsconfig.json
@@ -0,0 +1,29 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true,
+    "target": "ES2020",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "allowSyntheticDefaultImports": true,
+    "esModuleInterop": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "isolatedModules": true,
+    "noEmitOnError": false
+  },
+  "include": [
+    "src/**/*"
+  ],
+  "exclude": [
+    "dist",
+    "node_modules",
+    "**/*.test.ts",
+    "**/*.spec.ts"
+  ]
+} 
\ No newline at end of file
diff --git a/packages/ui/package.json b/packages/ui/package.json
index 5833cd6..37ff540 100644
--- a/packages/ui/package.json
+++ b/packages/ui/package.json
@@ -14,8 +14,12 @@
     "lint": "eslint . --max-warnings 0"
   },
   "dependencies": {
+    "@radix-ui/react-avatar": "^1.1.10",
+    "@radix-ui/react-dialog": "^1.1.14",
     "@radix-ui/react-dropdown-menu": "^2.1.14",
-    "@radix-ui/react-slot": "^1.2.2",
+    "@radix-ui/react-label": "^2.1.7",
+    "@radix-ui/react-separator": "^1.1.7",
+    "@radix-ui/react-slot": "^1.2.3",
     "clsx": "^2.1.1",
     "react": "^19.1.0",
     "react-dom": "^19.1.0",
@@ -23,13 +27,13 @@
     "zod": "^3.24.4"
   },
   "devDependencies": {
+    "@repo/eslint-config": "workspace:*",
+    "@repo/typescript-config": "workspace:*",
     "@tailwindcss/postcss": "^4",
     "@turbo/gen": "^2.5.3",
     "@types/node": "^20",
     "@types/react": "^19.1.4",
     "@types/react-dom": "^19.1.5",
-    "@repo/eslint-config": "workspace:*",
-    "@repo/typescript-config": "workspace:*",
     "class-variance-authority": "^0.7.1",
     "lucide-react": "0.511.0",
     "tailwindcss": "^4",
diff --git a/packages/ui/src/components/alert.tsx b/packages/ui/src/components/alert.tsx
new file mode 100644
index 0000000..4b121f2
--- /dev/null
+++ b/packages/ui/src/components/alert.tsx
@@ -0,0 +1,66 @@
+import * as React from "react"
+import { cva, type VariantProps } from "class-variance-authority"
+
+import { cn } from "@repo/ui/lib/utils"
+
+const alertVariants = cva(
+  "relative w-full rounded-lg border px-4 py-3 text-sm grid has-[>svg]:grid-cols-[calc(var(--spacing)*4)_1fr] grid-cols-[0_1fr] has-[>svg]:gap-x-3 gap-y-0.5 items-start [&>svg]:size-4 [&>svg]:translate-y-0.5 [&>svg]:text-current",
+  {
+    variants: {
+      variant: {
+        default: "bg-card text-card-foreground",
+        destructive:
+          "text-destructive bg-card [&>svg]:text-current *:data-[slot=alert-description]:text-destructive/90",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+    },
+  }
+)
+
+function Alert({
+  className,
+  variant,
+  ...props
+}: React.ComponentProps<"div"> & VariantProps<typeof alertVariants>) {
+  return (
+    <div
+      data-slot="alert"
+      role="alert"
+      className={cn(alertVariants({ variant }), className)}
+      {...props}
+    />
+  )
+}
+
+function AlertTitle({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="alert-title"
+      className={cn(
+        "col-start-2 line-clamp-1 min-h-4 font-medium tracking-tight",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function AlertDescription({
+  className,
+  ...props
+}: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="alert-description"
+      className={cn(
+        "text-muted-foreground col-start-2 grid justify-items-start gap-1 text-sm [&_p]:leading-relaxed",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export { Alert, AlertTitle, AlertDescription }
diff --git a/packages/ui/src/components/avatar.tsx b/packages/ui/src/components/avatar.tsx
new file mode 100644
index 0000000..c59a619
--- /dev/null
+++ b/packages/ui/src/components/avatar.tsx
@@ -0,0 +1,53 @@
+"use client"
+
+import * as React from "react"
+import * as AvatarPrimitive from "@radix-ui/react-avatar"
+
+import { cn } from "@repo/ui/lib/utils"
+
+function Avatar({
+  className,
+  ...props
+}: React.ComponentProps<typeof AvatarPrimitive.Root>) {
+  return (
+    <AvatarPrimitive.Root
+      data-slot="avatar"
+      className={cn(
+        "relative flex size-8 shrink-0 overflow-hidden rounded-full",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function AvatarImage({
+  className,
+  ...props
+}: React.ComponentProps<typeof AvatarPrimitive.Image>) {
+  return (
+    <AvatarPrimitive.Image
+      data-slot="avatar-image"
+      className={cn("aspect-square size-full", className)}
+      {...props}
+    />
+  )
+}
+
+function AvatarFallback({
+  className,
+  ...props
+}: React.ComponentProps<typeof AvatarPrimitive.Fallback>) {
+  return (
+    <AvatarPrimitive.Fallback
+      data-slot="avatar-fallback"
+      className={cn(
+        "bg-muted flex size-full items-center justify-center rounded-full",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export { Avatar, AvatarImage, AvatarFallback }
diff --git a/packages/ui/src/components/badge.tsx b/packages/ui/src/components/badge.tsx
new file mode 100644
index 0000000..006d0f4
--- /dev/null
+++ b/packages/ui/src/components/badge.tsx
@@ -0,0 +1,46 @@
+import * as React from "react"
+import { Slot } from "@radix-ui/react-slot"
+import { cva, type VariantProps } from "class-variance-authority"
+
+import { cn } from "@repo/ui/lib/utils"
+
+const badgeVariants = cva(
+  "inline-flex items-center justify-center rounded-md border px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden",
+  {
+    variants: {
+      variant: {
+        default:
+          "border-transparent bg-primary text-primary-foreground [a&]:hover:bg-primary/90",
+        secondary:
+          "border-transparent bg-secondary text-secondary-foreground [a&]:hover:bg-secondary/90",
+        destructive:
+          "border-transparent bg-destructive text-white [a&]:hover:bg-destructive/90 focus-visible:ring-destructive/20 dark:focus-visible:ring-destructive/40 dark:bg-destructive/60",
+        outline:
+          "text-foreground [a&]:hover:bg-accent [a&]:hover:text-accent-foreground",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+    },
+  }
+)
+
+function Badge({
+  className,
+  variant,
+  asChild = false,
+  ...props
+}: React.ComponentProps<"span"> &
+  VariantProps<typeof badgeVariants> & { asChild?: boolean }) {
+  const Comp = asChild ? Slot : "span"
+
+  return (
+    <Comp
+      data-slot="badge"
+      className={cn(badgeVariants({ variant }), className)}
+      {...props}
+    />
+  )
+}
+
+export { Badge, badgeVariants }
diff --git a/packages/ui/src/components/breadcrumb.tsx b/packages/ui/src/components/breadcrumb.tsx
new file mode 100644
index 0000000..8f7aa07
--- /dev/null
+++ b/packages/ui/src/components/breadcrumb.tsx
@@ -0,0 +1,109 @@
+import * as React from "react"
+import { Slot } from "@radix-ui/react-slot"
+import { ChevronRight, MoreHorizontal } from "lucide-react"
+
+import { cn } from "@repo/ui/lib/utils"
+
+function Breadcrumb({ ...props }: React.ComponentProps<"nav">) {
+  return <nav aria-label="breadcrumb" data-slot="breadcrumb" {...props} />
+}
+
+function BreadcrumbList({ className, ...props }: React.ComponentProps<"ol">) {
+  return (
+    <ol
+      data-slot="breadcrumb-list"
+      className={cn(
+        "text-muted-foreground flex flex-wrap items-center gap-1.5 text-sm break-words sm:gap-2.5",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function BreadcrumbItem({ className, ...props }: React.ComponentProps<"li">) {
+  return (
+    <li
+      data-slot="breadcrumb-item"
+      className={cn("inline-flex items-center gap-1.5", className)}
+      {...props}
+    />
+  )
+}
+
+function BreadcrumbLink({
+  asChild,
+  className,
+  ...props
+}: React.ComponentProps<"a"> & {
+  asChild?: boolean
+}) {
+  const Comp = asChild ? Slot : "a"
+
+  return (
+    <Comp
+      data-slot="breadcrumb-link"
+      className={cn("hover:text-foreground transition-colors", className)}
+      {...props}
+    />
+  )
+}
+
+function BreadcrumbPage({ className, ...props }: React.ComponentProps<"span">) {
+  return (
+    <span
+      data-slot="breadcrumb-page"
+      role="link"
+      aria-disabled="true"
+      aria-current="page"
+      className={cn("text-foreground font-normal", className)}
+      {...props}
+    />
+  )
+}
+
+function BreadcrumbSeparator({
+  children,
+  className,
+  ...props
+}: React.ComponentProps<"li">) {
+  return (
+    <li
+      data-slot="breadcrumb-separator"
+      role="presentation"
+      aria-hidden="true"
+      className={cn("[&>svg]:size-3.5", className)}
+      {...props}
+    >
+      {children ?? <ChevronRight />}
+    </li>
+  )
+}
+
+function BreadcrumbEllipsis({
+  className,
+  ...props
+}: React.ComponentProps<"span">) {
+  return (
+    <span
+      data-slot="breadcrumb-ellipsis"
+      role="presentation"
+      aria-hidden="true"
+      className={cn("flex size-9 items-center justify-center", className)}
+      {...props}
+    >
+      <MoreHorizontal className="size-4" />
+      <span className="sr-only">More</span>
+    </span>
+  )
+}
+
+export {
+  Breadcrumb,
+  BreadcrumbList,
+  BreadcrumbItem,
+  BreadcrumbLink,
+  BreadcrumbPage,
+  BreadcrumbSeparator,
+  BreadcrumbEllipsis,
+}
diff --git a/packages/ui/src/components/button.tsx b/packages/ui/src/components/button.tsx
index 5ca0207..094bca6 100644
--- a/packages/ui/src/components/button.tsx
+++ b/packages/ui/src/components/button.tsx
@@ -1,48 +1,59 @@
-import type * as React from 'react';
-import { Slot } from '@radix-ui/react-slot';
-import { cva, type VariantProps } from 'class-variance-authority';
+import * as React from "react"
+import { Slot } from "@radix-ui/react-slot"
+import { cva, type VariantProps } from "class-variance-authority"
 
-import { cn } from '@repo/ui/lib/utils';
+import { cn } from "@repo/ui/lib/utils"
 
 const buttonVariants = cva(
-	"inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-[color,box-shadow] disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 [&_svg]:shrink-0 ring-ring/10 dark:ring-ring/20 dark:outline-ring/40 outline-ring/50 focus-visible:ring-4 focus-visible:outline-1 aria-invalid:focus-visible:ring-0",
-	{
-		variants: {
-			variant: {
-				default: 'bg-primary text-primary-foreground shadow-sm hover:bg-primary/90',
-				destructive: 'bg-destructive text-destructive-foreground shadow-xs hover:bg-destructive/90',
-				outline: 'border border-input bg-background shadow-xs hover:bg-accent hover:text-accent-foreground',
-				secondary: 'bg-secondary text-secondary-foreground shadow-xs hover:bg-secondary/80',
-				ghost: 'hover:bg-accent hover:text-accent-foreground',
-				link: 'text-primary underline-offset-4 hover:underline',
-			},
-			size: {
-				default: 'h-9 px-4 py-2 has-[>svg]:px-3',
-				sm: 'h-8 rounded-md px-3 has-[>svg]:px-2.5',
-				lg: 'h-10 rounded-md px-6 has-[>svg]:px-4',
-				icon: 'size-9',
-			},
-		},
-		defaultVariants: {
-			variant: 'default',
-			size: 'default',
-		},
-	},
-);
+  "inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium transition-all disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive",
+  {
+    variants: {
+      variant: {
+        default:
+          "bg-primary text-primary-foreground shadow-xs hover:bg-primary/90",
+        destructive:
+          "bg-destructive text-white shadow-xs hover:bg-destructive/90 focus-visible:ring-destructive/20 dark:focus-visible:ring-destructive/40 dark:bg-destructive/60",
+        outline:
+          "border bg-background shadow-xs hover:bg-accent hover:text-accent-foreground dark:bg-input/30 dark:border-input dark:hover:bg-input/50",
+        secondary:
+          "bg-secondary text-secondary-foreground shadow-xs hover:bg-secondary/80",
+        ghost:
+          "hover:bg-accent hover:text-accent-foreground dark:hover:bg-accent/50",
+        link: "text-primary underline-offset-4 hover:underline",
+      },
+      size: {
+        default: "h-9 px-4 py-2 has-[>svg]:px-3",
+        sm: "h-8 rounded-md gap-1.5 px-3 has-[>svg]:px-2.5",
+        lg: "h-10 rounded-md px-6 has-[>svg]:px-4",
+        icon: "size-9",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+      size: "default",
+    },
+  }
+)
 
 function Button({
-	className,
-	variant,
-	size,
-	asChild = false,
-	...props
-}: React.ComponentProps<'button'> &
-	VariantProps<typeof buttonVariants> & {
-		asChild?: boolean;
-	}) {
-	const Comp = asChild ? Slot : 'button';
+  className,
+  variant,
+  size,
+  asChild = false,
+  ...props
+}: React.ComponentProps<"button"> &
+  VariantProps<typeof buttonVariants> & {
+    asChild?: boolean
+  }) {
+  const Comp = asChild ? Slot : "button"
 
-	return <Comp data-slot="button" className={cn(buttonVariants({ variant, size, className }))} {...props} />;
+  return (
+    <Comp
+      data-slot="button"
+      className={cn(buttonVariants({ variant, size, className }))}
+      {...props}
+    />
+  )
 }
 
-export { Button, buttonVariants };
+export { Button, buttonVariants }
diff --git a/packages/ui/src/components/card.tsx b/packages/ui/src/components/card.tsx
new file mode 100644
index 0000000..4768e35
--- /dev/null
+++ b/packages/ui/src/components/card.tsx
@@ -0,0 +1,92 @@
+import * as React from "react"
+
+import { cn } from "@repo/ui/lib/utils"
+
+function Card({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="card"
+      className={cn(
+        "bg-card text-card-foreground flex flex-col gap-6 rounded-xl border py-6 shadow-sm",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function CardHeader({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="card-header"
+      className={cn(
+        "@container/card-header grid auto-rows-min grid-rows-[auto_auto] items-start gap-1.5 px-6 has-data-[slot=card-action]:grid-cols-[1fr_auto] [.border-b]:pb-6",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function CardTitle({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="card-title"
+      className={cn("leading-none font-semibold", className)}
+      {...props}
+    />
+  )
+}
+
+function CardDescription({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="card-description"
+      className={cn("text-muted-foreground text-sm", className)}
+      {...props}
+    />
+  )
+}
+
+function CardAction({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="card-action"
+      className={cn(
+        "col-start-2 row-span-2 row-start-1 self-start justify-self-end",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function CardContent({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="card-content"
+      className={cn("px-6", className)}
+      {...props}
+    />
+  )
+}
+
+function CardFooter({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="card-footer"
+      className={cn("flex items-center px-6 [.border-t]:pt-6", className)}
+      {...props}
+    />
+  )
+}
+
+export {
+  Card,
+  CardHeader,
+  CardFooter,
+  CardTitle,
+  CardAction,
+  CardDescription,
+  CardContent,
+}
diff --git a/packages/ui/src/components/dialog.tsx b/packages/ui/src/components/dialog.tsx
new file mode 100644
index 0000000..292015a
--- /dev/null
+++ b/packages/ui/src/components/dialog.tsx
@@ -0,0 +1,135 @@
+"use client"
+
+import * as React from "react"
+import * as DialogPrimitive from "@radix-ui/react-dialog"
+import { XIcon } from "lucide-react"
+
+import { cn } from "@repo/ui/lib/utils"
+
+function Dialog({
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Root>) {
+  return <DialogPrimitive.Root data-slot="dialog" {...props} />
+}
+
+function DialogTrigger({
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Trigger>) {
+  return <DialogPrimitive.Trigger data-slot="dialog-trigger" {...props} />
+}
+
+function DialogPortal({
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Portal>) {
+  return <DialogPrimitive.Portal data-slot="dialog-portal" {...props} />
+}
+
+function DialogClose({
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Close>) {
+  return <DialogPrimitive.Close data-slot="dialog-close" {...props} />
+}
+
+function DialogOverlay({
+  className,
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Overlay>) {
+  return (
+    <DialogPrimitive.Overlay
+      data-slot="dialog-overlay"
+      className={cn(
+        "data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 fixed inset-0 z-50 bg-black/50",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function DialogContent({
+  className,
+  children,
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Content>) {
+  return (
+    <DialogPortal data-slot="dialog-portal">
+      <DialogOverlay />
+      <DialogPrimitive.Content
+        data-slot="dialog-content"
+        className={cn(
+          "bg-background data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 fixed top-[50%] left-[50%] z-50 grid w-full max-w-[calc(100%-2rem)] translate-x-[-50%] translate-y-[-50%] gap-4 rounded-lg border p-6 shadow-lg duration-200 sm:max-w-lg",
+          className
+        )}
+        {...props}
+      >
+        {children}
+        <DialogPrimitive.Close className="ring-offset-background focus:ring-ring data-[state=open]:bg-accent data-[state=open]:text-muted-foreground absolute top-4 right-4 rounded-xs opacity-70 transition-opacity hover:opacity-100 focus:ring-2 focus:ring-offset-2 focus:outline-hidden disabled:pointer-events-none [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4">
+          <XIcon />
+          <span className="sr-only">Close</span>
+        </DialogPrimitive.Close>
+      </DialogPrimitive.Content>
+    </DialogPortal>
+  )
+}
+
+function DialogHeader({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="dialog-header"
+      className={cn("flex flex-col gap-2 text-center sm:text-left", className)}
+      {...props}
+    />
+  )
+}
+
+function DialogFooter({ className, ...props }: React.ComponentProps<"div">) {
+  return (
+    <div
+      data-slot="dialog-footer"
+      className={cn(
+        "flex flex-col-reverse gap-2 sm:flex-row sm:justify-end",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+function DialogTitle({
+  className,
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Title>) {
+  return (
+    <DialogPrimitive.Title
+      data-slot="dialog-title"
+      className={cn("text-lg leading-none font-semibold", className)}
+      {...props}
+    />
+  )
+}
+
+function DialogDescription({
+  className,
+  ...props
+}: React.ComponentProps<typeof DialogPrimitive.Description>) {
+  return (
+    <DialogPrimitive.Description
+      data-slot="dialog-description"
+      className={cn("text-muted-foreground text-sm", className)}
+      {...props}
+    />
+  )
+}
+
+export {
+  Dialog,
+  DialogClose,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogOverlay,
+  DialogPortal,
+  DialogTitle,
+  DialogTrigger,
+}
diff --git a/packages/ui/src/components/input.tsx b/packages/ui/src/components/input.tsx
new file mode 100644
index 0000000..c58f90a
--- /dev/null
+++ b/packages/ui/src/components/input.tsx
@@ -0,0 +1,21 @@
+import * as React from "react"
+
+import { cn } from "@repo/ui/lib/utils"
+
+function Input({ className, type, ...props }: React.ComponentProps<"input">) {
+  return (
+    <input
+      type={type}
+      data-slot="input"
+      className={cn(
+        "file:text-foreground placeholder:text-muted-foreground selection:bg-primary selection:text-primary-foreground dark:bg-input/30 border-input flex h-9 w-full min-w-0 rounded-md border bg-transparent px-3 py-1 text-base shadow-xs transition-[color,box-shadow] outline-none file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm",
+        "focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px]",
+        "aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export { Input }
diff --git a/packages/ui/src/components/label.tsx b/packages/ui/src/components/label.tsx
new file mode 100644
index 0000000..bbf396f
--- /dev/null
+++ b/packages/ui/src/components/label.tsx
@@ -0,0 +1,24 @@
+"use client"
+
+import * as React from "react"
+import * as LabelPrimitive from "@radix-ui/react-label"
+
+import { cn } from "@repo/ui/lib/utils"
+
+function Label({
+  className,
+  ...props
+}: React.ComponentProps<typeof LabelPrimitive.Root>) {
+  return (
+    <LabelPrimitive.Root
+      data-slot="label"
+      className={cn(
+        "flex items-center gap-2 text-sm leading-none font-medium select-none group-data-[disabled=true]:pointer-events-none group-data-[disabled=true]:opacity-50 peer-disabled:cursor-not-allowed peer-disabled:opacity-50",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export { Label }
diff --git a/packages/ui/src/components/separator.tsx b/packages/ui/src/components/separator.tsx
new file mode 100644
index 0000000..df56a18
--- /dev/null
+++ b/packages/ui/src/components/separator.tsx
@@ -0,0 +1,28 @@
+"use client"
+
+import * as React from "react"
+import * as SeparatorPrimitive from "@radix-ui/react-separator"
+
+import { cn } from "@repo/ui/lib/utils"
+
+function Separator({
+  className,
+  orientation = "horizontal",
+  decorative = true,
+  ...props
+}: React.ComponentProps<typeof SeparatorPrimitive.Root>) {
+  return (
+    <SeparatorPrimitive.Root
+      data-slot="separator-root"
+      decorative={decorative}
+      orientation={orientation}
+      className={cn(
+        "bg-border shrink-0 data-[orientation=horizontal]:h-px data-[orientation=horizontal]:w-full data-[orientation=vertical]:h-full data-[orientation=vertical]:w-px",
+        className
+      )}
+      {...props}
+    />
+  )
+}
+
+export { Separator }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 6e658a9..1a3d180 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -32,6 +32,9 @@ importers:
       '@elastic/elasticsearch':
         specifier: ^9.0.2
         version: 9.0.2
+      '@hono/node-server':
+        specifier: ^1.14.3
+        version: 1.14.3(hono@4.7.10)
       '@hono/trpc-server':
         specifier: ^0.3.4
         version: 0.3.4(@trpc/server@11.1.2(typescript@5.8.3))(hono@4.7.10)
@@ -41,12 +44,12 @@ importers:
       '@repo/db':
         specifier: workspace:*
         version: link:../../packages/db
+      '@repo/oidc-provider':
+        specifier: workspace:*
+        version: link:../../packages/oidc-provider
       '@trpc/server':
         specifier: 11.1.2
         version: 11.1.2(typescript@5.8.3)
-      '@types/oidc-provider':
-        specifier: ^9.1.0
-        version: 9.1.0
       hono:
         specifier: ^4.7.10
         version: 4.7.10
@@ -71,6 +74,9 @@ importers:
       superjson:
         specifier: ^2.2.2
         version: 2.2.2
+      valibot:
+        specifier: ^1.1.0
+        version: 1.1.0(typescript@5.8.3)
       zod:
         specifier: ^3.25.23
         version: 3.25.23
@@ -81,9 +87,30 @@ importers:
       '@types/node':
         specifier: ^22.15.21
         version: 22.15.21
+      '@types/oidc-provider':
+        specifier: ^9.1.0
+        version: 9.1.0
+      supertest:
+        specifier: ^7.1.1
+        version: 7.1.1
+      vitest:
+        specifier: ^3.1.4
+        version: 3.1.4(@types/node@22.15.21)(jiti@2.4.2)(lightningcss@1.30.1)(tsx@4.19.4)(yaml@2.8.0)
 
   apps/web:
     dependencies:
+      '@radix-ui/react-avatar':
+        specifier: ^1.1.10
+        version: 1.1.10(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-label':
+        specifier: ^2.1.7
+        version: 2.1.7(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-separator':
+        specifier: ^1.1.7
+        version: 1.1.7(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-slot':
+        specifier: ^1.2.3
+        version: 1.2.3(@types/react@19.1.5)(react@19.1.0)
       '@repo/client':
         specifier: workspace:*
         version: link:../../packages/client
@@ -123,6 +150,9 @@ importers:
       next-themes:
         specifier: ^0.4.6
         version: 0.4.6(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      oidc-client-ts:
+        specifier: ^3.2.1
+        version: 3.2.1
       react:
         specifier: ^19.1.0
         version: 19.1.0
@@ -132,6 +162,9 @@ importers:
       superjson:
         specifier: ^2.2.2
         version: 2.2.2
+      valibot:
+        specifier: ^1.1.0
+        version: 1.1.0(typescript@5.8.3)
     devDependencies:
       '@repo/eslint-config':
         specifier: workspace:*
@@ -332,6 +365,34 @@ importers:
         specifier: 5.4.3
         version: 5.4.3
 
+  packages/oidc-provider:
+    dependencies:
+      '@hono/zod-validator':
+        specifier: ^0.5.0
+        version: 0.5.0(hono@4.7.10)(zod@3.25.23)
+      hono:
+        specifier: ^4.7.10
+        version: 4.7.10
+      ioredis:
+        specifier: 5.4.1
+        version: 5.4.1
+      jose:
+        specifier: ^6.0.11
+        version: 6.0.11
+      nanoid:
+        specifier: ^5.1.5
+        version: 5.1.5
+      zod:
+        specifier: ^3.25.23
+        version: 3.25.23
+    devDependencies:
+      '@types/node':
+        specifier: ^22.15.21
+        version: 22.15.21
+      typescript:
+        specifier: ^5.0.0
+        version: 5.8.3
+
   packages/openapi:
     dependencies:
       '@asteasolutions/zod-to-openapi':
@@ -373,11 +434,23 @@ importers:
 
   packages/ui:
     dependencies:
+      '@radix-ui/react-avatar':
+        specifier: ^1.1.10
+        version: 1.1.10(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-dialog':
+        specifier: ^1.1.14
+        version: 1.1.14(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
       '@radix-ui/react-dropdown-menu':
         specifier: ^2.1.14
         version: 2.1.15(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-label':
+        specifier: ^2.1.7
+        version: 2.1.7(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-separator':
+        specifier: ^1.1.7
+        version: 1.1.7(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
       '@radix-ui/react-slot':
-        specifier: ^1.2.2
+        specifier: ^1.2.3
         version: 1.2.3(@types/react@19.1.5)(react@19.1.0)
       clsx:
         specifier: ^2.1.1
@@ -882,6 +955,12 @@ packages:
   '@floating-ui/utils@0.2.9':
     resolution: {integrity: sha512-MDWhGtE+eHw5JW7lq4qhc5yRLS11ERl1c7Z6Xd0a58DozHES6EnNNwUWbMiG4J9Cgj053Bhk8zvlhFYKVhULwg==}
 
+  '@hono/node-server@1.14.3':
+    resolution: {integrity: sha512-KuDMwwghtFYSmIpr4WrKs1VpelTrptvJ+6x6mbUcZnFcc213cumTF5BdqfHyW93B19TNI4Vaev14vOI2a0Ie3w==}
+    engines: {node: '>=18.14.1'}
+    peerDependencies:
+      hono: ^4
+
   '@hono/trpc-server@0.3.4':
     resolution: {integrity: sha512-xFOPjUPnII70FgicDzOJy1ufIoBTu8eF578zGiDOrYOrYN8CJe140s9buzuPkX+SwJRYK8LjEBHywqZtxdm8aA==}
     engines: {node: '>=16.0.0'}
@@ -1151,6 +1230,10 @@ packages:
     cpu: [x64]
     os: [win32]
 
+  '@noble/hashes@1.8.0':
+    resolution: {integrity: sha512-jCs9ldd7NwzpgXDIf6P3+NrHh9/sD6CQdxHyjQI+h/6rDNo88ypBxxz45UDuZHz9r3tNz7N/VInSVoVdtXEI4A==}
+    engines: {node: ^14.21.3 || >=16}
+
   '@nodelib/fs.scandir@2.1.5':
     resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==}
     engines: {node: '>= 8'}
@@ -1171,6 +1254,9 @@ packages:
     resolution: {integrity: sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg==}
     engines: {node: '>=8.0.0'}
 
+  '@paralleldrive/cuid2@2.2.2':
+    resolution: {integrity: sha512-ZOBkgDwEdoYVlSeRbYYXs0S9MejQofiVYoTbKzy/6GQa39/q5tQU2IX46+shYnUkpEl3wc+J6wRlar7r2EK2xA==}
+
   '@pkgjs/parseargs@0.11.0':
     resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==}
     engines: {node: '>=14'}
@@ -1221,6 +1307,19 @@ packages:
       '@types/react-dom':
         optional: true
 
+  '@radix-ui/react-avatar@1.1.10':
+    resolution: {integrity: sha512-V8piFfWapM5OmNCXTzVQY+E1rDa53zY+MQ4Y7356v4fFz6vqCyUtIz2rUD44ZEdwg78/jKmMJHj07+C/Z/rcog==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
   '@radix-ui/react-collection@1.1.7':
     resolution: {integrity: sha512-Fh9rGN0MoI4ZFUNyfFVNU4y9LUz93u9/0K+yLgA2bwRojxM8JU1DyvvMBabnZPBgMWREAJvU2jjVzq+LrFUglw==}
     peerDependencies:
@@ -1252,6 +1351,19 @@ packages:
       '@types/react':
         optional: true
 
+  '@radix-ui/react-dialog@1.1.14':
+    resolution: {integrity: sha512-+CpweKjqpzTmwRwcYECQcNYbI8V9VSQt0SNFKeEBLgfucbsLssU6Ppq7wUdNXEGb573bMjFhVjKVll8rmV6zMw==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
   '@radix-ui/react-direction@1.1.1':
     resolution: {integrity: sha512-1UEWRX6jnOA2y4H5WczZ44gOOjTEmlqv1uNW4GAJEO5+bauCBhv8snY65Iw5/VOS/ghKN9gr2KjnLKxrsvoMVw==}
     peerDependencies:
@@ -1318,6 +1430,19 @@ packages:
       '@types/react':
         optional: true
 
+  '@radix-ui/react-label@2.1.7':
+    resolution: {integrity: sha512-YT1GqPSL8kJn20djelMX7/cTRp/Y9w5IZHvfxQTVHrOqa2yMl7i/UfMqKRU5V7mEyKTrUVgJXhNQPVCG8PBLoQ==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
   '@radix-ui/react-menu@2.1.15':
     resolution: {integrity: sha512-tVlmA3Vb9n8SZSd+YSbuFR66l87Wiy4du+YE+0hzKQEANA+7cWKH1WgqcEX4pXqxUFQKrWQGHdvEfw00TjFiew==}
     peerDependencies:
@@ -1396,6 +1521,19 @@ packages:
       '@types/react-dom':
         optional: true
 
+  '@radix-ui/react-separator@1.1.7':
+    resolution: {integrity: sha512-0HEb8R9E8A+jZjvmFCy/J4xhbXy3TV+9XSnGJ3KvTtjlIUy/YQ/p6UYZvi7YbeoeXdyU9+Y3scizK6hkY37baA==}
+    peerDependencies:
+      '@types/react': '*'
+      '@types/react-dom': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+      react-dom: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+      '@types/react-dom':
+        optional: true
+
   '@radix-ui/react-slot@1.2.3':
     resolution: {integrity: sha512-aeNmHnBxbi2St0au6VBVC7JXFlhLlOnvIIlePNniyUNAClzmtAUEY8/pBiK3iHjufOlwA+c20/8jngo7xcrg8A==}
     peerDependencies:
@@ -1441,6 +1579,15 @@ packages:
       '@types/react':
         optional: true
 
+  '@radix-ui/react-use-is-hydrated@0.1.0':
+    resolution: {integrity: sha512-U+UORVEq+cTnRIaostJv9AGdV3G6Y+zbVd+12e18jQ5A3c0xL03IhnHuiU4UV69wolOQp5GfR58NW/EgdQhwOA==}
+    peerDependencies:
+      '@types/react': '*'
+      react: ^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc
+    peerDependenciesMeta:
+      '@types/react':
+        optional: true
+
   '@radix-ui/react-use-layout-effect@1.1.1':
     resolution: {integrity: sha512-RbJRS4UWQFkzHTTwVymMTUv8EqYhOp8dOOviLj2ugtTiXRaRQS7GLGxZTLL1jWhMeoSCf5zmcZkqTl9IiYfXcQ==}
     peerDependencies:
@@ -2086,6 +2233,35 @@ packages:
   '@ungap/structured-clone@1.3.0':
     resolution: {integrity: sha512-WmoN8qaIAo7WTYWbAZuG8PYEhn5fkz7dZrqTBZ7dtt//lL2Gwms1IcnQ5yHqjDfX8Ft5j4YzDM23f87zBfDe9g==}
 
+  '@vitest/expect@3.1.4':
+    resolution: {integrity: sha512-xkD/ljeliyaClDYqHPNCiJ0plY5YIcM0OlRiZizLhlPmpXWpxnGMyTZXOHFhFeG7w9P5PBeL4IdtJ/HeQwTbQA==}
+
+  '@vitest/mocker@3.1.4':
+    resolution: {integrity: sha512-8IJ3CvwtSw/EFXqWFL8aCMu+YyYXG2WUSrQbViOZkWTKTVicVwZ/YiEZDSqD00kX+v/+W+OnxhNWoeVKorHygA==}
+    peerDependencies:
+      msw: ^2.4.9
+      vite: ^5.0.0 || ^6.0.0
+    peerDependenciesMeta:
+      msw:
+        optional: true
+      vite:
+        optional: true
+
+  '@vitest/pretty-format@3.1.4':
+    resolution: {integrity: sha512-cqv9H9GvAEoTaoq+cYqUTCGscUjKqlJZC7PRwY5FMySVj5J+xOm1KQcCiYHJOEzOKRUhLH4R2pTwvFlWCEScsg==}
+
+  '@vitest/runner@3.1.4':
+    resolution: {integrity: sha512-djTeF1/vt985I/wpKVFBMWUlk/I7mb5hmD5oP8K9ACRmVXgKTae3TUOtXAEBfslNKPzUQvnKhNd34nnRSYgLNQ==}
+
+  '@vitest/snapshot@3.1.4':
+    resolution: {integrity: sha512-JPHf68DvuO7vilmvwdPr9TS0SuuIzHvxeaCkxYcCD4jTk67XwL45ZhEHFKIuCm8CYstgI6LZ4XbwD6ANrwMpFg==}
+
+  '@vitest/spy@3.1.4':
+    resolution: {integrity: sha512-Xg1bXhu+vtPXIodYN369M86K8shGLouNjoVI78g8iAq2rFoHFdajNvJJ5A/9bPMFcfQqdaCpOgWKEoMQg/s0Yg==}
+
+  '@vitest/utils@3.1.4':
+    resolution: {integrity: sha512-yriMuO1cfFhmiGc8ataN51+9ooHRuURdfAZfwFd3usWynjzpLslZdYnRegTv32qdgtJTsj15FoeZe2g15fY1gg==}
+
   '@zxing/text-encoding@0.9.0':
     resolution: {integrity: sha512-U/4aVJ2mxI0aDNI8Uq0wEhMgY+u4CNtEb0om3+y3+niDAsoTCOB33UF0sxpzqzdqXLqmvc+vZyAt4O8pPdfkwA==}
 
@@ -2199,6 +2375,13 @@ packages:
     resolution: {integrity: sha512-BNoCY6SXXPQ7gF2opIP4GBE+Xw7U+pHMYKuzjgCN3GwiaIR09UUeKfheyIry77QtrCBlC0KK0q5/TER/tYh3PQ==}
     engines: {node: '>= 0.4'}
 
+  asap@2.0.6:
+    resolution: {integrity: sha512-BSHWgDSAiKs50o2Re8ppvp3seVHXSRM44cdSsT9FfNEUUZLOGWVCsiWaRPWM1Znn+mqZ1OfVZ3z3DWEzSp7hRA==}
+
+  assertion-error@2.0.1:
+    resolution: {integrity: sha512-Izi8RQcffqCeNVgFigKli1ssklIbpHnCYc6AknXGYoB6grJqyeby7jv12JUQgmTAnIDnbck1uxksT4dzN3PWBA==}
+    engines: {node: '>=12'}
+
   ast-types@0.13.4:
     resolution: {integrity: sha512-x1FCFnFifvYDDzTaLII71vG5uvDwgtmDTEVWAxrgeiR8VjMONcCXJx7E+USjDtHlwFmt9MysbqgF9b9Vjr6w+w==}
     engines: {node: '>=4'}
@@ -2327,6 +2510,10 @@ packages:
   caniuse-lite@1.0.30001718:
     resolution: {integrity: sha512-AflseV1ahcSunK53NfEs9gFWgOEmzr0f+kaMFA4xiLZlr9Hzt7HxcSpIFcnNCUkz6R6dWKa54rUz3HUmI3nVcw==}
 
+  chai@5.2.0:
+    resolution: {integrity: sha512-mCuXncKXk5iCLhfhwTc0izo0gtEmpz5CtG2y8GiOINBlMVS6v8TMRc5TaLWKS6692m9+dVVfzgeVxR5UxWHTYw==}
+    engines: {node: '>=12'}
+
   chalk-template@0.4.0:
     resolution: {integrity: sha512-/ghrgmhfY8RaSdeo43hNXxpoHAtxdbskUHjPpfqUWGttFgycUhYPGx3YZBCnUCvOa7Doivn1IZec3DEGFoMgLg==}
     engines: {node: '>=12'}
@@ -2353,6 +2540,10 @@ packages:
   chardet@0.7.0:
     resolution: {integrity: sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==}
 
+  check-error@2.1.1:
+    resolution: {integrity: sha512-OAlb+T7V4Op9OwdkjmguYRqncdlx5JiofwOAUkmTF+jNdHwzTaTs4sRAGpzLF3oOz5xAyDGrPgeIDFQmDOTiJw==}
+    engines: {node: '>= 16'}
+
   chokidar@3.6.0:
     resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==}
     engines: {node: '>= 8.10.0'}
@@ -2452,6 +2643,9 @@ packages:
     resolution: {integrity: sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==}
     engines: {node: '>= 10'}
 
+  component-emitter@1.3.1:
+    resolution: {integrity: sha512-T0+barUSQRTUQASh8bx02dl+DhF54GtIDY13Y3m9oWTklKbb3Wv974meRpeZ3lp1JpLVECWWNHC4vaG2XHXouQ==}
+
   concat-map@0.0.1:
     resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==}
 
@@ -2481,6 +2675,9 @@ packages:
   convert-source-map@2.0.0:
     resolution: {integrity: sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==}
 
+  cookiejar@2.1.4:
+    resolution: {integrity: sha512-LDx6oHrK+PhzLKJU9j5S7/Y3jM/mUHvD/DeI1WQmJn652iPC5Y4TBzC9l+5OMOXlyTTA+SmVUPm0HQUwpD5Jqw==}
+
   cookies@0.9.1:
     resolution: {integrity: sha512-TG2hpqe4ELx54QER/S3HQ9SRVnQnGBtKUz5bLQWtYAQ+o6GpgMs6sYUvaiJjVxb+UXwhRhAEP3m7LbsIZ77Hmw==}
     engines: {node: '>= 0.8'}
@@ -2566,6 +2763,10 @@ packages:
     resolution: {integrity: sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ==}
     engines: {node: '>=0.10'}
 
+  deep-eql@5.0.2:
+    resolution: {integrity: sha512-h5k/5U50IJJFpzfL6nO9jaaumfjO/f2NjK/oYB2Djzm4p9L+3T9qWpZqZ2hAbLPuuYq9wrU08WQyBTL5GbPk5Q==}
+    engines: {node: '>=6'}
+
   deep-equal@1.0.1:
     resolution: {integrity: sha512-bHtC0iYvWhyaTzvV3CZgPeZQqCOBGyGsVV7v4eevpdkLHfiSrXUdBG+qAuSz4RI70sszvjQ1QSZ98An1yNwpSw==}
 
@@ -2629,6 +2830,9 @@ packages:
   detect-node-es@1.1.0:
     resolution: {integrity: sha512-ypdmJU/TbBby2Dxibuv7ZLW3Bs1QEmM7nHjEANfohJLvE0XVujisn1qPJcZxg+qDucsr+bP6fLD1rPS3AhJ7EQ==}
 
+  dezalgo@1.0.4:
+    resolution: {integrity: sha512-rXSP0bf+5n0Qonsb+SVVfNfIsimO4HEtmnIpPHY8Q1UCzKlQrDMfdobr8nJOOsRgWCyMRqeSBQzmWUMq7zvVig==}
+
   diff@4.0.2:
     resolution: {integrity: sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==}
     engines: {node: '>=0.3.1'}
@@ -2722,6 +2926,9 @@ packages:
     resolution: {integrity: sha512-uDn+FE1yrDzyC0pCo961B2IHbdM8y/ACZsKD4dG6WqrjV53BADjwa7D+1aom2rsNVfLyDgU/eigvlJGJ08OQ4w==}
     engines: {node: '>= 0.4'}
 
+  es-module-lexer@1.7.0:
+    resolution: {integrity: sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==}
+
   es-object-atoms@1.1.1:
     resolution: {integrity: sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==}
     engines: {node: '>= 0.4'}
@@ -2853,6 +3060,9 @@ packages:
     resolution: {integrity: sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==}
     engines: {node: '>=4.0'}
 
+  estree-walker@3.0.3:
+    resolution: {integrity: sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==}
+
   esutils@2.0.3:
     resolution: {integrity: sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==}
     engines: {node: '>=0.10.0'}
@@ -2865,6 +3075,10 @@ packages:
     resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==}
     engines: {node: '>=10'}
 
+  expect-type@1.2.1:
+    resolution: {integrity: sha512-/kP8CAwxzLVEeFrMm4kMmy4CCDlpipyA7MYLVrdJIkV0fYF0UaigQHRsxHiuY/GEea+bh4KSv3TIlgr+2UL6bw==}
+    engines: {node: '>=12.0.0'}
+
   external-editor@3.1.0:
     resolution: {integrity: sha512-hMQ4CX1p1izmuLYyZqLMO/qGNw10wSv9QDCPfzXfyFrOaCSSoRfqE1Kf1s5an66J5JZC62NewG+mK49jOCtQew==}
     engines: {node: '>=4'}
@@ -2886,6 +3100,9 @@ packages:
   fast-levenshtein@2.0.6:
     resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==}
 
+  fast-safe-stringify@2.1.1:
+    resolution: {integrity: sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA==}
+
   fast-xml-parser@4.5.3:
     resolution: {integrity: sha512-RKihhV+SHsIUGXObeVy9AXiBbFwkVk7Syp8XgwN5U3JV416+Gwp/GO9i0JYKmikykgz/UHRrrV4ROuZEo/T0ig==}
     hasBin: true
@@ -2983,6 +3200,10 @@ packages:
     resolution: {integrity: sha512-0iirZp3uVDjVGt9p49aTaqjk84TrglENEDuqfdlZQ1roC9CWlPk6Avf8EEnZNcAqPonwkG35x4n3ww/1THYAeQ==}
     engines: {node: '>= 12.20'}
 
+  formidable@3.5.4:
+    resolution: {integrity: sha512-YikH+7CUTOtP44ZTnUhR7Ic2UASBPOqmaRkRKxRbywPTe5VxF7RRCck4af9wutiZ/QKM5nME9Bie2fFaPz5Gug==}
+    engines: {node: '>=14.0.0'}
+
   fresh@0.5.2:
     resolution: {integrity: sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==}
     engines: {node: '>= 0.6'}
@@ -3487,6 +3708,10 @@ packages:
     resolution: {integrity: sha512-ZZow9HBI5O6EPgSJLUb8n2NKgmVWTwCvHGwFuJlMjvLFqlGG6pjirPhtdsseaLZjSibD8eegzmYpUZwoIlj2cQ==}
     engines: {node: '>=4.0'}
 
+  jwt-decode@4.0.0:
+    resolution: {integrity: sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==}
+    engines: {node: '>=18'}
+
   keygrip@1.1.0:
     resolution: {integrity: sha512-iYSchDJ+liQ8iwbSI2QqsQOvqv58eJCEanyJPJi+Khyu8smkcKSFUCbPwzFcL7YVtZ6eONjqRX/38caJ7QjRAQ==}
     engines: {node: '>= 0.6'}
@@ -3622,6 +3847,9 @@ packages:
     resolution: {integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==}
     hasBin: true
 
+  loupe@3.1.3:
+    resolution: {integrity: sha512-kkIp7XSkP78ZxJEsSxW3712C6teJVoeHHwgo9zJ380de7IYyJ2ISlxojcH2pC5OFLewESmnRi/+XCDIEEVyoug==}
+
   lower-case-first@1.0.2:
     resolution: {integrity: sha512-UuxaYakO7XeONbKrZf5FEgkantPf5DUqDayzP5VXZrtRPdH86s4kN47I8B3TW10S4QKiE3ziHNf3kRN//okHjA==}
 
@@ -3677,6 +3905,10 @@ packages:
     resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==}
     engines: {node: '>= 8'}
 
+  methods@1.1.2:
+    resolution: {integrity: sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==}
+    engines: {node: '>= 0.6'}
+
   micromatch@4.0.8:
     resolution: {integrity: sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==}
     engines: {node: '>=8.6'}
@@ -3697,6 +3929,11 @@ packages:
     resolution: {integrity: sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA==}
     engines: {node: '>= 0.6'}
 
+  mime@2.6.0:
+    resolution: {integrity: sha512-USPkMeET31rOMiarsBNIHZKLGgvKc/LrjofAnBlOttf5ajRvqiRA8QsenbcooctK6d6Ts6aqZXBA+XbkKthiQg==}
+    engines: {node: '>=4.0.0'}
+    hasBin: true
+
   mimic-fn@2.1.0:
     resolution: {integrity: sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==}
     engines: {node: '>=6'}
@@ -3860,6 +4097,10 @@ packages:
     resolution: {integrity: sha512-gXah6aZrcUxjWg2zR2MwouP2eHlCBzdV4pygudehaKXSGW4v2AsRQUK+lwwXhii6KFZcunEnmSUoYp5CXibxtA==}
     engines: {node: '>= 0.4'}
 
+  oidc-client-ts@3.2.1:
+    resolution: {integrity: sha512-hS5AJ5s/x4bXhHvNJT1v+GGvzHUwdRWqNQQbSrp10L1IRmzfRGKQ3VWN3dstJb+oF3WtAyKezwD2+dTEIyBiAA==}
+    engines: {node: '>=18'}
+
   oidc-provider@9.1.1:
     resolution: {integrity: sha512-kkH1yWjjEUKVe2pbWS7vvE3ibRae/yjCcRq1Q8PKu5eGOg4MWlmino7A1Hm1bDYm+bLAdHIVcMdb2i9nbeUTeA==}
 
@@ -3981,6 +4222,10 @@ packages:
   pathe@2.0.3:
     resolution: {integrity: sha512-WUjGcAqP1gQacoQe+OBJsFA7Ld4DyXuUIjZ5cc75cLHvJ7dtNsTugphxIADwspS+AraAUePCKrSVtPLFj/F88w==}
 
+  pathval@2.0.0:
+    resolution: {integrity: sha512-vE7JKRyES09KiunauX7nd2Q9/L7lhok4smP9RZTDeD4MVs72Dp2qNFVz39Nz5a0FVEW0BJR6C0DYrq6unoziZA==}
+    engines: {node: '>= 14.16'}
+
   picocolors@1.0.1:
     resolution: {integrity: sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==}
 
@@ -4082,6 +4327,10 @@ packages:
     resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==}
     engines: {node: '>=6'}
 
+  qs@6.14.0:
+    resolution: {integrity: sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==}
+    engines: {node: '>=0.6'}
+
   query-string@7.1.3:
     resolution: {integrity: sha512-hh2WYhq4fi8+b+/2Kg9CEge4fDPvHS534aOOvOZeQ3+Vf2mCFsaFBYj0i+iXcAq6I9Vzp5fjMFBlONvayDC1qg==}
     engines: {node: '>=6'}
@@ -4335,6 +4584,9 @@ packages:
     resolution: {integrity: sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==}
     engines: {node: '>= 0.4'}
 
+  siginfo@2.0.0:
+    resolution: {integrity: sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==}
+
   signal-exit@3.0.7:
     resolution: {integrity: sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==}
 
@@ -4389,6 +4641,9 @@ packages:
   sprintf-js@1.1.3:
     resolution: {integrity: sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA==}
 
+  stackback@0.0.2:
+    resolution: {integrity: sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==}
+
   standard-as-callback@2.1.0:
     resolution: {integrity: sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==}
 
@@ -4400,6 +4655,9 @@ packages:
     resolution: {integrity: sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==}
     engines: {node: '>= 0.8'}
 
+  std-env@3.9.0:
+    resolution: {integrity: sha512-UGvjygr6F6tpH7o2qyqR6QYpwraIjKSdtzyBdyytFOHmPZY917kwdwLG0RbOjWOnKmnm3PeHjaoLLMie7kPLQw==}
+
   streamsearch@1.1.0:
     resolution: {integrity: sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==}
     engines: {node: '>=10.0.0'}
@@ -4483,10 +4741,18 @@ packages:
     engines: {node: '>=16 || 14 >=14.17'}
     hasBin: true
 
+  superagent@10.2.1:
+    resolution: {integrity: sha512-O+PCv11lgTNJUzy49teNAWLjBZfc+A1enOwTpLlH6/rsvKcTwcdTT8m9azGkVqM7HBl5jpyZ7KTPhHweokBcdg==}
+    engines: {node: '>=14.18.0'}
+
   superjson@2.2.2:
     resolution: {integrity: sha512-5JRxVqC8I8NuOUjzBbvVJAKNM8qoVuH0O77h4WInc/qC2q5IreqKxYwgkga3PfA22OayK2ikceb/B26dztPl+Q==}
     engines: {node: '>=16'}
 
+  supertest@7.1.1:
+    resolution: {integrity: sha512-aI59HBTlG9e2wTjxGJV+DygfNLgnWbGdZxiA/sgrnNNikIW8lbDvCtF6RnhZoJ82nU7qv7ZLjrvWqCEm52fAmw==}
+    engines: {node: '>=14.18.0'}
+
   supports-color@5.5.0:
     resolution: {integrity: sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==}
     engines: {node: '>=4'}
@@ -4548,6 +4814,9 @@ packages:
   through@2.3.8:
     resolution: {integrity: sha512-w89qg7PI8wAdvX60bMDP+bFoD5Dvhm9oLheFp5O4a2QF0cSBGsBX4qZmadPMvVqlLJBBci+WqGGOAPvcDeNSVg==}
 
+  tinybench@2.9.0:
+    resolution: {integrity: sha512-0+DUvqWMValLmha6lr4kD8iAMK1HzV0/aKnCtWb9v9641TnP/MFb7Pc2bxoxQjTXAErryXVgUOfv2YqNllqGeg==}
+
   tinycolor2@1.6.0:
     resolution: {integrity: sha512-XPaBkWQJdsf3pLKJV9p4qN/S+fm2Oj8AIPo1BTUhg5oxkvm9+SVEGFdhyOz7tTdUTfvxMiAs4sp6/eZO2Ew+pw==}
 
@@ -4561,6 +4830,18 @@ packages:
   tinygradient@1.1.5:
     resolution: {integrity: sha512-8nIfc2vgQ4TeLnk2lFj4tRLvvJwEfQuabdsmvDdQPT0xlk9TaNtpGd6nNRxXoK6vQhN6RSzj+Cnp5tTQmpxmbw==}
 
+  tinypool@1.0.2:
+    resolution: {integrity: sha512-al6n+QEANGFOMf/dmUMsuS5/r9B06uwlyNjZZql/zv8J7ybHCgoihBNORZCY2mzUuAnomQa2JdhyHKzZxPCrFA==}
+    engines: {node: ^18.0.0 || >=20.0.0}
+
+  tinyrainbow@2.0.0:
+    resolution: {integrity: sha512-op4nsTR47R6p0vMUUoYl/a+ljLFVtlfaXkLQmqfLR1qHma1h/ysYk4hEXZ880bf2CYgTskvTa/e196Vd5dDQXw==}
+    engines: {node: '>=14.0.0'}
+
+  tinyspy@3.0.2:
+    resolution: {integrity: sha512-n1cw8k1k0x4pgA2+9XrOkFydTerNcJ1zWCO5Nn9scWHTD+5tp8dghT2x1uduQePZTZgd3Tupf+x9BxJjeJi77Q==}
+    engines: {node: '>=14.0.0'}
+
   title-case@2.1.1:
     resolution: {integrity: sha512-EkJoZ2O3zdCz3zJsYCsxyq2OC5hrxR9mfdd5I+w8h/tmFfeOxJ+vvkxsKxdmN0WtS9zLdHEgfgVOiMVgv+Po4Q==}
 
@@ -4818,6 +5099,11 @@ packages:
       '@types/react':
         optional: true
 
+  use-sync-external-store@1.5.0:
+    resolution: {integrity: sha512-Rb46I4cGGVBmjamjphe8L/UnvJD+uPPtTkNvX5mZgqdbavhI4EbgIWJiIHXJ8bc/i9EQGPRh4DwEURJ552Do0A==}
+    peerDependencies:
+      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0
+
   util-deprecate@1.0.2:
     resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}
 
@@ -4827,6 +5113,14 @@ packages:
   v8-compile-cache-lib@3.0.1:
     resolution: {integrity: sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg==}
 
+  valibot@1.1.0:
+    resolution: {integrity: sha512-Nk8lX30Qhu+9txPYTwM0cFlWLdPFsFr6LblzqIySfbZph9+BFsAHsNvHOymEviUepeIW6KFHzpX8TKhbptBXXw==}
+    peerDependencies:
+      typescript: '>=5'
+    peerDependenciesMeta:
+      typescript:
+        optional: true
+
   validate-npm-package-name@5.0.1:
     resolution: {integrity: sha512-OljLrQ9SQdOUqTaQxqL5dEfZWrXExyyWsozYlAWFawPVNuD83igl7uJD2RTkNMbniIYgt8l81eCJGIdQF7avLQ==}
     engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0}
@@ -4835,6 +5129,79 @@ packages:
     resolution: {integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==}
     engines: {node: '>= 0.8'}
 
+  vite-node@3.1.4:
+    resolution: {integrity: sha512-6enNwYnpyDo4hEgytbmc6mYWHXDHYEn0D1/rw4Q+tnHUGtKTJsn8T1YkX6Q18wI5LCrS8CTYlBaiCqxOy2kvUA==}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22.0.0}
+    hasBin: true
+
+  vite@6.3.5:
+    resolution: {integrity: sha512-cZn6NDFE7wdTpINgs++ZJ4N49W2vRp8LCKrn3Ob1kYNtOo21vfDoaV5GzBfLU4MovSAB8uNRm4jgzVQZ+mBzPQ==}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22.0.0}
+    hasBin: true
+    peerDependencies:
+      '@types/node': ^18.0.0 || ^20.0.0 || >=22.0.0
+      jiti: '>=1.21.0'
+      less: '*'
+      lightningcss: ^1.21.0
+      sass: '*'
+      sass-embedded: '*'
+      stylus: '*'
+      sugarss: '*'
+      terser: ^5.16.0
+      tsx: ^4.8.1
+      yaml: ^2.4.2
+    peerDependenciesMeta:
+      '@types/node':
+        optional: true
+      jiti:
+        optional: true
+      less:
+        optional: true
+      lightningcss:
+        optional: true
+      sass:
+        optional: true
+      sass-embedded:
+        optional: true
+      stylus:
+        optional: true
+      sugarss:
+        optional: true
+      terser:
+        optional: true
+      tsx:
+        optional: true
+      yaml:
+        optional: true
+
+  vitest@3.1.4:
+    resolution: {integrity: sha512-Ta56rT7uWxCSJXlBtKgIlApJnT6e6IGmTYxYcmxjJ4ujuZDI59GUQgVDObXXJujOmPDBYXHK1qmaGtneu6TNIQ==}
+    engines: {node: ^18.0.0 || ^20.0.0 || >=22.0.0}
+    hasBin: true
+    peerDependencies:
+      '@edge-runtime/vm': '*'
+      '@types/debug': ^4.1.12
+      '@types/node': ^18.0.0 || ^20.0.0 || >=22.0.0
+      '@vitest/browser': 3.1.4
+      '@vitest/ui': 3.1.4
+      happy-dom: '*'
+      jsdom: '*'
+    peerDependenciesMeta:
+      '@edge-runtime/vm':
+        optional: true
+      '@types/debug':
+        optional: true
+      '@types/node':
+        optional: true
+      '@vitest/browser':
+        optional: true
+      '@vitest/ui':
+        optional: true
+      happy-dom:
+        optional: true
+      jsdom:
+        optional: true
+
   wcwidth@1.0.1:
     resolution: {integrity: sha512-XHPEwS0q6TaxcvG85+8EYkbiCux2XtWG2mkc47Ng2A77BQu9+DqIOJldST4HgPkuea7dvKSj5VgX3P1d4rW8Tg==}
 
@@ -4872,6 +5239,11 @@ packages:
     engines: {node: '>= 8'}
     hasBin: true
 
+  why-is-node-running@2.3.0:
+    resolution: {integrity: sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==}
+    engines: {node: '>=8'}
+    hasBin: true
+
   word-wrap@1.2.5:
     resolution: {integrity: sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==}
     engines: {node: '>=0.10.0'}
@@ -5322,6 +5694,10 @@ snapshots:
 
   '@floating-ui/utils@0.2.9': {}
 
+  '@hono/node-server@1.14.3(hono@4.7.10)':
+    dependencies:
+      hono: 4.7.10
+
   '@hono/trpc-server@0.3.4(@trpc/server@11.1.2(typescript@5.8.3))(hono@4.7.10)':
     dependencies:
       '@trpc/server': 11.1.2(typescript@5.8.3)
@@ -5513,6 +5889,8 @@ snapshots:
   '@next/swc-win32-x64-msvc@15.3.2':
     optional: true
 
+  '@noble/hashes@1.8.0': {}
+
   '@nodelib/fs.scandir@2.1.5':
     dependencies:
       '@nodelib/fs.stat': 2.0.5
@@ -5530,6 +5908,10 @@ snapshots:
   '@opentelemetry/api@1.9.0':
     optional: true
 
+  '@paralleldrive/cuid2@2.2.2':
+    dependencies:
+      '@noble/hashes': 1.8.0
+
   '@pkgjs/parseargs@0.11.0':
     optional: true
 
@@ -5574,6 +5956,19 @@ snapshots:
       '@types/react': 19.1.5
       '@types/react-dom': 19.1.5(@types/react@19.1.5)
 
+  '@radix-ui/react-avatar@1.1.10(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
+    dependencies:
+      '@radix-ui/react-context': 1.1.2(@types/react@19.1.5)(react@19.1.0)
+      '@radix-ui/react-primitive': 2.1.3(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-use-callback-ref': 1.1.1(@types/react@19.1.5)(react@19.1.0)
+      '@radix-ui/react-use-is-hydrated': 0.1.0(@types/react@19.1.5)(react@19.1.0)
+      '@radix-ui/react-use-layout-effect': 1.1.1(@types/react@19.1.5)(react@19.1.0)
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+    optionalDependencies:
+      '@types/react': 19.1.5
+      '@types/react-dom': 19.1.5(@types/react@19.1.5)
+
   '@radix-ui/react-collection@1.1.7(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
     dependencies:
       '@radix-ui/react-compose-refs': 1.1.2(@types/react@19.1.5)(react@19.1.0)
@@ -5598,6 +5993,28 @@ snapshots:
     optionalDependencies:
       '@types/react': 19.1.5
 
+  '@radix-ui/react-dialog@1.1.14(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
+    dependencies:
+      '@radix-ui/primitive': 1.1.2
+      '@radix-ui/react-compose-refs': 1.1.2(@types/react@19.1.5)(react@19.1.0)
+      '@radix-ui/react-context': 1.1.2(@types/react@19.1.5)(react@19.1.0)
+      '@radix-ui/react-dismissable-layer': 1.1.10(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-focus-guards': 1.1.2(@types/react@19.1.5)(react@19.1.0)
+      '@radix-ui/react-focus-scope': 1.1.7(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-id': 1.1.1(@types/react@19.1.5)(react@19.1.0)
+      '@radix-ui/react-portal': 1.1.9(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-presence': 1.1.4(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-primitive': 2.1.3(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      '@radix-ui/react-slot': 1.2.3(@types/react@19.1.5)(react@19.1.0)
+      '@radix-ui/react-use-controllable-state': 1.2.2(@types/react@19.1.5)(react@19.1.0)
+      aria-hidden: 1.2.6
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+      react-remove-scroll: 2.7.0(@types/react@19.1.5)(react@19.1.0)
+    optionalDependencies:
+      '@types/react': 19.1.5
+      '@types/react-dom': 19.1.5(@types/react@19.1.5)
+
   '@radix-ui/react-direction@1.1.1(@types/react@19.1.5)(react@19.1.0)':
     dependencies:
       react: 19.1.0
@@ -5656,6 +6073,15 @@ snapshots:
     optionalDependencies:
       '@types/react': 19.1.5
 
+  '@radix-ui/react-label@2.1.7(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
+    dependencies:
+      '@radix-ui/react-primitive': 2.1.3(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+    optionalDependencies:
+      '@types/react': 19.1.5
+      '@types/react-dom': 19.1.5(@types/react@19.1.5)
+
   '@radix-ui/react-menu@2.1.15(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
     dependencies:
       '@radix-ui/primitive': 1.1.2
@@ -5746,6 +6172,15 @@ snapshots:
       '@types/react': 19.1.5
       '@types/react-dom': 19.1.5(@types/react@19.1.5)
 
+  '@radix-ui/react-separator@1.1.7(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)':
+    dependencies:
+      '@radix-ui/react-primitive': 2.1.3(@types/react-dom@19.1.5(@types/react@19.1.5))(@types/react@19.1.5)(react-dom@19.1.0(react@19.1.0))(react@19.1.0)
+      react: 19.1.0
+      react-dom: 19.1.0(react@19.1.0)
+    optionalDependencies:
+      '@types/react': 19.1.5
+      '@types/react-dom': 19.1.5(@types/react@19.1.5)
+
   '@radix-ui/react-slot@1.2.3(@types/react@19.1.5)(react@19.1.0)':
     dependencies:
       '@radix-ui/react-compose-refs': 1.1.2(@types/react@19.1.5)(react@19.1.0)
@@ -5781,6 +6216,13 @@ snapshots:
     optionalDependencies:
       '@types/react': 19.1.5
 
+  '@radix-ui/react-use-is-hydrated@0.1.0(@types/react@19.1.5)(react@19.1.0)':
+    dependencies:
+      react: 19.1.0
+      use-sync-external-store: 1.5.0(react@19.1.0)
+    optionalDependencies:
+      '@types/react': 19.1.5
+
   '@radix-ui/react-use-layout-effect@1.1.1(@types/react@19.1.5)(react@19.1.0)':
     dependencies:
       react: 19.1.0
@@ -6406,6 +6848,46 @@ snapshots:
 
   '@ungap/structured-clone@1.3.0': {}
 
+  '@vitest/expect@3.1.4':
+    dependencies:
+      '@vitest/spy': 3.1.4
+      '@vitest/utils': 3.1.4
+      chai: 5.2.0
+      tinyrainbow: 2.0.0
+
+  '@vitest/mocker@3.1.4(vite@6.3.5(@types/node@22.15.21)(jiti@2.4.2)(lightningcss@1.30.1)(tsx@4.19.4)(yaml@2.8.0))':
+    dependencies:
+      '@vitest/spy': 3.1.4
+      estree-walker: 3.0.3
+      magic-string: 0.30.17
+    optionalDependencies:
+      vite: 6.3.5(@types/node@22.15.21)(jiti@2.4.2)(lightningcss@1.30.1)(tsx@4.19.4)(yaml@2.8.0)
+
+  '@vitest/pretty-format@3.1.4':
+    dependencies:
+      tinyrainbow: 2.0.0
+
+  '@vitest/runner@3.1.4':
+    dependencies:
+      '@vitest/utils': 3.1.4
+      pathe: 2.0.3
+
+  '@vitest/snapshot@3.1.4':
+    dependencies:
+      '@vitest/pretty-format': 3.1.4
+      magic-string: 0.30.17
+      pathe: 2.0.3
+
+  '@vitest/spy@3.1.4':
+    dependencies:
+      tinyspy: 3.0.2
+
+  '@vitest/utils@3.1.4':
+    dependencies:
+      '@vitest/pretty-format': 3.1.4
+      loupe: 3.1.3
+      tinyrainbow: 2.0.0
+
   '@zxing/text-encoding@0.9.0':
     optional: true
 
@@ -6544,6 +7026,10 @@ snapshots:
       get-intrinsic: 1.3.0
       is-array-buffer: 3.0.5
 
+  asap@2.0.6: {}
+
+  assertion-error@2.0.1: {}
+
   ast-types@0.13.4:
     dependencies:
       tslib: 2.8.1
@@ -6676,6 +7162,14 @@ snapshots:
 
   caniuse-lite@1.0.30001718: {}
 
+  chai@5.2.0:
+    dependencies:
+      assertion-error: 2.0.1
+      check-error: 2.1.1
+      deep-eql: 5.0.2
+      loupe: 3.1.3
+      pathval: 2.0.0
+
   chalk-template@0.4.0:
     dependencies:
       chalk: 4.1.2
@@ -6721,6 +7215,8 @@ snapshots:
 
   chardet@0.7.0: {}
 
+  check-error@2.1.1: {}
+
   chokidar@3.6.0:
     dependencies:
       anymatch: 3.1.3
@@ -6815,6 +7311,8 @@ snapshots:
 
   commander@7.2.0: {}
 
+  component-emitter@1.3.1: {}
+
   concat-map@0.0.1: {}
 
   concurrently@8.2.2:
@@ -6846,6 +7344,8 @@ snapshots:
 
   convert-source-map@2.0.0: {}
 
+  cookiejar@2.1.4: {}
+
   cookies@0.9.1:
     dependencies:
       depd: 2.0.0
@@ -6932,6 +7432,8 @@ snapshots:
 
   decode-uri-component@0.2.2: {}
 
+  deep-eql@5.0.2: {}
+
   deep-equal@1.0.1: {}
 
   deep-extend@0.6.0: {}
@@ -6989,6 +7491,11 @@ snapshots:
 
   detect-node-es@1.1.0: {}
 
+  dezalgo@1.0.4:
+    dependencies:
+      asap: 2.0.6
+      wrappy: 1.0.2
+
   diff@4.0.2: {}
 
   dir-glob@3.0.1:
@@ -7140,6 +7647,8 @@ snapshots:
       iterator.prototype: 1.1.5
       safe-array-concat: 1.1.3
 
+  es-module-lexer@1.7.0: {}
+
   es-object-atoms@1.1.1:
     dependencies:
       es-errors: 1.3.0
@@ -7392,6 +7901,10 @@ snapshots:
 
   estraverse@5.3.0: {}
 
+  estree-walker@3.0.3:
+    dependencies:
+      '@types/estree': 1.0.7
+
   esutils@2.0.3: {}
 
   eta@3.5.0: {}
@@ -7408,6 +7921,8 @@ snapshots:
       signal-exit: 3.0.7
       strip-final-newline: 2.0.0
 
+  expect-type@1.2.1: {}
+
   external-editor@3.1.0:
     dependencies:
       chardet: 0.7.0
@@ -7436,6 +7951,8 @@ snapshots:
 
   fast-levenshtein@2.0.6: {}
 
+  fast-safe-stringify@2.1.1: {}
+
   fast-xml-parser@4.5.3:
     dependencies:
       strnum: 1.1.2
@@ -7525,6 +8042,12 @@ snapshots:
       node-domexception: 1.0.0
       web-streams-polyfill: 4.0.0-beta.3
 
+  formidable@3.5.4:
+    dependencies:
+      '@paralleldrive/cuid2': 2.2.2
+      dezalgo: 1.0.4
+      once: 1.4.0
+
   fresh@0.5.2: {}
 
   fs-extra@10.1.0:
@@ -8079,6 +8602,8 @@ snapshots:
       object.assign: 4.1.7
       object.values: 1.2.1
 
+  jwt-decode@4.0.0: {}
+
   keygrip@1.1.0:
     dependencies:
       tsscmp: 1.0.6
@@ -8200,6 +8725,8 @@ snapshots:
     dependencies:
       js-tokens: 4.0.0
 
+  loupe@3.1.3: {}
+
   lower-case-first@1.0.2:
     dependencies:
       lower-case: 1.1.4
@@ -8242,6 +8769,8 @@ snapshots:
 
   merge2@1.4.1: {}
 
+  methods@1.1.2: {}
+
   micromatch@4.0.8:
     dependencies:
       braces: 3.0.3
@@ -8259,6 +8788,8 @@ snapshots:
     dependencies:
       mime-db: 1.54.0
 
+  mime@2.6.0: {}
+
   mimic-fn@2.1.0: {}
 
   minimatch@10.0.1:
@@ -8439,6 +8970,10 @@ snapshots:
       define-properties: 1.2.1
       es-object-atoms: 1.1.1
 
+  oidc-client-ts@3.2.1:
+    dependencies:
+      jwt-decode: 4.0.0
+
   oidc-provider@9.1.1:
     dependencies:
       '@koa/cors': 5.0.0
@@ -8600,6 +9135,8 @@ snapshots:
 
   pathe@2.0.3: {}
 
+  pathval@2.0.0: {}
+
   picocolors@1.0.1: {}
 
   picocolors@1.1.1: {}
@@ -8683,6 +9220,10 @@ snapshots:
 
   punycode@2.3.1: {}
 
+  qs@6.14.0:
+    dependencies:
+      side-channel: 1.1.0
+
   query-string@7.1.3:
     dependencies:
       decode-uri-component: 0.2.2
@@ -9000,6 +9541,8 @@ snapshots:
       side-channel-map: 1.0.1
       side-channel-weakmap: 1.0.2
 
+  siginfo@2.0.0: {}
+
   signal-exit@3.0.7: {}
 
   signal-exit@4.1.0: {}
@@ -9049,12 +9592,16 @@ snapshots:
 
   sprintf-js@1.1.3: {}
 
+  stackback@0.0.2: {}
+
   standard-as-callback@2.1.0: {}
 
   statuses@1.5.0: {}
 
   statuses@2.0.1: {}
 
+  std-env@3.9.0: {}
+
   streamsearch@1.1.0: {}
 
   strict-uri-encode@2.0.0: {}
@@ -9156,10 +9703,31 @@ snapshots:
       pirates: 4.0.7
       ts-interface-checker: 0.1.13
 
+  superagent@10.2.1:
+    dependencies:
+      component-emitter: 1.3.1
+      cookiejar: 2.1.4
+      debug: 4.4.1
+      fast-safe-stringify: 2.1.1
+      form-data: 4.0.2
+      formidable: 3.5.4
+      methods: 1.1.2
+      mime: 2.6.0
+      qs: 6.14.0
+    transitivePeerDependencies:
+      - supports-color
+
   superjson@2.2.2:
     dependencies:
       copy-anything: 3.0.5
 
+  supertest@7.1.1:
+    dependencies:
+      methods: 1.1.2
+      superagent: 10.2.1
+    transitivePeerDependencies:
+      - supports-color
+
   supports-color@5.5.0:
     dependencies:
       has-flag: 3.0.0
@@ -9227,6 +9795,8 @@ snapshots:
 
   through@2.3.8: {}
 
+  tinybench@2.9.0: {}
+
   tinycolor2@1.6.0: {}
 
   tinyexec@0.3.2: {}
@@ -9241,6 +9811,12 @@ snapshots:
       '@types/tinycolor2': 1.4.6
       tinycolor2: 1.6.0
 
+  tinypool@1.0.2: {}
+
+  tinyrainbow@2.0.0: {}
+
+  tinyspy@3.0.2: {}
+
   title-case@2.1.1:
     dependencies:
       no-case: 2.3.2
@@ -9506,6 +10082,10 @@ snapshots:
     optionalDependencies:
       '@types/react': 19.1.5
 
+  use-sync-external-store@1.5.0(react@19.1.0):
+    dependencies:
+      react: 19.1.0
+
   util-deprecate@1.0.2: {}
 
   util@0.12.5:
@@ -9518,10 +10098,90 @@ snapshots:
 
   v8-compile-cache-lib@3.0.1: {}
 
+  valibot@1.1.0(typescript@5.8.3):
+    optionalDependencies:
+      typescript: 5.8.3
+
   validate-npm-package-name@5.0.1: {}
 
   vary@1.1.2: {}
 
+  vite-node@3.1.4(@types/node@22.15.21)(jiti@2.4.2)(lightningcss@1.30.1)(tsx@4.19.4)(yaml@2.8.0):
+    dependencies:
+      cac: 6.7.14
+      debug: 4.4.1
+      es-module-lexer: 1.7.0
+      pathe: 2.0.3
+      vite: 6.3.5(@types/node@22.15.21)(jiti@2.4.2)(lightningcss@1.30.1)(tsx@4.19.4)(yaml@2.8.0)
+    transitivePeerDependencies:
+      - '@types/node'
+      - jiti
+      - less
+      - lightningcss
+      - sass
+      - sass-embedded
+      - stylus
+      - sugarss
+      - supports-color
+      - terser
+      - tsx
+      - yaml
+
+  vite@6.3.5(@types/node@22.15.21)(jiti@2.4.2)(lightningcss@1.30.1)(tsx@4.19.4)(yaml@2.8.0):
+    dependencies:
+      esbuild: 0.25.4
+      fdir: 6.4.4(picomatch@4.0.2)
+      picomatch: 4.0.2
+      postcss: 8.5.3
+      rollup: 4.41.0
+      tinyglobby: 0.2.13
+    optionalDependencies:
+      '@types/node': 22.15.21
+      fsevents: 2.3.3
+      jiti: 2.4.2
+      lightningcss: 1.30.1
+      tsx: 4.19.4
+      yaml: 2.8.0
+
+  vitest@3.1.4(@types/node@22.15.21)(jiti@2.4.2)(lightningcss@1.30.1)(tsx@4.19.4)(yaml@2.8.0):
+    dependencies:
+      '@vitest/expect': 3.1.4
+      '@vitest/mocker': 3.1.4(vite@6.3.5(@types/node@22.15.21)(jiti@2.4.2)(lightningcss@1.30.1)(tsx@4.19.4)(yaml@2.8.0))
+      '@vitest/pretty-format': 3.1.4
+      '@vitest/runner': 3.1.4
+      '@vitest/snapshot': 3.1.4
+      '@vitest/spy': 3.1.4
+      '@vitest/utils': 3.1.4
+      chai: 5.2.0
+      debug: 4.4.1
+      expect-type: 1.2.1
+      magic-string: 0.30.17
+      pathe: 2.0.3
+      std-env: 3.9.0
+      tinybench: 2.9.0
+      tinyexec: 0.3.2
+      tinyglobby: 0.2.13
+      tinypool: 1.0.2
+      tinyrainbow: 2.0.0
+      vite: 6.3.5(@types/node@22.15.21)(jiti@2.4.2)(lightningcss@1.30.1)(tsx@4.19.4)(yaml@2.8.0)
+      vite-node: 3.1.4(@types/node@22.15.21)(jiti@2.4.2)(lightningcss@1.30.1)(tsx@4.19.4)(yaml@2.8.0)
+      why-is-node-running: 2.3.0
+    optionalDependencies:
+      '@types/node': 22.15.21
+    transitivePeerDependencies:
+      - jiti
+      - less
+      - lightningcss
+      - msw
+      - sass
+      - sass-embedded
+      - stylus
+      - sugarss
+      - supports-color
+      - terser
+      - tsx
+      - yaml
+
   wcwidth@1.0.1:
     dependencies:
       defaults: 1.0.4
@@ -9587,6 +10247,11 @@ snapshots:
     dependencies:
       isexe: 2.0.0
 
+  why-is-node-running@2.3.0:
+    dependencies:
+      siginfo: 2.0.0
+      stackback: 0.0.2
+
   word-wrap@1.2.5: {}
 
   wordwrap@1.0.0: {}
diff --git a/test-oidc.ts b/test-oidc.ts
new file mode 100644
index 0000000..0519ecb
--- /dev/null
+++ b/test-oidc.ts
@@ -0,0 +1 @@
+ 
\ No newline at end of file