From 0f2e2760931c991a9bb456a822ca261057459336 Mon Sep 17 00:00:00 2001
From: kinhdev-sandbox <kinhdev-sandbox@Kinhdev24-Mac.local>
Date: Thu, 29 Jan 2026 09:05:06 +0700
Subject: [PATCH 1/3] chore: Updated docs

---
 public/screenshots/google-oauth.png           | Bin 0 -> 60616 bytes
 src/app/_components/NumberOfContent.jsx       |   4 +-
 .../self-hosting/docker/advanced-setup.mdx    | 216 ++++++++++++------
 3 files changed, 143 insertions(+), 77 deletions(-)
 create mode 100644 public/screenshots/google-oauth.png

diff --git a/public/screenshots/google-oauth.png b/public/screenshots/google-oauth.png
new file mode 100644
index 0000000000000000000000000000000000000000..17d0f89cc5d26a2f43811e3302057a02451d2f50
GIT binary patch
literal 60616
zcmbSzbyyrr(=RR|c#z<P;O_1g+?}977I$|IZi~CSyIXMg;1Jy1?QYI_k9^;I?>~2W
z_Su=~F6rv(>YAG05F#%tj`$Ae9T*rGqQn;wMKCZ(02mlJ4;&2Wil*|z2<Su)AS^5|
zAuLQJZ)a@`urLAxqlmGLmZ67K_z<+7J)L)G=&R16tWHEaR-~z}0-qBmfl7#*+??JJ
z+hA2dVz5W}MWm`0{VfX<(||ta3mmmnb^K`1E>~k;9S1x4-cYLjDeoOL&NJ5@C$f)6
zcSCHgQukc_P1YU8I|x%j<PYf>uF^ATvwmlqgyX!9N-GhAt&v)b{d#9V4$kw=Y;}2E
zUzc^UI)EDAl=&%C`e||HdwwiMj**_BI;+=xxX9j?j-MdKRp}_ZrXk(>(fH$prnK<;
z&N6YX*u<<2U*lMZQ}puFSkL9BIl5u60!DwRbRw3b@A8p`kvxyyWQxflh6s4ARaGJH
zYpMWTV(-L}$S!!^>0yh0R~JoUqH2FV$u7O{B5Dzkb8Jnq1=DT=vrMmGn-pJf2Csl#
zpnVz8=)3qZV`vtiDkU%zgJMnX;|xc^4|k!1mg51#!UwK4PA<TtPnQro-w86gfswj|
zv5X8D73dfa3<4Yt3=(t%4*CNN27p2RaSR4V2KoifRBR9!Ea(>v^p($o_^TBXkOleI
zF*wifj)F?U5)z<aB||$SBP)ATYllQ8KOrzM2ws4)x`VomG?$^ZC7u2^YXc)X7fYMp
zBw#!)T%bcsBL{sV7fTB(doCB=Pk;2_0v-RpO#g}Kk1h`8yr0x%<cWl>?Tm=n=osi2
zKJmRHA|m3k`)16gC?fVBa?ly?CsPLp8!mc!XJ=<RXJ$HUI}>_FPEJmG1}1tYCR$Jr
zT6<S32YnY>D|?bZnf%2^#K_*z4q)Q|u(l%l%~#*R+R=gc)2H8p{{H-_r;!WbA4yjB
z{}~o&fb_px=o#r4=>KnI4gll-2ifnIKgs?W*Pr5eelz2e2e=qnXovtTK~@E+#>dRa
z#`A}m|7!V1(LX6w?2YV%tt~->4t)Pi%YTUf-T1!={}8GEk4O%7=6{R)SIfUBe-D96
z&JF;QrvKZ9e2hHw|8?y@{dwqr8~9%a|8q9~xC)w1zIQzIf4c_XJ4g)nO)xM4FbNSs
zWf$<{bZ8HZ0rY|3&rPkuepq+EENx%q>(sT%np#_>q%IodwZmFLANO;(Sd=e4-d<03
zQ6pO#JfE38dRAMPmsg+GR@cVIkF~?)Xg+^}3h+Tefe;dag99ff`tu~l&u1pyyz!H$
zXdc@CX!!F)U>gdq+1>~p^Z(L@0uRR_;>Yy`<G;BI5&8H~0PLv$k@FY*Csc5S=}%LA
z(Ix-gCL$5%{%_s>q(KRR`yPuKLKmbg`Y*lz!%s401@bS}f2-m9MMMBt_r-xRkLthL
zz;Du7x{07Z;ezvb%5A@FqI+Jyd{`_YyFrEMCPSH_gz1aG@W;b9gyKf#l>b}a_eZE7
zv6wfN7i!Ky@{>C54`F_{b6+`&t7svx9lF{h+_gpi?u!DE08-dEB-|p30ir4^1kSfe
zTHy4e$is1G<u4Tj(m>`RHlg4QU;?+beQ%T%`!$b*=*}gt^|K=J-%}F`>J)Qm_r>Th
zvcF9B{S-<>BJ9-JC$00p=JWrLNFaa;K(Eu5wKX6&x!QU+xUfL4=nFqG+~)a|FtNZ+
z6BgYT_`iJTUJ^dwX`pPq(_0RmTsEiPd|}#Nb(%#YgNKvVdM$jZ(Ojz9pl_NjcoFTL
zK}=2`;O8Xq^|Cc>PZ{1!`0C0^u|skVkl6%Dv(YKyz$&b>)%i>!7>TeTjyzIBnuPn0
zF&98ttu#q2Sg*j<H7gIH1+c08W9RQ_P(3OVt!_6sj{84jGWa~jFsN0t(AK@An(g-r
z66tlP8%~x1hqC~O^DaTn76;oV3Nw9AiN`xafyT3yY>bgNW=srnSqnQ`rvi(`nvab`
zl0VTXR&P_NHqJ-2iK+J6qxe_7AAQkCZSq)#3>3q$iHGTi@x!YwBO@6HiQhLjbzbDU
z*y2$*NiPT9KcPQ(KZ?j|7w(hcvRgK|4U0#@5F9^Li#e7abjO?zp!r*SJVT2|BS*eJ
zz38T7ro!8r*uNnZ7~sVpl{#11INw6=KQTV5#U-$e;<Q0kspz2F*gi5b-Rrr`aJjrB
z$(OKNcSpVv{EF9mX_OUAbR<L+iU!9{ikMJpJf<bz0|jro738Q(K^ae_l80#_A>49a
zl@~a0<FT_VHj(MwfSEJua`9^_fi|@#*M*V<2)E+4E!;`(Dyeqbp_cCTEtS%d=1`p;
zBc3vv2q?*zIktsGNGW@a4dhX1;w{;wHZVL2j>_B*mR%_JOjo`(pZmt9xZL;@Ur7I8
z({Z5qLm9U1ZA0z`cBMdj+}6}>LYj^FW9vD5ddIG)dB0J8vMQQ7d6mh8&gJc`Y6u=a
zKBYwLXCRG+;xLdAy%AtrPFS`KasWO)x{nxC>H>{(mxu0zgqL@QeQC>M`!q+$E|Xo!
zQ4w%xea?9X>pu#8$EJ%SYi-3D)Fz9)?w=v^rP1Qhend=apd7w0pz)RsYiOQYgkJy2
zL!zciK;_gdn7fo$*s@MuolF2v!1p9zYsf7h`nlU$ZHf)U%qh@~MN+2Rte~oNrRs~r
zeUFwI^DEyA`zM5*3FEg~(_*^a)4({jb%olPyCTC?<=KluU;+}WRptB^CdSamsD8&U
z)+=PxpjZQyE^w|@M3lg4I*D?5eVy0t?xgU1e=$ao&ThRXu)H^#EQL(SmzO~6ovYs~
zcK%$ybv+|@<KkH)*%%@o2I?au9!Zd|-E24Qyfds&s!H1_e<_>JCHh9IEBMspkHT)H
zU7}G+_VR4MC13>Lx7cyrpVUub_vVwyxF#P<XV;B?yFO5&(k?=Yz~f9~G9LZ1H=&zV
zJoA&v<s7BEz1FC7p6ZF8{8canoxFh0^HJgUc(KUwNY#v6o2XDWU9#2bq#&_UM`3p~
zx!5*0XtoZ3ZfC>r)*})OIR1H2_tpiT|8sXV#-Gda@CybNa6wiyAzMIiMqe&JD}Ff9
z=aEf9_&}-u^F*VU!)^;!`O=XrwEYi+8CjV^eggR^>t9n{y8z)$i;fB!<1#NnEGx!6
zMi^3RSsK{KlYtLn`6owQspsY8v?J;^W^pV4v^lnir-wN9MssZW-_Ef!l9)JMD20_q
zV@Y6tbEqQpq@MkZ%r+yI0JT3U<ogccV3C70UlJ#7&Gl)jfFxtqW$^3Lr3qWUO+X%x
zx<tuco2cPZe&N#2v66$3qK*h5LSXK<wR@J73AN7*;P!Vy4exDT!01R{<Ui|g{J4~Y
zgY#t|MX{1xN@g}GB8tk;RGb`5-^rIsJQ!W9b@2I0w27wC^hMv!fl1kQC^moAyG!74
zH`N;W>vn&WB<1{x(BWjsQPqVEx0c)al;`DH3SEUxn<jf@G_%o%PN&UOI=B31+@9gW
zK%M;_-Qip*ayqwn29;Wg$o`k()y60s*2m=AlVxE-K93EgQK|eaV(T*D=O%kdPMh;A
z+x1j->!#P6gQ;9`<qi*5$wWSU%jK4cp!fJ<$m)XlOfJz}{nwoZW15o>_IpK=b5uY!
z8O^0uXZrg4a?-JMX07Jfl!C-{L2{deNcIS=d!Xhe1t9Fuckj$Ym*afIY^p(Rdsvk|
z{M)$ZUF>u<6ML>2ncK}$;;xm4DE5hT!eETo##V~*QyLbq-Fv<xYdOl3LPLnWM1hQv
zwKyeBrv?M?LtD-5^diP7-9uPT$1`vDO=|p|mPe{<O2)ydlC^2CAacvYIWNW_fm{Te
zdHNvnTgzob)AjzM_>$9T+#PBDe7)jN8pxXm=NBn1uLpcmx#KTi4+{<08@lLh)K1$A
z^Otog1KGq2IF$EVKVN?(hHNzSSTQi3PmW4$xa3@Q*${TE`Jq1|pvl_8yOBBIa6HZ3
zkoTZe7=jEZc{vduH&y?12HEUczIrA&;@muifUG+lO@&$ijkH2r@M?ZccyGOgi{I<Q
zH*KcRSjtqA>W8G0GKLmi)ROCR>11CRZWNR8U>3d@r~NmzldC`kEXuD-bz)fk15sZO
zUj1ROcTaF7yRX)2Oh#lw(4f6^>ZCn>Dmta_jq<wRh8qk-$^bYsj~CxdJ`~Rs#*_OI
zYE5rsBy*`y4X3aow03*ufF?NRD308N{$8O3NJ+WC-b`WK)hal`os&Rb;ez^V;|+l5
zL-a?AMps)?xLCP}2u<TlPgt9-@t6wOj%90DI*H|DtH*Yf+bQH#OLdh8><~En-E_KS
z+|M>Ry&E2yAlNQ%<c~<X3qZQG-xxIXR+0K#KoFrcrQkLGs{JUPpWJl(aWgq(g_eX=
zX1^$-krP+9#DtN=9a)(+=6lNFQe}n`p+b!I1rV2GDXITCJcqW)WjS@3*NQNym)+vQ
zN}G~Wg(l%ky#8q?M(Zko71?do1VJs{8Xc7;(9Lydg8lx4`zmM|mpmTk1V~z~{L0)I
zHEYsu=r%kuCayC>VpY3beF+{oruy;RENR#hV<`q`;oF;)4oEGmMAlX|v0Ls4Th?`f
z?mEh0?UZ6F49UN|ckY$yGrRU9zutckUt;DB#yPKbLX3H{?eOlpT|u<I>3GmB{_$uq
z*HX`8GsbYfce^CVC|<kTpekvm&PaJ;)UkUC-L#ZpP#NI&{OZGFP<j;5H!<6e74~&v
z<g)qZl@*b6vly(v;Gm;7EA=}l`<jOj2#XDhnKYTmRO$^vEMMp!T>}LxMTv~<4$mjm
z(2p}4w+;`NM)^NjOyx6Q?>+r4iprN86qXxKR37^yaAOh^v9vZdixZz(9L>YgcdXYt
zWE>A?nF)e1+^=SlTI_b-ovc(xa1#b$O-$#H6cJ7cF4w!WtCVWSvz6&eSuQn@NG}bv
zkV<r&W;!0uXMYMrP$*W+SFY*yhfxf}EVCI)FN7%0+m`*Vqy06LqSPR9JY7TMINQnb
zWGPuJia@vka5FIEHVN0&9%CXlc^5e9{CLyMyU}ds;(Eq$k@Bu82ZkMIR1N$5&ah|j
zvre9M+p{SqHQV#4Dn9=6>BLj|Ouu61W(vFc3qt6GeMJ^jzo9eUcl6G?s>lbOhD&AG
z{a4{a<DV94bBq*f48-Xh<DZ7p*e8=G4_fRNv?vv9Y<+uTi8B1hnA+B!lrj&Zlm{T_
z_t<$#qIei#!P|&9_H>j86(tF7Ds_oJ3T_4peIF+rwl&$gIYy*EWZXgB8N*5Bj;)?U
z@aA-$p9J(h81RKoi1#)R*fCM~6j_h@I8rou(|Af^gp%b9ulFks9}B3S?p`(<O_=Tv
zno(r5J}Gu~5>N-$eWYIDe&9mP*pVz1GtqaRrsqbmXK(-PAUg*Cp?lp-{gfz$n~ch;
zw~gsNN;Yqg9{N&GVVOnxW_Rvvv7#cT36|UOp(MF%MqZ7PBsHn@M0X}RVg`?+X8p`Z
zX5*|VLjLKSqXo_(a@E<Ii<i@H%Fk));PyVo-FAU{Z0oJgQSF#a6qO<FcZAW2jaV4;
zs-sCdq~Tp}pq;Wpl0JhwLy;~k=>WR(W;t3Gmt(51wxJ`C77#rOcz^dupbC@a1KhfO
zM>n7q)lqQU$)6RUTSL)j-1Doj#M5m2?k&~XtL|GXZmT30DvUhC1iD`&^AaJ?h>f=e
z?`=m4?k)bF>)8-2PUAkM>($CiLp|bI9zt38CJ&$8lkX#W=w1=mx#a-=hHI-V&jv7j
zeD%73pbUHTWAx%Nrw}C`+dzCx%{08I)!SlYz(Z$}IkYdeW1<AIN(c77>&v(<rPR;$
zpm=#DUkLqTkE)&r!O2KH{KoilrZwBt1z!z5JyNv!&*w*%d&0L4-K%Cg3|);$u*H(w
z5?SMx0~ZSpA+EH0N4|m_6sM~NJm1d3)eqBsyJ58!&S8-29Jk$m?6|4XWPGV#-+D+9
zU;#N@7puPk68odIMhw5rDQ!f`Tfn+P$Om-$yB=7t#O#jxVVtru$X8p^rep&F)KJ#4
z7Ww`HhlzXW_fmK1b=kUEv4}z&2oRe&d9E%lMSe>8NM#lt3b+Wk{ow>g%9GLGo^J7<
zA)NDKNP=LwAchrQJsy-lh)@9b=(V%3EPS=<Y<v|2d%-nojq}&q-KV+){UZjJQwyC0
z3divy-r+Q;6f0^_0-VoQ=3;-=i-;F8w^9lLp(Bq{nMB`ZbS?mIk5@<16L57Ybl}m+
z<oCP}rb&%H1|X2r01f-Y8%jru(!L;|8Jyycoz!AVL(xAal~H^{!fs|uEc9A7S8WNZ
zmllt|-+}in{rsVw6OvgeGCXL?A{>JL=Vho@d2AY*UGQ!uUox-;DlqS()-VoobFLV(
zH&rH(%wbr-@o^1l`_z<LPU%d2^kguVluqU(MxotDfAJ|yJa4La8VWzh)n5Z(DD~lo
z>c@SH72BI^czkC0gJ&3MOx5}aEk0`2T8-}Rk=M$#<nZ*I@s(nYx*HXuBMh-!eHnj;
zZwuqOSnE`zmhxeB77`vgEBM{rX&-huk*{Ezu`z0J^5f*&UmKg_?)sZ#xRGuGA>hsN
z4xdR1Z?<$IIH3^-O!48AL}fm(L=@?VG{F5jc+jj5KKJ^PO2&#ot0-dW>@+Uj>dLna
za-=~_Jz^#9`%dvFLi9C6qY<D!yG<`MI=K^`5$Q<3CChGkI`5rCGdCu^sxtm<B<$L$
z4MRbj>t%FUSnW~*lc?m*<>}_8gw0Sm4TPv=znQS59%t`{zYeOu(V(6_bDmb$M3z@)
z^VPl4K5s)_pJD=$dhL-tx33_<AVtHVGEKtdPleZfNv4w78?thJQaH>sTx3rQ_n@D%
z59AGQwP^D`uyQpQ)@3HU;Hgxr)+JnKr;+>5hUdo6$lpvYd%Kb=SRDHh9BF7QQRuDs
z=flTJVEoQ;{fRGJb(VXw>BQ7*)SoBClDIqh-`opmSgv3>(aV^soL*SYk=oz%Omim*
zx|tgM;&Ih?h_Injn@^$LIX!MA<v|uXD0Rsi5qhY7G*Y!xe2`^_Xy&e1+|#cQmkH)M
z*v-8g=7v~9K~bOEfYz5~*h74$8FolnbVpyTg60C#r3g)`7I#^84%$o?ResL1rZwM^
zGTX^tO>DR!BdAfU=IMW(`JqbiCHSbt!Ua=u47|#Qreb0$?98Q#I%d%w9Maw`d6pG&
zVuH*_;m55@*?GBf(BJ~g&#?R_+04u`1aM-#41p#J04VAHH7;+#W&cRSYB~MGLx#pe
z2FQ@DSaRLEY5cueht+&;%3AfP;@E8K;jvzm-}yEzWkw}n^|MSqc2vt@-x^Q7;bk>b
z5tejba27hMvf%7U$IBzNIe}Q5VPAM(MS7qzThf3D6?`(N>~I2Dsyn#03{ecoqOLca
z&$HVZP9ck5Cnkz!qSWfW&-a%V){HbWk}|j&L083>(c=|jX<c05ociIvS4#}m|5C`e
z-9zV$jd41XyY8HMFaJ(;0|gPG!ad<f21tz<<Q3A*ieimS6rXPl)B<ip0}1@)=s_n9
z!%f3<!Eg*&l%^ao=(jhLOKUUMz|vnf4Zi@FX`BXiD)bl*bn;bIW6RI6D2rojMS5zd
zt}~g(IX9y(xxYfPU~ROR;yo<Ng+;~%SB7XtPNQv#rx(^)c)e1o%yP0kC5A>uP^3S5
zJ-d|11aWh|%BJyPP*eveJB_Zc3OCao@*|&b`bXL6|7iR?HJ%(A+}gSX1&s`8gQ8AE
zWJ*mE7h6Ep_a-Rl4`DzB!#)5Uo;H@>*RkO`vR~YIb-yjx#Gg6Zo0WtY=rGOAsF@Dp
zSNFKK3tT4tg4nPdwW-I&>b{;s#lztTjzD3W0F`iBW8t~bh{&%dJA4{_YJq>HSh38}
zz`);VvpEB`24%XXXSo3NZU?urYl81KyTb<hc!?-pak2_AR2W)SXC9xS?MWVU393od
z{8zt%PJ45BYXxDrs(_`g{P03#wMxIJaZ*Y<1PdrguvP#^b7Gxd6MS7soUUf`pjwrG
z$<bH6H#3-E6<L1YC_!P0;-aP}Ag45aJOnwAT@G#XMS<YhZ<%b#kpgfF2dw7*DT+DF
zyyh;Uu0O!qQ$Kq-cL{&!S%^<A1uD<|jHBWq>N*UJz9L^dAuU2<&*+BL^iEr*X1_rn
z4&e;J*uV_g54HVOMID^X6HAVa=Q|Ga#>-#*@U9<7w*$K<>W^mg9S)`yD>HbDTrLa_
zpKME2af0;fk-n=|G#sy%lE+hi4Na&@CEXn?*KU?<c75g3=P?=vN=RXzB<#`{ra+Ia
z@R|E;ctLVboO0b#0L}*%v}#cFpkjT+i&=-d{7Y=k><!d#!yBB^uYGE&<I5HLzL^C$
zj`2CODwgE4e_a|@%G8lE=js&BggF|L{v>WTpi#npOU{<;9_>@^htxtq$Q2je<%-P#
zbzMB?^@0au38mVpOImYIxYE8M3ArFo@zrL6tCub}(=s3vIY0|tZ0c=!M;3OXJ$toK
zM`=p?BK|4AVkr|DPJQMB>+@`-cML;{m5sggR;1T^43vXa?p{+q?WXKHfS;qiB?AvE
zQ2`*1Ova2+FV^WjjkQaqX)KX1Lf=e$v1QbIsV2xCGh@K%$A;dVAP4o7S~kF5wV5>L
zZPR@ojZBhr!D=f(S)D-5c~_K<eoxEo`yOZ})>ih4wIe}L24@h~f%~#X+3x05_k1Ju
zo&qq>Wa%CY6-4K+O3={DEkG|nNmOvt#m2L&nSOz5BoKS)q22y@>ZRX=oyhmfP}F~K
z+RR_>(a>M9!zrzt$)=-#2Cc@tsbg&BvS<1wLO<)vddI<?`H`Cwj*|Jpq&DyMO$|9R
zu$*7alMUJ`br(mrJg0?pn)Rbsl!pdo>41HbZDdju9Al!m{2BLGg&HcT9A4ipT0`t#
z@(Le=qvWShO4Z&n`(pKo{SAy{F0lsXkO_E*D5&N;8X*_NN2Pi{+k5b6(tqzN!UEkP
z5TfH8ec%5cvj@L5pi~W(NU)87)t}z#q(PhWZ78-ZDgLvrt}fD1r%JQd>(zv`t$Us1
z*lRjAxbrUO`x!M}H9^{IlHnw|h9qGTlIxo0NC-(^b0lqT%?muTu?a$w2qX*IUMV#6
z9sOe5DXw%z17ZlXeOkf&Nj*LvvWCmqY5jv(x`Y%%yM#Tf1AjmkGaR&NrTk%3t%}(A
zsO>&nD``vhQC`7@{w%(#u*~Gt_2&3zKR8oA>rvvgj*hs36Xr(cz40prnj!rPNHI%P
zH(UTJ8m=@g{BC}>a5z7OOHx%7szW%H7P`Xt=uG#XsMUH$?n-qwL-%E%(NZ0NLTx;)
z-(RQJ#GlQ1p(#c!_OnD8Odd)yru{e(TyvDd%g^e1-w5pCngXXw@00-ui1032JU`#E
z#xkN`S9CEdb)07NA6RGc!Ntoc0bl(0kgtX}LbY-o3^0^ot-_Mzf;hjf;&^%OR@6E|
z9T2<d*mDo$OM0ReKU9y2tr(8nQ2WPX>M8WD(8yd~>7fC|PQ!3JJ--VGqL^o|p>D&{
z&BB#s!>>dzpRZ8Qm=N9sk-|KvZe&rQu#lMMvJ4HJE+w5Uhb*I6@_lTBVn}>{g1jqs
z&{uH@xrA`Sp=Gpf8<M+HH05O;I#*okyUasNPov))yy0fH7w8Q0!CdMjf_H&|9afEN
z$l`hd>I_@vct}{v+!nB_Gg;Wj$@6PN>QRoMD}rEN%--OpgW1`~0v$rA>x)ln^LdQ%
zSW1a2)Yld#r5L!e_;=>=2h&Eb2KOrVtr5$iALyiQG8Y>xTWxVw8HSfioe8<@w!bgw
zB>CG4?2e^YCM<b>hikBz`gBsLxs+;><!|xqQ-6Zdx~=EeM(R6)^kM9MOA+A9@9Ml%
zaFMGSoTOj#M-&Gev-xKQjcF8krOys<T{Sadd+2S3SiAu}Z{}kNa~fR%Pi$MKrJS&u
zg?-u~aI?Nygr2UE{m@R{-6J2+_gk;N*{+~1vAgLlc7LJE`S5AGO@|@#J-8@at)eed
zVmZ&vK#x%s(?nEnA%wh%G<N2w{jB^eUq+*mghjls9<iQ35%j*ae$FFyhD!yONMx(c
zav0f#N8Azenmr1nT;Kb5mF<4^10&uCNbIb-J=Yvf+Bq{&4f0(K3cCCYvYB4^6C(iD
z1nzu1lx>36gingNKQf{WN&_wl#mzmW*sWK0O&b>W&tr1&uD5`S9Vpjueoi#J;)Q{~
zoX%c7S>;ap$5Nk@qy4V~_>~N(05f?C32@t6nCCJ>zaP6?pby0V3cR+_6@eODUYY0J
z+fcd>fCqM89bZO%k3Kzq{SMa!i;S=6|FytK<cBqdfm*`u!>@^0zaTClMt`ZidX`6f
zL9X{Wh^a3k8XNkE#p9>pa4uKtvg|FxF)C9!bDNwg+;SbN_JIr&rK<r?hso^|f&x4o
z_o8X)K?IzBY8$RS&-ISaGHg6*->=<XI*?lp`4xw8U<CTlyI?*&cP|-AnArs^G4q%*
zrz}H_4t<R(it<0By5pEJ1l`Ud(JzsUaEmYyL1Fi7gpehf1Us1eSHBU#wwR8b(C->_
z_l+wbQxfj^G~fzK(b+S6(lR0{A%of4kPQ9Oz8u+3CX!YESw5)N{^w)12c1^aiSY7z
zy8q|w@uVXQS&Og2c>d-d5z9(Yc@SX_W#5FS=0TZNU0p%~s9xi_q|Ac|21z+U*RBE?
zDxZaA$?C#>Fr$xe6*GUzJ#&4j1*+tBLG_Hq2BFRm#l7V<oGdA&vYp(!>tGapD~<({
z-?39!yl(c2n_eZ*QvI;|<?}tnxAgHrjrMhXF$fX2SSqpNd8~R(xxqriNJFd6g%O|M
zN!!!#eR1}^!^w1D!8!XN%E#kEH^;fQ5Ktiyy+`Z_lz-j~{M4)*-n>|-&=Sub2+#L$
zy_$AjkKd9VFd=lri?VK&$>j5gLH;O&&+Q;jGWGpKh;@qwn#ZyG#A&-jDz`N6q9~L1
ztA|6v-ulV9v(Hy@a}6%(23UWe6!O0G!Vo-Bl=Mu}WyEv{^`GZ5#O8#x{Q+K3?bsv3
z!cXgGrAU-w^^6L5sx;yEsuZzbWCR92UmqXes;4xr?jQll5IJZrc{4hL#uaptY_;QZ
z%{4}pxMj73hJJ*h<(}FI2DGB>s)9CC(rOj!@cBrKIN4?#p-ul0WWS8(0m%X~IJjRA
z^NE<3Be;?VG~}=ukU<;pnc@%ipefnMCWaeaUs)6(FZtHdb;Ze0xO-jiJi8h7L=`sN
zhpy!yCF&qEx+frj{+vAy$_B^h$0u#I8XS-m0NgYN_q|ytOV!7VwK2@zGYYkSo7$W0
z8x#0@)M^z}2-r(h>cd&l$?sM^p`vW_H1^3qvNTG(uK*CB!JR~%$qO+`53CzV_37VB
zd1$4{UXg!A`G}^<(xmu{JN}&SI~_#n;$#9qrO^8@bZ^*<HQakkBeQBdIR!n)1b;#+
z-^Vr6aH*isYo*zm?=Yh$;7jm53Uk1KJ%^8+WX9c%AB^30#~6BTvCUJ4^-N9au087)
zDA8glamcivq>#FVj!BDelVbXl@G%yN=U@mlM&F~C<Mt+#(d$Uz3Vg48rUM)5iD6lN
zA)tqPtoE4QjFhL;z45)&cw4J1UZyzx7n@6Of$MdeOf9{cyxp)pQv@VnVf9SsA0gB3
z&N=0ZSgF5bgPHecf(f8d*!zJ|d^Zl+kMJzuSJi>pc;SZC>M0aL8DC5L*%HM65)I5~
zzubA~tTgQ<M#hjqzq!}K>H^)D?GDdbGdt67c(C}Ea{Fa(*du;F{O&qF$H}z)?)BQg
zcq60QX+0VAWZ?JXEHad>%emA{yS-sd7jx`aKkls`A#tWBOZCHZqSWs~K?RPnd&mje
zIaA68=d(2>Q8OObUr7n0O#xwgXMCOjWN{==veGu24d-|?e-m~V5P{3C<2j0xTOXZv
z9O^&$!arXo+8czFz3ye6-2gJxB?dJI(>Gn!@3%O)VVipDd)hVMa>vuTDcPkh{EaFJ
zVWAd#)_H~3f|2p%Lk&Y>^HrKmPu#7-Flh@=NyKX0ld|n2tveC-*P~KcEXBOvSp7E$
z%!VQ6dorHO8wPlMb<jnUez@w_J(y!!dI^}O3)}4FB_~9k-@$c<OH8{kLW?qFbJGR8
zv9t5Pzk=g&RmLU0xbR~kuXOD^sGh%M8H02j*!B$X&^ppfCNL>|KUyl>F1=R-c<6G3
zx9>x#6MoBCxLvLlsX`6dZrsj*FU1yXX6!MSLXpJne#daZm(w|un~7ymy4JlIWgXV;
zX4HXRypx#LX{cKA4gSQWh<20LC+ibD8kA}oEr!o6>Tt$wGRBMp;bQ)B2<#)v4&oE)
zH~5ORDG5&I9fMPLZA`+>ZENrvMZL$eE!O~2Sh@wxb9hez`Pep3zK^*~W=|U>;d=;{
zN$q|$3|&AvQJPkod6#iiZ3<>&D~)$}0dnqLjw_1pxs|EBJE^I<=B4jFLcw;HpPqZh
zPz9AX4lOIyTZ0B6hdB;oz)z9_%?+rLwH&J*=uHO%tNZU(nJ(JIwFuxFPPu92G~R&|
zqa+D5Q3D=-ZFbn*o$^Zd5~u3lOv^znfNGVeM@NM@pNvP7Vq!@VEb^xbgJmH*0)w#J
z5@<B;NsS(i46QRBpUcY)b?~@8%mc}fJ9}~`E`If?Owp9j$x$QZ4ko1rHxqN-_twl`
zE<`@yBxIN8c_Qx7IEH&c9iMDNC%*r{;z6+#n*#%lNSN2J_%EP<Hq<9&i7;)7Jhqs?
z-;jzO$uGP;u>$JU0DTSTA<*XVA2bY{7DU3BguYhAHr=1#nE!zuF^2n@@k4)?Xz?>t
zPl`|eS#O|Yb8IIH96f|xR4^8RQXIs`9d3WmV<}E&8pIN%0R+-O(CUb7O^3S1SAA(o
z50+y33)>+?1O+9%-kwtz2v&ec1tsJQ(kmNGp$3i*d?pdXtJD%N;k_@C%pGj!XHG>p
z5jqGvYw?OB;(Anwsdz9T<Bjdd0R3-MK<4s@X)kd#KD#v`qMY9_8HMfq6@hn2w@hG|
z^+-mvJ~3XIdgu@efj*s`foHTL@#w%S5CDj18eRUKrjK3F@S(T)@W-|8CAU0&;^Hin
z??S(UB|=zN=3E#u7m6c3Q4f0f-jPU|aO*C<lrm)i-5HhmmL(~$b;n*4L6JW&8mJNi
zltx8hI?XP7Jz=C9a)>|}3R4&MupG=7HOb+~$ln|z)p(iGnLFR}*_vR`gL%J3Q>}fd
zPUpJ_Zhvv%_Uc6xZm0UBRGv>KL?i<Bi<7Gec{+#!om2hy%%BKCfTJUXhb9Z6hGp})
zQ~+72*MW%oQ+7?Dhc9fukv5Rg$4H(K@`FT=`TW*T*F%}y74qZHlnMUyuHHVP5#@-#
zFfbpn1nt66KyaMCkdOWzo)=ieD$zoJAX+lv&yRlUagx|MIOJiM0XZ+G-{K%Qab+0K
zt@_a*OWLgDfAJC0nS)#*03QTh>WM7hwtxj6^DFqka$5iBaW60wOIE-2MdBZDRR9?{
zyR&nSdiCJYP{^|(N0lO3sD|lfd|QBkJlx<wnZJ<KbPx`BI|d?MWL4fnHO5K%-IF}E
zFcTWYUk-On?&Hj`*5^XLwTgHD)zX_URuPoKM5CjS(r&*e4c0>w*s^{$#1e;6^dXh`
z$J61wAzWa$zLt$)EUZm!>Y`IBfGnsmy-fh82C-Cx_at9r$EaS|4#nWMw?~fd*mL9e
zMgK365O5p#;m*~!I;t?N$IKnI`ugaoAWz}>?NtQ8{BU|WY(wAk&`l$s{LQnlA2ovi
zEE{`>C3kgPfjJ20kL!#2I*^pVL0l0akH&%52%-ib%P}^+M^wl~5q|gfr_217>3dF|
z)gFv^W-9FCH7n$966_t3Cqj(k2@jIzS?L*&+1%}inUyre@HIdex%hAFktmoB-TeR=
ztHR`V1_}hKFbL@NeUmO96nu!F{s&BI6it3zqSfvsVKKc%0WN^ecY?$Y&uN{|`*pkU
z6Zd0G)C8>C)h^=BU;=GjSp4%pw75{GE1qBA(cR>ae^w86cgNs8Y|SGbBA?QMqkn+#
z`~GuK(g{?g1o@?;#7MdnS0C{<MewqOfYNkTfL{>5F2>wcR9k!dQ18slc-rUWzX4h(
zDNr>{-|{|(pewC3*$z!j#iZR&WaVx4&gbL>l9>-l!TtP1bQ;+JH{|ud#}XjGfd-m-
zJbfvJzozRSeYHRftXA~PEl8*TWrCg<&>U>SX@&mdSbvd$L`kO53f1WTJ&S+g0#SZ1
zSOoE(iom}$|BG!GCdipAP-9>IO9@|_&qR`%96bp+e+l?2rlLSJ{9dDB(Z^U2m~bnt
z&Y1<$$!7YM7MKwKgG)CFh{1W&kb*9%uig5KKr&OShr$-ER)b=N^(FRO=m$!%v6T8O
zd~PS4nG7CR$&<V5YZj{+)zh_BsW?%I8Jj`S3i-zZM8MyED@jC}Iw-L*N6p^ie3ntN
z0!qyxRi+mf68XHIzqC48sd-B!&=e@<ODaAg;YWm~WM&e&y1GJh$$I^Z)o)*|`n>TW
zAzA8ol!Y(*+L{oGK`S{vo(y;h#Q^eqcL=D23Nlg%2fgpNY_{9U17)hyOZ7)Zb~}>&
zC%0v79uKijrz@gHBMFSVuGjktT%M2Nk6-g8jY4tRD<tDSOQ2DymK8BBgYavL3Kb>^
zG`gD4;UVAt2i%cJ69q*|v#x1$>h7~znYJh>q1x<hsndUfxxBcjh9~jzyBBQ8=*GWH
z)J>hv?hU5=+Tu_W4oZp??+DuW`@#~h&pK<1b=n_Go|#Q1rhUL6BW{|UPPlFkSA+5J
zwryF2Vle*YKO%+@)70VpSo|fKTr0R|D;>hDX3B-Jq*C%LE*GZDw<nl#Prbp&4jWy9
zOHKMDo^LPCm@~<zE_dT$DQxDlpnKbF$~baLqodJe<~q|U1I>0fQba;N;Cz{eXr*pv
zLH*IZ(kfT|!D9rj!_}@#{M;=*_s^b0U5zK{tAyXF=RXrL73I^!E!JsHU^$L`8UaEb
z75)f8FSV~wYQ-#9?}#;<D+7Ex-`s*7PN5BcjCe2s%oOCSmTQ8ZeUC)|%E~vAka&Vm
zju-76wjNdN?3j2IK_Ek7Le<B}bH%uA%GjB{Fsx#QUKk*~wGODB#O!#s7U5)<6{}g#
zw;&-!|GV7#w@>@-OMv3dzUyl4vqo<@Y68udBR0#q%f}mBs_%na15uQokJo0nuiQ@8
zRhk1H)ll$g*p17rcCS6q@z>7}2-hc#eRGd9g>rLt>#r~U77TZ^<_R>1&iD-lFL&#9
zW<RTlzqWWJ8&6~yNt6GEll{vGsi37i_4FvdSi7)-BOZw-SZ&a+yr=OROju;y`C1pd
zR}At970WOTX3Tu)WF`^3+p}e1W|J4G^j3#_ORYxvnr{-6_65>F5_hK*M$eSRHhoT9
zUSpcE`y+ZPoi^-zeKiTxe~%TM7z~1mT;|lDLPBpRROR}pvQxgcK&HrcORT?>*dLaX
z^aM1LY`e9{$jIUJ8k49~U<gL->8d-*<?F=&;Q^}FvGI7Cs7;8+)o#Q)Oh3~o6pA2F
z30rlZul>oWNLi8zw7vW@#QPFZ;J;PT<tuLEgoyh3RR!4RhBr5*tk-Slc^MFi$4DVn
z@Z|r5JG^uaP=c$7dV6M$BjG8?Z?=EUCzVQ^VsE}u>=qIo?Cn*8hMO9`f8`doiG6#i
zOlgov_?H+^l=Csr?r^(OI@Ml;3Pgd!f=Gczkn;BSzS$c|AX88M9l8C57xxA+>rcf&
zsQS=>7*fN5Nc``NJ(q+$4&O29k_b&(pZ|`Qs33%Di>L(0Pt09Y!}F<-w{utQ=f3Z#
z!YUG4Vj?ej(!?m~aNkL3xxQL*F2E5-vjC<A-YqRRS|9wZ-nu?J=Da?l?-coxo+tlr
z<NFRufgEkn-7?Qu0oYYArd5O}p7!Hzno6zWgXn~!EC`zRuUOXv^|{5+W@yM(h$so_
zJe}n^<X^47O>7TBFB?aO{x1IgWAQ(RAcFE6jt$rLf%+dW{|{#daRDHUz4Euz|JnzL
z{C)>l!Hs<Nf9w1w87Bm4PTs@)ee`WRjeUG5((>+jx_Bbp*LQJBee470h)nL^w)$o2
zKuA#cSV^4!P2b}y&_o4zx+BaQRw+>cMSgi-h`=J1Bev_qc&()LUD{U)L-k$4*wBe&
z=0rN3_xPk^*F3Eb2a=GmNHwKyAmnY%s{8HFc-72(5Z1!s=8*NJpweu0WF$<rLQ@I^
ztwD%$6IPfH3l1hPU#|)=e&tSNvsw~5TMLwFeq`$0byV_-xzJ`nL0g1P?TOtQ(`p1f
zMShLBm_`}LowyrGto&s3Vxe+)Fk@2ZHpZnj<k$9QzK6Dr-f-np<wf{Y15twPw;ka`
zh*p4gAe|ITRm+QqDmy2eYYPEe{Wm3_B5+t$>1PG%-{lj6z=0cfY(a`vG3>ZASD=Ci
ztmFP9pER|{`3AAs-~wIEaQzW`k;K(JW_-4@{IqIiKD+gL!2O5lg%?<4$eo!6VKpv~
z?V_dKtt(#`M0~;ED1yTKi>;}#W#_?>5pH?6hl^w|nv*dvbK%5F?Uy#jB=g-08HU=&
zUsaSduQ}d(qi+W8-<GmEk%e1z8r3D1F@;DGC3XD!Wrk*EuEGv)4*1o1dtD+^8%$-|
zpAd5v?XjX8@Agb!m*vv=uKKDaKW^?l?UYt2P0RPMy5Aju0-!FCa2iogT|%qA|2*<N
zK<9C**FUU-$NWhD!9tUIVWnfzgD`1Cw*mgQv-k-Ut#rh(c|Ait?j&XwOT_7_@Pd%!
z(&%sZ>F+S9gvjMGat!)Hr$aHQiyaOW>#X0rhJVEd4g)F6rwMr7fU;L%9H2c{`9B-!
zh4$G>bMDH`vx{;o2rCYx*X6Twb}qDBZkUNkWd{sR8v(gw%t}=2OSt;S#?l+CRwb<$
zV-<o%hU3Vi80lx?LGq?SkgX<?H`N^wURNi6d!_lRM9CNFE+%)NNcib?dwcuK{H0iW
zgT>--x;=e~dUXy!VH<Q~d+7M~>Ny<8j{I`|az}-zQ?j90Z-&9;blk*M2myULbGPnk
za=}B$?_?xqO96s#P$6%(TQ0M;jFmB&4CnD>;env{^oKr(MTBMM6PcY^)^<BNgkJX<
zAe=O0exP3iu-VPUWwOTTO`+M&==UZ=H8y29uz#Ff3uH2qERoNKAeBmBnXG;!1XW>F
z7EVbr4XblR2mAU&JGn)Us_e3A2?^{rdq_{qCUTqKUM*=VoF^)Pl!h=jPxIx=CAA#x
z*Km^2L>-I~Wl7{H+)frala=g76A5!3enb|m&X#^QO>=pOM+;kfd@CvPrH<8gO5TK;
zlIStZ&S$HIq5L-I3@_?i-o7Q5o4v3lip>xz#mWjAG?_e}k|Syr*_$K-(@l&d%1d`=
zp2tonNI+ML=iiya<1L}Iw>0+HL`!x#VxUE?3?|4;#Bjgc<$%JJ2moSpy4U6HmG}3a
z2!n`&0!Q|t-qCzP9!E8Y0cWvM*W2$hIuWBV2%PW<pV8p6<zh>O?tHvP$f8)S@r#uC
zLIs(_HX8_1&Fg+s(Bf!@-uGP)o%~h8TlU#M)Gqi9l%bWB9W7MOw71^PKAtQ$7Axdt
z7Rzr60U7j#QrH}EB5-(P%@#^9igfO6Z;wIGiQ1s!X%zfo$>qe93Z?U3U!EvM(IwaL
zPJ!fdG1`<&nS2j3C(Cy<yNHP+n)PO-Odv$4wB>SrA!uQK90_3Zb$h6(QLGXG*Q|4a
zr?$f|y)KFoqf;uBDHMW6D7ngD0WiIQ9`nZ2YV{wx(rLD-Q%Z=2VXA~m`Ugb}Mq#j0
zbk&+nD7<I4P_O(TWk~7*ogRt9|N3Ppj<oRk;c99!yVrEC#N&E`-}@kLilpMH-W*0v
z+=foMD0+$C<y=1BRJBw!BC-kt&~xTJ8QX_I2}&b;BL|Qv%G%xT^lw?=YxfFdQpJRW
z-)HBPl?BH)weV%nlnDq8O(f8cVD+`RUIj&_b4Z-EuPf=O0>7p)m$EeeybPRr0#Yg#
zZB<umFHRr2>F6cSedQ@cwu)=LJ2td(RpDx)CY6XylHa{lF&|u?$c(gKYqr~!m!#M3
z8&04!D(f|rbq+df=J3$PqSKD96lB`sTjA%xeCJ-F%{fLz-`E^Eq1(3cbfdLpyEm?z
zmBeVMn6a{6WLYJ>+UBY?R|=QtYXWxpYe%ZZ<AI9$)o9N88CF&zj%=qJ&7|j{mlxf!
z^@r<hg$7CVuSk2rU>twUJq>-C9}fxl4N0~PebX1%(j4BKpZaWUvLGHV6<Ztt5j%!H
zpJfhb#YhSFyq<qhy4@as<mBeQs*PSx!ldR<Q)g8yl+3@~#L;SDdxVTJS*k0JNVj-j
zkjCkrG5mIp&rZn*v;)JuJLAt%PGhf-dG-NEQU@3eg!U~fQHdp-qL%YGMnIl+qOD`9
zE!2Gr`BgGDGi@rBb_P$-*7M?T7luWhli_LE=@oLj1*ZjAUFD^)-wpS8g&y=x7OHzf
z;fdCLbU2vx={{L@ZjSgOm@gHdwNSZU<XLt4t78zGp~>gz6sIw>xpS!RNv`y^7`suI
zLs!b+gpZ9EW&vSuA!o6&&i*cg9>|gh0ws2okk2d7RahsUwl}|cNPlF;h6$>gNYI<y
z-N+{KD4&s!JYH0`vv;iD<Lv1My}XbUSNI;Y?Q83uqK1`LE$p`W0VlKCfSQ$+!|4k2
z<*!>(dj3K>x^dsw?jHN&dw92#hZNAw+qX8km_bGNd?UTn<jGrrl)ZMHr}{5G9;fHe
z$V<F?PCTtGu%7CS<8gbqsV6Xz1MPu(u%{QCH714D9YY~ws+nWd$70?u{W6kW3mrDZ
zRtOI-<`OjdeeGdKV8#jei*AJbBXu`COD&P}6@ks5YRa<avh_*xLS$k-D1Fgo_q9=&
zCgArf<Kiw>Dtz$6EE7VZu!|m!r<$5Aj+=V~VU0|ua{4SZmP@&?Oo3F&MIz=4<%MEp
zKUTj<E#6-k7ORe>Q1NmFgI>gt{e362*&93!`W~n`Ra&gIB`@(i{In@iZbpmv$Se6m
zH#*!0%I?Of0P;xQkHrLtA1#uWRZd&&W-Hgh%vPFWxNds~kn2qDWamP<V9Z@7GMIyZ
z*$r6r2050@gk!0$c|a@k-6Myh>-1}}Su2xVjis{Zzr&zbDovnODTDxoR`=xF+S)i|
zSuQs!y*%<K^UCEdKqYYQjgGVE_i)_!iJEZhzWO<A_PCzfV9v)D?}WsW?{E5x*Vzvs
z<#(|HrUTrr_ls$q_N&YxU_#JHb6z1~N-nEkpr}!$5@~Z+Tb=C4m$FtsuP>zEMdgu7
zVFH425}TYrd2qqu+f(M@^JZY1S8ou5(sYGRyKL^jTg8WjJc+o;SR?9i$L@DJK<w;^
z7~axDmP(!049%DMwDNM&0}f|Jr<zX*q1^TRrW-q*o_kg)*8?1G7r#h(;cOfOMhu<!
z2$;M#(adH_np@V83HX$ktN1-19Xv)6H0!=KD@bq;V@@a6?p4>{YS}p(9&LxJuo&zM
z40p{-P{8^JMJlHwQo!0wS*#R+tCT8A>=eJij+}27dlw_I!tgVwnLX+<b6R>jj@$3j
zDob`Z_Jv*e3}I+Cc#tCEOsY9LoY|VVo<0Zq0_$#Y8_#W<fw4hX>urv$ExYm%(tG-X
zzAIe^wZ@LwWg0b;<6qrPw|2`}oMvr0_6#V!3I+(dJb=by86(5mwwHS?bWhgM^_HuO
zl!zSUqpP^1H~yrUkQ_~HUaww2T60xn{=`tbz0x`Bpgp(4>rR!z3OMABG(P*td7CE&
zhjXy71u?^*9jc5w$Uv>yfDJx@Mfqu>8RKVRd7+rQMf+CeM+K6gKVJEQU55m{N0psc
z=AzXqt`{O^VmHds@pidwyu%J(zV#3SW9~Q(TIXqJlc<L3)pxlbJnB`hBMo2~y%3ZG
zMTARZUXa05eH>DlSRIjJ_bK=}8LQlejTd|YcD2SQFfDf*;26fFvWU^PlUeOgNYUI{
zKeE4r-d;$fRVfAZ{EU%Q==J0_T3UbRG5O`|YjLQfJp_r=8~py85kuUt?ptR4lX|AC
z)_SXTCyxA6#_~MrNP@k)*GSR6DL^{$9K~njt6t@X*NgeC1;Llr+ze_wlj4eo43hHE
z1)i*2-UZ~QF^7?pY$px(@jAnL($muFt+%X|vNTdjp!}HN)6QOya<PzWJXC1+pu*PR
zA}KSk_pM*%izAC|5B800)x6H8p40>s3<eA1far2C>1|XxLk#SW_8d{SnNz38vO*AS
zVpiUw8GDz>Y!dwQ>rmN;<A~J8;yql+=6omnHNU=+bgD5O#tr`lo9lDp{=2LWulZ>Z
zRvG7n5GHx_qV|SwGSTqJwayWr_A5dial)yvmSt!8o{p}!1{Q?S#t|tBon*><aqnOq
zZLwBmB;!zaulQiF_<q#6BD#7d=nbGEV4c-!i`~E`AGI;{KB=<@Y7!L5<1Q3E&uCcb
zMCihBe5o?psK3kQHaskrYhSM8P((0sRPEmQ)J8XC#4=TNn87$JX9T{o`ZL2YLUsJz
z!A#-eYE9^26$$SLJUB5%Vs7V?oW|#A-PYSH5nBq{#Kp(&F}h#2`Vr^Q-i!<qMb)8C
zP}Qr+Y8-9fUSFUV<gHI<A08h|P%Y5$Wi+6-`og4ETbxafzTxj!y(`V<wcDR0_KLw`
zrZVLy(C>Ym%>&r)48uFiw}V1Opzh_Ji`|<UtEBrjoUVCBD~76{ERk62a>J_(Mobj<
z$i9ymlXdqe)c^#gqlB?JG77D*L^?G|95$Egc-tS>f*;6b@mT#<s_l_a^LTUK?R2W8
zTQqUM&bNhdslMqdH1O1IpU4l_y~t0qbdTKXW|+(r7$M~6=|6qTII4466+2w1#urTX
zovYN^LpnrJ@6$tNRGFSkmP_M6)q;?#c2|dP@L7?+T9d3&bc!!e$36*GgfC_NMnz3{
zg+-?t8oi{q#lOPLp>y>4D9&D2c8KCsT9DXRrP{txr!Fd!eHJ>0p8%8G!C0%oRBSz-
zI`{T$Jl?;NR-R<9z{tXYbf<m79f#jIZ@80+x`@~9#t^zQRMDZ!@Da!#ABZyX0f=b>
zNy1Z@P!U1(bJ)9y5V=~^g`*L&3XJH?w)0H_l)2|VKfJG)c<iNJC8-*ud$G<xTxl>A
z{Q%MD^eYeW*c)*qr=ii~XtrLEZ^qoVShJkt$nB)oVO|FT2muA!Z0xKnq+1m#wXBcc
zV~TW3`%s6_3H<5~PuGVPY$hWqqLg_g!N>(^7Now{`>VREx+$!P%a1pw#XzIFEfTS)
z+_@t*`KXHYsu7BYQ$xcZpZF+3&pFl}-pC_F=e_nPWKEUn4cQK0yekDuO8hd5u6<{A
z)2G3yL4E)Do1dCrxf`qvFF2?7BK8<aTGxC19<;*9B!`d>?Hhbx?K-H{5>i+nG>pDR
zw_`B~$X7oj_vb7%TIPQ+s2X5~Hg~_NQyJ29hd!#yH^~v|+JJn=uwy{Oq6a-ssQ$B1
z_Hos8?8mcU(~o76D=eC9KZ}dg$%cAKopLjy!^J}Wc!Q(rW+(JB1!>y-^}<416uqvE
z&EeK;*>XZi41o30?TKb>Sf{?8#Kgq>lYnkg`QFr$V*u;=bp5?AFP7i(E$mM7LT1=+
z?D4rHDjXIm;#GWBR<}`4Umqt5ad>~WeeoFcj5AHfB_0&qZV|xG6@XnHOru@*olGXB
zCv-s$NNngP`QxF@<3dpi#}uBOY|z!~qHQ6f=k?wYan5&^JSZOlpJ@#L{nI44ovrOI
ztN#ZOSY1mcf$X^o*ht=5Vj7x!L8K#S0uEsg|3UP{)$8uX*$k*dck`GH_MiU+K)Uf}
za3Cg7Z+T0@Xk7-X<dz-hld41BSUD676iUPe?NwMB9qoL=;oo#VoNY#MJe`eMYP2><
zxei;mx${vGq?h>l7^Lv!oFzRKCUJBqu28YP#gS5`g#{Rmp+<-R!Z(@N%wGs~_PsMR
zRK;QSJ&Gi2nolAG57Z}g{y==T=5~Q6%znAu;(h&6)BwT+cb%Z#F^^N{*+o^pEVEl{
zxZbiQ;Li+6G*1v)Q^0C9oX95x{aT3$bjPEyDuB3SQ-6uHD?|;QqIBw`>PqK(|5>}u
zAsOR5O$>zBO?d0Tiy(MvT@`fS(6K1t0XVu0oyMZ@kf4mV`g4Dx!Lq=VU%nn#Z?>1y
z5V}6iShqL1Szo+bG`h&BIV|#rcoo)zYx>pwRR(<)+7kA@8~Q^<K8g+Y&(6jK8WAaV
z@LF4~TGJsWRWB+kwE=KX_vEpeC0@TL1R9+AN^>4It%kCG#~F;K3&-v8o#rd7IU+Qe
zk}U1)2)#JftnGatzY~@Q93Zt)D6O?Cd;*_6#6oQw4@Y(g8yGO2)+VLvSCG37{Zeh1
zdxvy!?Ehiwti$41w!Ix30txQ!?k>Rz?(P=cg9X>%?hZkN+u-glK?au)+%-6Soqf+f
zcb{{=zvg*nrn{@Vs#n!o^{(HtEnUsqs07=s4Hd&>Z3WQ7!ATa>>Bi_cQ7dNmyd7g6
zeJCq392`A~NVb_%l>ALHytS2|#CT#bJEN^rrQa2=zc4kMBt(s~LSp0E@S8xJPHe^g
zh<A1YSB8#(MIH)+V><wXkY;E(kE+oMOSVRF;L6*{&bC3bW_j6@YTQZ0!&BsWvlpRB
zOa7dwtuF|s5ju!XbCJ?_U-3CwdbXaQT>zEI(F^*hzSLh4TVvUwMgkMUY}5Db@No3D
zquxqo9=w={H3cXB=UwRrvDi%glC-cWU-+@yP~%3N{~o;jk|%Imyhq*zY@gnF!UNfF
zurLf3lUW25CdfWxr}7!yC7q%JG9bquZ?`?V3Og<))NRP<hp2;H$*dAbYQO!s9<{bc
zV}+#&{H8eqBvaT{Os&yr<CFCceD!LgFM+L0={gcRQQZaTY1w0;n_p|)&kQiT#q6e^
zE$GjXRu5YHMA+nD%!J==Pff{~!{Tv%4z@xoAiEuS&(CeNPPE&~r~?x2`0j|aiZOvu
z;cU(3y&*W4`nuVBr}_*_H!Y>%#$Hdw^i;<;Y47FP(gV(-IQA@Yy}W)bR!ILC1ouv@
zs`UE?V-Ee-dv;?|rH~&Z(L>I~;|Ql>@Q~%grE}1uD0-77d;{D594S!amIp!g!LDyU
zUu^9Nhl-U38Yv9ckV08btv_=(UAlCJh@UL>Lc)xz0j};umD37uUL<ukk81`V=l7C?
zJm>cV(#$wWA{GNP-+36u9o^@|>p_-XH?r<bQ)-S5rvAd{&llAj?HX@$xg6eFO^ZbK
zMPMIV(>eC_xkVk@0HFlmocaV|?Gw<R)Jkd^e?kwYi~kLqi=$tTbF-p0jKxGw$?kH4
z)r~HR1mr>G8oA>Hl+DCt)zro+A47alXtWv>9n9Np)f95)gPM0!VB%kr^@#gSW|dwq
zTg+veZB%Xk3wK*6*w_~Jx2$|M8T%Ry@&PGEc1&!gm5)41R8OWeNx0Utx!#Imo1<?L
zkErac59cc@8-I2kzLv{0_*PV%deOi?wBn&_YX=0v_OuuBjl-CfSEb~TyVfMX+J3Nj
z5D{Xoc9+2o+6$!mLNs$JoKEFv!%f||Ous6Wl7lcY+fRT!TNkGYnaG6>g`L)CEe&#m
zI(@WsMt9^dzy|T}<~S7weCGSApUP?(4nZwv7=}sT_~Q7h^@A1TpY<6F7FvzT$)6Qk
zr9Pq-EoqO{W6<R)TviAJ5T(6)`zLi1mZ^h>L4bihtTPNgdcXS}F>8YUEnD5zZ${mE
zLH8KW7@?Ota`_B_ufT4`z|TkBviCcHZwC*q1~$X!j>bk*OOm#rVN82^zY1tld~<8g
zaQ~+L>-@8WQdj3&rocR$nqfj9R+++VID(Ze1l92rj|FbAnzg98)DqY3p_0#$16U>v
znXk3}{+PNReL8ahYKys9NCNk&)g^c?<sz12I#;QSj2VE|^MUBRJwCqRV|k1719qEL
z%d*2b^N&f@m10J83c0*p;k9Nb)rrsyeuvKGouj>SN>(Ojz2@(MUn_K*Lh5Q@M2=7f
z!Y<4#Ak2C@5D8)DY8A4VN6W%vUAS$)NjabWLupk@W~w262t<E{uIT<8^1}sMs%2!O
zUibHgpLI^GRqOO!^du|nTa+kK=fumMcw71D`$%+ZuK8+BP3<z!$%7fv!)pAz1M-3A
zp+5-{<09ou*5?3(>l!pG`;0Vt?q6rx97ku&a7>Q&z%o_+s+eU8p8P5fbj;_zQ}#_P
zZyviUV>8fZuV01+!_37SWb^*0x+5Wm@!P^;kqUEIzXfd#6houKq9?q&>8d1(OO}(+
zx2ocV<h4tqj=9~ugIn@D=#Nh~fg7x*e5EZc4=1}|<A(n4T~y7I90Bu?P@MDS>dJmb
z%YK_me2(WR>SbC6vgUd^t&)ys#{O>z7a5o)={h>)OkpADfs8Rt8A67@<s1LxA6Z8B
zXnfg1&iH{s&8zPS1$8EF0(V52n}ZnVm2)ST`R>vXw~dYj!Fveh{Dmf8i5Ka62bvMH
z!36@Z%GHHE4a)Tic<8XkFju)KaptSRLdmWOLBx%R)(5<G>J^oHa()8K1X{wZEMM;>
zQS^rD33!{ou!@~i$S#a(c){3wFR~yb^imTZcT(nec{P5|w0d(L*zyU-C0NUbdpbn~
zLL!dVhu_~{`=N)}XT7;8hJg3u>v)<8!D64DhO>#Hj_i|d2eRB){qKJTM=BqubykRz
z_SUbxx10XNMvw!Ty*7;1Zby^pOXD63KE{5_YWZA$w1#{gA~~d4rBxNEmPU`oya4R9
zsT*H+jbv+nJqk@G5z@^eF&&D^CtPv={*=M}Di1SrHw^Is^g|T-<?b;z{SazdYNOha
z7}#9oNoF>Tk2BQNh<ds0vL1{<nX#OyHZ+_cp;ykQ2<@MeELmc^IO}3>STkg(+|jSp
zQFpVsPu@#@&OdCmnl*Pb9kCsU%7xn>N-1|cSuXcfFVjml{M52EK~cmS-GDiJHCH0B
zj>(JR+wiKc2_c4Zg62$n>by6rW)$CVfo8o>HHO}IRlc7BpB3m2U91wuDBw6it5n1C
z)7wZsOURF@EssfK@4OEglPBYo)#0G?)c6QaOj(QbkizH`G3Ss+fvr~Ubqa&?5R5y1
zpjfv&;^-SbF-PNBXhLIXX5ndQXlMVrK!nS*rmwELf%if1F!m#KW+z_&yZPCC$NF~`
zOqs!cyTeLnBG_TI;=Pzrs1>_;SvT9_X1A+^=1Kyvu=ofA@(&DAASpy@>*??u$o1cR
zkIW!(*Ug;NF`A4N0h`2-gm}xR<qi7onlj3=7IPJ9NhsD#ZP4mMsZ=Qa%(@S4I!R3R
zV!DpaAg>jQShl-fq-dC<@5kEp?(|cf#WC0OV?XVviB_u%f@gm~`1{K@Z>uo*n9*O-
z`k~N|@rF%~mJ5FgGu2H0><p5<M$5S>92r6;wz_WK@c8_S&>(GEO{<{8=arI%jDXGl
z>$&Of>e<56TR`JbKr6tf9~H@1zqcXquGXwqjb#d>2N$LEeg6D}lIHAO&*M9Krc->E
zDC1gsyTLW^z`%n~1@nD(fS7gnclmNGYkQTimmB3fVa7pfEbsL;rqO_>X69O@{mV}P
z?uME3d$1iihu4JlmcY2pVDmGgO|*G>{Y}<EEGLN9Oq~TA$>nED-%yiN?EV_r&5-30
zFmvcmL0>vK-6tS69>IwC7!7>fmcOxe;?RJH)gWzLeuwmlWEzzWW9vnPg|s>B*DN>6
ztc9v`NvHQtgeMVeD&j5YVw#N7Oa@Wp26!E=_@MGbY-3eHgU!z^lV?E?_;=`#v%{!}
z?;ir_<u9aMH3$aDZy(7RTIQ9l*E<*Pw#x;9LA?xvaC1L~2bPIIX9)eiC&TS>+vx_)
z|DO0ARcA*rLOu%FOu=q%FzSiZufb`W_jYFo2dFe!VQx{4;yg~`s^WX^vOPN_%Kct_
zb=ZE*=&XOoP7-X^Arn%?M)@?8FX4O>djBD;@Ov%mP?1gQWU!FD+>|qT+z+I0&4fP*
zrOfjDEL3|#Q8Sh+$asjrJtXMk=`8s|8Ea0(4(>}c?tc4`-2G(vn`pkx=qFYpi1jA-
zrn&?wqsU^b8WbNQAi!cIyK7v;Lb3hhvtB^})I<4Xsi3}PCAa-uV#F74rz*FZS%6A$
zsv!>xVwHT8fzL?%-l!1<P6|FtEoGWv5}zyGL!~_2;c{t*#7@7Sprg~_d<UXr?qjO2
z&6-GZs0VE}A4qv5^JQ5}g4Sl?TlqtF9AiN?e<NpV@-i$pDYT}r3x_;Q*;<!_;)B<&
zZ3FU((~Ho2WkG@wsEMg9FglY(S>M6Mi2ajP38DQ0S^(3olYa=@9SE9UHae|oec%U2
zBGDQjeIyB_iLlX6mUkb&5nkC{<gcRIcc13WCOy*Ti}b=M)Yn`eEXl*@2?xtH6Os+T
z3G5cO)z9>Fwf;OeAarLsVt423szSPtiUgTJCh_@jy$GFA3zYPd!>Rl3B`@e6YHAO$
zZ1W|EKGp3Nx02HQlo@(cBx!X08IDy}g()Qs8~O-TnkNV^Ddac|e}m++1qA?>nGWU|
zf;?RpOEA#s_uVq|RWN!e@&jO>3dPtrr0^L=bV}>S>dQ@MB%HQJj`N)I=&KvUXLN0b
ziWc-PUF#nz1f6O6R-HfTa0xmD?AadQg$ryd2SEMgXn4p<Cwi6r1xxVLg{a|ZF<M9r
zH7IMTqsu+kzIbH(r4ejkyk1*mA&TEU$Huvn?{Mb$N?tR@@IE4V6Xy%@r_rQ<70JHE
zs!F#42;>B^efb5V4s|D-;iHYF)E_<ztMyC4D{b2Kd*!?-+F9B2)bitNw_hZeGd1`%
zpJxECIu{JSvOM9_X~Uu+Z?^OMB5>;oTL*Bo!u=>=PWOisihzt<WZF#8oTa32y__+^
z0Fs|$L!TvW1#At;_NL>8F=dS#DLf+I_Ac~|Fpj-*Rp{=F&5EPoodPBXoQqZv`SL2|
z>^;Ts*t#d_F(+C6MDBC!l5;-+LX@aY(3=O(d~ZF(6MmxyA21l3`8jqC@?I4J>H(*-
zWDtsJ_mVpmZZvow&hQ*xc^f5g!-a`NkAl_6B!-o&&)CIa<A=CGW7WIgroqHelEp(?
zU*IbUaacr#fYepCxF)yPpI)xy_gBP-yW=WBu)CMR$*3DfbCBRP*#bMUmykCSyGxb_
zfpx)0Yr#TPvvmVkNr7)=bIf~cQeqn(7nhw-Yo}E7?LJ68v~K0}lVl4vCpG}nJ_Fcz
zAmsAXX$!Z!&BKaDo6$i!%f!&K!>X>s{Zg+p9OW%~(~{CUNA0{l&hqbD!|}+0i{TZ}
zT0cL8^YXPwKd4SFRYcmxlfl<!s-WmL-~~r_s-W`7@<d0g6<N8n!G-{9>iJ!cuYb#S
zbIFew{tMz|-6yM)g2uV4cvoQiT{PGKKF4}Lm7Mo&fRsqLh9o?5Q63Q3V{HeG!$={F
zN@vp1J($|fBN9Su=3E8WEWrP?E1fmQ6Bajw9p&bcI&6ZqBg6vdg&pvkZWBW2k?igY
zS~)L{CmWZlS{yAKbv1Y^r>rN~SJ~>WaMe5>GQRk`RA$U0*e6|KGm?7a;5qLxAOvzO
z((}Mg)LEXfib$7e3fmG|c*@%q#ST9gyEfeN&MYjgc9@><&Jstu3Y4ehXwHI)yX+be
z0pDQOyW)AU!|ddxY2H3BCgn?-7uPqWMcuQ!LQeOX#&x&{Q``Ts+|Fzr$TvGWZG*<o
zt4BwqN5I~4un@%9hv4(-$RrwIfU+PMF%b%SW~X*-%+>hrw?-_LspJQTkJG6&#;`XL
zJCCI>8cN(@;q4ZF#O%4R*yNSG>t?EOy1&{rPMv;;f4H7@ijrCACR#+jCs<PL3R6f-
z`T%3pf%-puQ$P(hKy?~VX~|5ZP8*zSeGG0ZsG<XsKL4i5_Tj_Y3f_lQybXY-LTMji
zN7b{UHTWmr^B1y%qW%YrRj;ndO8svh$B+_WcsfVNsFMGSsT3tCLyPMsRlXVZ-PzmG
zrRdZ2g;nwSo4GN>4q(vJZ?d!Ks*;hl`znk<Ns<Dh@ig86{oS&^DWW^RKWvt(0e5M`
ze_vZU=?|Ru0}(%2VeH_#;JXXoXQsayBQi{gbQ6?Prckwy@HCM5g(J}@2k`BFuQ}J;
zRKAgapBx3!SWNhJ@?9nxh2|e9L`Ha(Fi1vj=Kq7U#sLhRF}!Bof8QpMsFDo)Btl7b
z@ZTbZz}ck$l8PmmUi<%^5V%$nC=V_1`tKJ1`^E!U{_w0gy~!2-_k<#pz)woy(w=`m
z$bTO#jPr-mMfxcN{`XgZbISpFXz*QU*bk3!UDa^$x!4OAs!B(+2L<o}in&M&L;!&H
zbf4Ho{CfWw|LWB#>AilQZXQNvL0>}puW_<@M7H_*0&zbSCeKPhFtQOpbV+!Q9c0oU
z_Dw-t*H_<yvH=s)kT~GHwopXm%E=7ogb*DK=H#eNzVijI%kNciRl#IuRNdup?f@nA
z_Hu_lgUgQ3!^^9@{pm?7-mFODe<^YR3?s2d2cn?z+SB5^k<0EX6axG-=6xa2c@ABS
z(lBqaiUB(7$6$2kIQaVE<|v7Lj~isOU|;`OX$R;<a<#Oy;3igR)g~l^R0lVD^gV74
zDdjT-gWB7Te5ekW>bc($atSmq!SGFjCIj3qV@1D4OrL)6nlq<~Gz#kK{TiuKx$J5+
zx6gY0z*&()_8-skn>>kL5=T&^simg=B|0F!<g&jQKAFQW$!_r?26)nizfYEDHhaXZ
z0JzGKpxN_Ar@;<Jw<nMez#t1IGMk`pYDh}XmK)d`>}L6fhtm1GHL^EqP2joJf^aG}
z{-7b?YC~C{$Lr!yWMY+QVjEZ$g^6VHm4A;6h(BXgfy6tBqc$Jrd2|?+l+1B^SQ%h_
zc%GjZT<ElF-V{m2XC2O!%4hSt1Dm2HD0*<5_jecMc8fIuA7gM7Lf;eSV>26Aw!uFd
z;X1p!bKAGM+_Rl5wWSIO2+VcrHrf9G(x5DdVzLK0w0NC&k)DCHZJl~^MqpzGcDdvg
z!u=zS2fM{&eh?h8j*FFxtB>eZt`Ij-g!5vZSvlRW?tq|x#)8T38^2HZEe8$#%Dv-(
zn~Y9R)0WO9{a^-U;K(G?NwdG+XU-JK%L2d^TcQfrUqII1HyI4@=CoF%rTGN(z`bs6
zkEp7V`1#5J6klEt0JMoJ<_Z@5VOpBbmg-XhLQCT2=v5pB5d;2{)zxobMIfc|+fbE2
z37fFn*|M0k`4lBFF>$N!uaIR=0R3xqf9*^O{*yzDkw&ctZgxVqoX+bR^m)KkR8%b6
z$RnLFtcf#d_m=Jpi7j0Bc{ohOSx9Akj7^pfYNHx`xlc8;I$iaUaS|i^xr`8C621Xw
zDX7Y<K6~Akx@Nk`XoEB?Ohw$PIP6!YXv^KGQa}C2_;CYX!~GaH4XFf#fN2uP*B&20
zIIku!#9OsQp^{APgZH_A7Q2OpM5Vc`CeZtiZ|LF5)XR%iyq6b$YJ|1JBI8L(#u60_
zM&qd@QgxL*tu6(A?E(nmvbwyxXadfR<c3=7t`{L1Z6}kVZ?7qgq>_@7)(ee{03eOb
zwT1_%F$x=;wQGITlUGns_`}przm~m9P3UqIaOg2h#gl!t+9K{McZG|YZU8g^%XFJ!
zmiWrWMV^>di=(a&=jkuKpEJ;?Wia{+C|mx+7E?l+NY{&hZ1h`$h7^6y%n8Qg(^`4A
z@Ua;OY`%k}QmMmf#u-#@;<y7r?@uY4#1cXu61n*YLj@>q!%rShcL-%_rTKu^2D*JZ
z@O9Dk!K`1rMwc<S?rYp0kOG_h^%$VxFob-)TRnHmShb-Vk*ovx+Gk+6e>8@EIw+aY
zo;3=gVCU8N=gieDCCp&;5u*+*8UE9FQn*6xSV5@(uzh?U-57=YZo{N6i*@`YgUu|1
zl{Tp~CcAa|2YG1J$~C?HslDxo%Q=U)p!eKkXq27rKoc{_&HPkyX)M$Bx^MB&#8Ab>
zM}pvl769m|E{Vs<#MHp?Cz5PSPgM?(j`L2<Tq}jz;~xf}q!k6Q%&mF{mTox`OY;ts
z0M7NIoxx!hWzpqzYu~6*qy)iI<1_}g+uk~s+wjqxOxq=gyI*W_$bIWWOs^r=@LVwY
zw$W$B?ft3ovzK4Sz+_tKS4^$u)1%!wQry6V?TN&pUeu6@`>P#QaN{?zuB;<0qK)7n
zvNn4l=sXtjE$pAYCA^P@;yyIJL)#*O2B|~@z>ZQt9)1ZR_=k#-3drwHCzZ~AR~>q9
zO|-C7Z=pUn2ykFZL9jQ`etr{aAEgs1zExIq4}_yj!VoWYcvaVR_jqm(#uH`hXGL2?
z+-ucL!$=;2%f*hsl_m5L_7Qgqx~Y@;>dzHBw}9HH<-~G>wIIO^DTOa!V-6_ch-)PS
zRV|R+ktbg<PuALE`J4!q&2t4ij%gMC<gt<bYX$;l*#Lj7nZP%)3BLN!C{(`vVeteF
zwWJ;%UVron?}Mh-c!wp)UC96w@$FBh05G5+vvDAu)T&>E0RI2oe7R;S>^p+)Q7J>r
zT2_zCPqrWE#LjpR3#i~vguV<bEqD0|`7wBPG%i({&C{vx_dLU0+awl`p0Ih;ed4eI
z%gGGNK9{_aV=vchNvK0}JDo{>TD;twV#=!2ZBWw?^<uE<DRo|PJDFeQh1R3hsi27_
zZi-K+Yb*HghyQPf1aVDI{`1vsr)iyp??+9@G-TKwG^U`JmzV7^2%4v-=i!x=PyvH3
z(!C1G;nM3pubJEPN|c|yS@jD9z!Kpt%w;$CAix9KH!?Y_w<|}eI2I5D!d)UO5E`$^
zWN?JD-i0l_%~-;j;maKP+s1ZlN&(9qpOJM!!1Je)gp>TdHQXKMeY}a%hl4a`;QmsL
z5~QXLFHQ%%(2;7XVsz+O&?w7-JfpFlOv8OZw!cepkI?nda(zsyf#XqFSX@th9GI8K
zY?Sps3|%9_a2Cf(6vfwnj=R5BBP6ST=xzJ&MI`^|+JE)49k5JWGN+*ZdnWkb?*I7_
zSSvY-F~a=EO!3$6wm@3i1Q)sV-%FMMMa<#3f%AREx2Bc)r&ajtccV;Ukn)Ux8)G3g
zyVoKW8EpmH`3^FG;CA{0={?4r*~b`=|8Ya2BwwKOqZ4*Jogq59oOALjBtUA_D>0w3
z%f7w5_0<hMe4UBjWzr)2F<)2y6x-=rQOHQKP%?EQLp&$$`($kMS8{`}3z_5ns5*d6
zFKW7u`o6q??4OHK7VdlcBtfo^lPG)SxPRSJK3;(31*=Vm39K2TLJH&|b3W6q*V*md
z_Fl%}Szl<Z%gdH49+x$q$Hi}j6W{Rf))En)H#&T<>27#D4ml<=K1{`7`_b@8Z}lhf
zs(!Rq>S8LANoP|Vg)f%_L>SM9YSDx5pq7l)yS^t?XJ+CX8<CieVkjSgw)Mz(A!aR}
zW_IXZUSFW-^vlF4s_*v>0U6vMA@aK4-74{NxnWIDdV)eht}E}$G>Q@?3cle8niMhV
zw}LR(&E+x=C<Fd<`KApO$_}HI(lnqMIB?zMYxt#-S|KZrtx!=+TaQg8I|K8esrbfn
zB_=2!Ldf%pU?Qz032e72zkcR3C)kY7q+6SA(D}LKCev+pt_y26-qd2g^N9O&W}J7-
zYQ2|pd-oKVhWW{$)f;^xqb-ohu)}P1?_ry_a;+xPpxvc_^3|@e%Yw0h-<`M&pw)Bp
zt^AmaIgi{>M&}We#yF4MXAHAmu9wCh^sS$NXTx2ewI|a}Q7a0yeFT#4f`M&NF<=9^
z1hc#emhbfU8XRaKSR@Zx<SrnliCOn~Fa}S-RPucRm@!ioNdp`bO(1JvU?4I~`;@4V
zeSu8K@5}at7!yKizuF!R_-?rGrt}ne$q>Z9T0G5C=Qlh33a0;9?S5u?UZZ?{t-bi=
zbMVoK_*U<WZf*GL2Ls71Jem1m;cJr3#ah)=V_H=T#M%1i?IWV%d)+a;%uv{)bk!M-
z?V}gD=Ya_wrRPRBTdfn_W&n|Sp~A<cPngmIa^$i1M{ic<uJ?4TSB7i-Xki%b4wFDu
zM}iubjXx9{=w~H0QVzKe<>(h|$*CnJeYHFCF3>H|F+i^x_Qm4iXww=RE?A6f!d)B{
zA_@vI&|gax`X;xpenNG49St13?!*tPCDBV_@i{$^x$g62Dde<Dy|3uc67UJ9y2z?W
zv|S5Iz=@Qk->aeDRj<-*pxa5>V*iy(2})09pr)qwyr0P)d=`uZFjf%{XA4c&jqw}1
zSu1$miiFuBdhUbR5$Dq0TS{7wI*PgajW0!uq(XBIawEOlQx1=cPwrP>AHMOo7SVVO
z!^Wp-<oK^C`cX%}s{}lcWh^FhiUy+(RolN@&;SNrtyu{|r_G++Y~oP#kKBp&2an67
z_k@C?$Q~|SP6_?12Vpi0TL9hYa<}i)3S^^Eh7so;4UO6%<p(36O;_r=@7I>o=epA+
z6Wwh1ZN`zt@`S{UWi~k^BhIP|5)mXizGQR<I&V&+wmMy5@$&E})fGw~FzTYlI(opp
zCo-p8iAJMVDEt`Z6xDLAW3Y@C!4V^$L&iH0gDGp*2`Eah?FgNC`*?e+;R4c)CS#SU
zWkN}s@(dTvz~U>Qv}DhQ&t;p&Y$`{7jd|H=`LcIF)+MkqjfjZIyCd<+^47xiLj{~<
zOm-e1_<F$^Ue2?{<3~gY*M>o>f^rB$zYo``sanESBasm|w~}1VS~Ud#U<cq6emcYR
zo-@uPu4zE`g~n=zB8gPY)0I&v$Kce_2l<Nk*V8ZRFvW{|gX#X*N`#WBtfJYHsUJ3-
zhBH8{9|qgi7Y<puz4;<)XltEslp&623e}fb$SH!UPGSfBN~&i;DN(g#3WWha9Gy}n
zb2a_MNn;D}7YZj4kGBS5OEA0~931LXwx|_z%e+u;b>*0t0fvx{dE3iBcIe9Kat^og
z(2z{hUK5zZ%YOgr<ahr`M!9(<INol*-dcHxnmblcal6D8=<Id9&q^tirlfDfc+%!>
z5U~Sf8G39Ubny8d*Y6QcUrwi_OiBY3u7QiQyJq`^Z7*4YA6L&d;7+XiW@+ALzX<mG
zxcpuP{J=+`8~`SFhs4lwN1&&+=itxN{euJPr8=|cEy4N8Asw&$B7`X}65U1yXw8AG
zfr#&0cG+zjk_^@QT|IU^PWIFS^KUkj%NM@u%#YHA2fSMK`XCSf5y71rE*OeE*#ChZ
z46<auAh5orz2x_Nf)*O9DqEXt`t|VHY>f@#ncuzJN6{YNU8V0~UQGz<4E_X}cYgyn
z#X0E%Fa-rC2`6dH7)kUAa7gv$tJ9hV2@djFb)G7Eth_F@z3rx{q7s01cb9c^cMnxr
zEwa2&iD<)MJUvy3zz*FqsL*ms-7;9cn&LLD&K%PgO%Ot0cU<c5c{y3>xa~;iu0BrP
z+AFyxvAWnA%m>LO<o#T(eME`I<Ic?BsQAcRZ&6q<G^NxPfNt4WW~FwqvZa<if(ue1
z;j~g|oBaf?3K)NPe2ea*TSbH1>+m*yrNKimnO0q@DjJ79G6HK<J{*0Z<ac(cQj9IG
z<@h-ffkB*KfBww=g>$L)FT4b|iPjU4=hCOLYdZv{a)!`}Z(|kmEA=;;bjl3Gl=2yI
zR5gRAp(!_JHSh@<^*X$G_p+L#_G$9jEM^d#c53<@z8jn;GC>awC1A!wrJ}c#cak>=
zmMf#lOylC8p^)9qW`2Gc`>qs_#Wu_#g-3-rQz)ZwfnI!#oe<LFyd(3PzGXzxY~M$m
z^g&lcCW|K?X=YF%jRHy|4Uf^VHlof62Q~$V<p!T6n6Pklr$?CL!E{yw>|$R8D4WH3
zU2az(tjgh7?oOo+&A>g}5X&vqnPbiJ79I)hW0TIaIOx|MyGNk&b5WX+`3K17=EAAm
zo&QXaYR8sW5T|lO*c#dk7-5AZ1^E6Jq~6&=1v75nQ4FG#I;YDJxDKdLq!MqB&)Tp*
zSKN*hAe`fSVGiD*gM5Xq7_Qg61ir`8ob=@JGY^IOQ!MtGUV%@pj~pV?+jEO!<zVAs
zp(yL+(zy~Fojq97-w^P6W+}O?3$)M@ppzjj4@Kote8Q$M{h41RN+le%-t|hNMabi#
z1<I<%tuD&F2n;_=1$&LuVY(b%YY*~gZMHct5YcJ3(=^?(=r?Z`sl$qlC$V;*U^r)@
zxQ~LgMM+rS=z%`*7AdA`z=o2<h=s&_nz-im<tmuT>3D3;hAUF^-^U4rn0PY8uKoRp
zYBsUO$qL2R;r9ITq0yU{)DH?4xhS=Q5*~9jTBFKf?CdLb5~VZMhzVc{FajQBtckkC
zgg;ZuWqeep*G!T|zh*~i032EP16Xr&UY9%gXgqd<Q$)}(;+<fAHRVr>&A!LmsAr|+
zTIX1lLrJ|MN?A>%ibd8X0iJX@vZ!1hb=X0YL>!W8gL;GI0BLBOp66UXpOj6f%<!LE
zlw)5+=?D`y)AFD9*BtzlaAVE}bhwhe&ZiO4EquCL2_)@A^(1{R*n|v&?s)I74+^e3
z2D}wnH*XykCpR``<BZ8$)>6~eB;)p;)}J4r^ep1(^6c19dkeA7um!LI_bgfP^m{eV
z4V-ktO;k|fH+f*ny8WSek;Utoi{tSNC++M_`{U)#1mi&4j9Wp@7x&35c15{q<HP2d
zh9%UyXSf8|C%9L(z{#smknlL`_-!761(xx>fjtO0EZxpw?lN2b2xe%AXGQZi3yA4`
zZO*t|L(aRyljw-bQDis!kdWpHDW*^G8GOzN$#glnTUVdTMW&HHn-k~{YZTBxMs#D7
zoNsX4Vt+zYOXOp-;m8W>r<p&0Re4^rO@P1Z12O=m?>pKWip}M%hwnR|B_)o`(pa}l
zvKCpt<aq?pB{5Su$s`XmOFjiGQS_&+#SGw;)5tLp3Hs6<*}2s(nM9YFS>2Dyqn&N|
z<)X`>5P$Hb+qj_i6{t>soc^{Z4wb?c-A2iPo5*2#o^wIMA{u=Dx#RQKgp~8k3S)c$
zTe`JQpWM?mKMHd+<}WNJNuk7Zzx;9&?;HhGQo<<=F4L0VO9iz2N~AWh^X?5YKzd&T
zrZ)|_W;@SqG9u-)y3R&Hn1c#3Mk3H{xHG`2Gu@nS(&SDb81QfRC@0phVuI}jay|+M
z-*td-0G)uq@a4C--KHeDfe0Fz8WWUV*9SAh-IXq-XmfeKguVXnC?GdTW42_Wv0wF?
z9pm8!kgbL{UobM@d?{ry_FTQ{&D?~LY}yHa29WvhDJdZ8RqSk+vR`8(>qsIK_a?si
zA;CW5&}~%e^(_!4t?=n%bZ5Eb*SDTGD;!oTP99wdrLN9bWE>=gmAYJs6|5{0zF!eB
zjmU1yZhV2v(woyI^|1G0DnpYW#K%<I%w37*Ix$7xuiA}Fu6cbIKqiWI<tAC#YZ06#
z>t2EYi9q?CGA`p-zIxsek_30E3|y|)(WeO!SL)QqoH^(pJd)Jjr*&`fYTd1%jV4f{
zb2=<*%_RMNTrZfKs`xfMkjPfrzGHfZ_>d8h?Mh(joylb-b${h4Pa`~56A9M|%PaYW
zHV}DU;o&O%){dQu;VtIf8R2Z{b8Nm{KRdrmzokxJ&{m_Jjwk(F3g;g)I|973av(5#
z{~J7X@{{F8Dx_gqEP9#wau039P2MaPD>{Iq9!rSr5Ht!uzwcMhB)E|fP({RM{OOyV
zdpLhV#|`8pad@3V(iwni<n;0sH**3lQ<<~_TW=2~0j*_oJ9nfX;Oj$h`b@DrxsUgC
zbGXaNgDce??y#~U>mhP<Wu*ndPZFBO2U?Een04xp>s16@*V=Wr?;VRyz7tCwp3yIy
zJLr>-L2EV<`P|*^=coaMI$Zw2OU@%bM-oYP<#J<5xn|YKHary;OZwbqTPxd7m`Z$5
zBCxYu@JTvRis*T%@R`NtC!OzOwD*EgrzDBUQ!^XFZQ2kDU4%c``KuU7e*#B+JxcfE
z!=)23O;G=Hmz2&z%*1#3$ku#mTIH&Eo_DNtU(VLWc-I>Cx?H6PA2`Wlminm(kZYWG
z&NE!Od!y5<sBIM>d7Ul^GEcvtih5UTb@KQasWQTk=Z+^NER2{<WKDh^86Nu_pg3-B
ztDOHOT`-^@*A?yuhiuMNaklZ&6Pt4}$8O%64`-{DsoSv-C>*{}U(R9J5bK$rnoZ+6
zEY5P#;4&c7j)hrPa_BAGNG<Q)S7Jl6zf3~owW-SK2unq^*QP)g^H0YW$tQ+zIV>?P
zH)QeFjTjN&QG0Ez-2J|k&Y%bfnc~?1OtqE&?stdkQ?xZ)qA+OrB*wrHmNb0eI30Mr
z&Y(}O2a7}{(225ftC06sqwY_%<NbE0?Oz4DJ9>`TIyeFczBI0)@Lc+*lWof$+O0BM
z=95gD=L_|5{J;zV+dfX}1G9y~Z(HrOVYPY+sPqu3o-bIexB+J+lUbxT2_cV<^ogvS
zNeosheC|IX=S%g)<T@PJ3uLHeI{}&Vyg6Fcx7zN>g}k46AfoYMyV~5&iu`gv6eN}?
z$hM?F-a{{&iCtd#uz@@VIpYxFYoL~b`rvH>v`?rF5Z`7Yl`2=h?bz%@4$vleAOMla
zE=Hj(+q5ULIC4KE1A}<mf`G6AP!|d2-P{?|EHyZJ4Ksdk@0DN>ZZ-o?6~lu2b*Yy0
zJN{vY|Ad3;mu5s%#sPGK=_*(A&qiSdohJRY?k;nR*&T{`1Fq_w+uEYIzt<tE8lMM+
zUZpnJ<tXAUe)hshILA0^@o+eRgDWu<5S;q@;T|v^Wa(rAXx5<<<<r!H?(e~N{95R*
zI_vnS1cnl*O3)Yqn=$^kKRg^ACiWi0WX)wG%_F}Dj6ZjU;g#Vt>1iD<R<YjTvgE+M
z-?$`UD^9~MHm~nODDVQZl$q}(hq(h?jp99?6(1X;`;lh&7{O7-!Y8`%J~MS*MSwq*
zl0_kdqv)%2v9o7j=g|?e&^<}7vH3dS*{(fHE#0%?erkTwEi=YPV+kfHSwfm*u+r{>
z>goQ`{(Cs=SH!J!1z~{yc>n<(<ivm^S8bs5r>WCyvuOdROAds=ai?85-01J?F`dy4
z3P|Y9snzYUBRH1GMANB__8TKqBJ>i@@NCN8ym`Sqe1lLPc)M=9Ptnen%4F%_tDmi`
zUj)2Pc@wk3)*o;|7}KLBj47nkyGseorQB5Ld9@eib7jiW6Pv389G@wH9hoE=RGW%U
zY*l%q$c6~>fN;zzT|}^ph%Rg*R~lPy-*<i+DdA;S_?vXaPY#P|SABVFIs}zHOM|!g
zHfMRsQTWs`6{un@=B$eSn?4X8c6<6koH-<H;6OotFY8G}=phm#772VoYlfZ4WK|H!
zw6$&|FlGp+{xW-UYL-yszV_so1CPkiNS|}%@tt04awg&!Dy;gRgRb|N!;O}kLKkW$
z({JgUDB(EmR)xpU2yQURnY|<>pXZhy`wemiZ@Rz0H81~8wY5jgx8Q=~0#D_4HoLPd
zg@Dn{`o1d@qARV+rZx5k6YQpHF-JYAV?am<qrxM=FA`zGT&3V1O^;9b7ofz|mao0A
z&x-L3ufDEO`X$R0EgfyK8Pv1K!rnS40wtL8oY1kuN(RlNZAOnbr{mfC=U8QTLA&O>
zABOx9j)n%Ka%HvIip*w*0j?K1Mrsi0b|#-^qW@#CZ@ZarfcKJkr2mZ_%%#~LF?j!2
zjf4(4LRIzb<(K95bk!EiFYezMH@i2w)=L$Q(OK<=Z)qHiB_c6Q*g=f8#SJ1HI8GjM
zNCEfhB2?p?;rP^z6#*=UeJwwY-UO8)6Ti-u8P^!WgF#>SdaN7hk{Kcoqge<B?jfu9
zdN$t&-e4>;838F}munBP<rjUy7oVly&8mrQ_V-;SYOd8(!5p=*<n_XtduhGKC(7?+
z{WRXTIKzqMGz6p#F0hd7C_srgZ@M-Em|=&p_ONY3BDBx$+POy4y{$U#QO^^*lMXrf
zFa3YRvA<6DMrE_4192f~A&@<(xi(81J7Sg@4wUbeYgXSjs?BW9rKe=yHHr^1G@^oZ
zo&*c@#%wJXGUS$tWyb}f&08OGdd+In#NK5rd8$M2%Mn}$?e2<kl)h^QjS4MMn&_iJ
z)E)A1o$1iL?7>!U6y9MV{v{p>=PX=t04>rN3=OTo-)O%=yVv>r>$`l+1DV_wOIQ~W
zi>O|Zry1Bv=W*I9w4D4#8`&q`s2t=eSO#r^SV9BLs0qkf2Hl0&?=2(hN(&1*x5(M?
zv5#+5EzZ!LHC|)g{p<Jo^}3oXMg}ufuiCoz9m3q>s986oN@PoZW7P?zj?{c;@jA=l
z8OP=JY)<<{wqDG*axAfM<SV{;+#-9t8TkbX^@|3JZ$%lEDzqpDWT)mg=!@Nz&n>ZZ
zK~dW190jzEAp4J6Mg(iCqRI;j6P6d3?~Z*=VJYQsQq2``X{vs+?^X!&UTXddSYsFJ
zB58BApA0G(S1a>IA5AOx6Q)Y4i5VC8b+Y1Svf@uxgs%i{SMT?Etr5wlM69sN<a@FB
zy?hf@clB{C-C4a5lb#!$Ag-CrSi2qv1+pF|&A|BEtC*X{8^({9+tOx)Sg=+&{tiox
zL12ePih(}dH{*3IkI0ZAoZ=`@>}iGi9iIB&cH`-Qn~xzR3h|;aEo(p>zM#+qqW9RF
zE^j<~F1kSn^=2$K+g96=XDmbB;}nA^78lW9rbl~aiRBuVCWYj1gkv^EP(JT0bK(hp
zM#@C>NJqsp+uBD$E<o}c@)n4E#~l9nn>emcq+&2Cv;T;QI2<Y|iB@&G8W9`F;7k)V
zsYK&&9^^ywy5I5?2IFh>QQ&;hMtne$nty8`W@=gOuTInXzNb|LX?m(2fqa{R-$yu?
zRy!Z3^8qCdBCwmlc#q}&a;Gskb<?}QJx(5^^!|4gBq>dInkX8j98CtHrP)sxGulM)
z4R`^oUUu57xo%tJ{(W3@^ZM?1M7go))E^Eaa?zYsVQ{L_bMK(-j(!uagX?kcyDwnF
zs6e1EIR>?jcDofG$F*05;yutv;G%$G<I4Txma82;&{!v?q}}H^Y^T>eWxaa)4<ceP
zfe`O#vzmq5f<_3^X!?>cArp9G!g&c0AYM@mh9bByjKAG=Fg^!dxqvlMHW<KD&Aj6e
z1ZF&*xoN*%h1MZDt-JsYqNPY{GB=ufJ-NIexyHqoTF!Z~-9ZdgXw%rN0WhpNLY8K0
zcie;1Pxv~^?0b_V&pmt^?Oru7krA(?Z;+=FOI~;VaIF=9_1h*I<Tr)fj{S7f?9}j7
zS=uL*gISw1_G91S-W`hHQW^C~0wFLHOWeomkj$np#=QYccYe8ox7_UFPbemYI^#G$
zY<nXoT7>HA!@n!PvLmp=_VM^`mGVB_`EGi%D0xi)>q`M1SH<+$UW}(|Mc+mD5%ZTA
zCX-xNo`JLvrV&k+=Zo<2a9Irg!V_s9QWx0uc6(AXzqHx>XfGYFDe#S4Lg-DYT=95=
znnB1@i1BXG{pN63_<hi{vME(q6F<_a(I|Z2Ooy!Gg?T6hGnm8}1$pbOopb^0&C-z;
z7jC;kCTr%THxYcVc$N0-N342*G}VcmCjX<vv=F4@J&w+n0FuOEd?*=9tGG}e(EbmJ
zFnHK${>5wb=Acxya-HzeTJtws@W?zLdfs%|?7iRJYR~QyM|zLL0v}q8ig-Kbr>e2l
z-H*K7i<sL%Yx1mvXy65@`Y|rloY5~&@VIb*r4;($EB}jcN86)U2R^5rG(cyfJJW%z
z&Zpx87Z!i?F=Pl97@t#ce;v8`kW)K^)Wwe;-&i5R&LMqn4)5@}8{cNudj7l2KqMw>
z!XwYibX7sx>_jg68d^vvv<22;0t8xSgW5!wgKZC_muNJ>hZux2Q?Oh}N`sPP4vWKY
z4yM~6<YNl-S>m`M+F6STSmeysz9^)rA<)RLLShb^B@K{N$<%r4yt_lu6zH`!+7{|f
z;8)+6n_$Tp!jfC>>d&>|hLLBPVWo|wIJ{q}`%91Cq3>Fxd5<Qu!}0G0@EU3T7>&jk
zO0TLbh_0!)`C6YKpV_3$%=LV;=^7sM;P1*CvkZMwS<o3KozA<e_|ps(8lFgZ1!QZ#
z^xKHt#>9x|EhHS{b<@sR1hxDe#BNy^qXC`Hru*3jYy2dAhDbY9)(xgJenqa6?o?_^
zE+6n7Tn*g6{vzDWY}{z|2_00-B3qV=W2*@5H(&oX6ov9x$P}!%wB>*I4DGC9xh<md
zZtp|d@nr@Qt<1Y6TvRGf$F7<IB!RPD4$LV!IaPH%$?m7jN5^^Vmx;GiiOAoUV7gZP
z5>dV1_c#~i1H=_XtZ*2)mH&83O94BL@#S~4b9iVh=_`5JyrmxhaZh>7%kDRLP{v49
zd@iR7>U8QT3Fh0#qL7ewJh3cQ_>$X^uC|SGbgXgR%iOxg)1pTHmSA(92#2K5f&w<w
z7_T?-Z^2$T?2FCzVdMf)JTWod&^L`YVlnNcA>>$+_gbMaY8_6o$`*Y|^R0T`p}ZuG
z5jFFYC@~GLli(?m_5E6OpkCe_)@6iE$Yy89&qsS3#zIi`nEyd0qh7QC0im*_9DLfW
z={a%&Y+w{4p;4f9MVF`niIr)()<in5#4yJy7=Ia2(o6&qGXH(=Cq{!9(Jya?`*&pr
zG&09M_zokR&(6~HR@zEfM*8rmb*JD#j*cHqk6PTpno$o+o`caWUXm75jq#J(?f#xA
zdUpJW2uQV9v#Z3>4+Vx>9_$1!I1AC_r}F*qsEp_^X)blAZ6EbMw1)VTCxlqMNn{%A
zV2i2Rsi*~3YTecFcTX@kHVPs%*=SWHF6@CK>IA5;NNjfRH~?TB4m8Mlg<34!D220S
z6lcvm4(|S;?5#N_F7VXdE8qFSDLAx)WA`YA<vyVus%*WvD+V5Kc{eJJhujiJO;p!0
zWuh*sA<TT-F{aZbGLKYlnP{SM5btMISUsN!$?pET2>zh2zCNuC73Z-8hoZn@<gY_l
z3&4020k>D{JENg5ynY;B-)T}<e-njo{5uA4w|6-vw_xV#x2;!{H6?L+Rm;e0JGmzx
zstVdU<o<F?@*;%8D6B*<Z7Vg;Kav=<H*euGe`yl6d3_argD-BXPbMdjjoRB?3Dl^9
z$`mGeTBO4+<TDoCo7A@jLSKM=&I3l^A2aO^En3)8u<>&`2_pK<xGf0}>~;po-#&D=
z`hWhA2Oo?9J-5nQxGHTYDJ9x%gJ~&c9pCtubM$8o4ERX@`Uo(J@=pL6d0&AJ|M&d=
zx(v!Cic$jB<!Nc7)IW~+p92F~A!TL)FD7Qo=>N3nUq}4)Av`Q5EUh!#R<ca?AD8-T
z@jVDnBaJx7tyo_5cT4}eqdy0dB12GGk)GvPNB-Toe>ar`hdeJ+8}3&own{k>sVMY=
zku^bQ`M-~h5bh>1dYO2ahQ^@@T=JX|Xq$Ir+90wEwBWWJ+P;}}z<;%|`xOy_)BVYh
zw0ei`zuWImW&{PagiH8`?0+5g=RTjhP?Vg9Ua>EAs>Gms30e+V^q?^R-Oz47R33Lv
z>VfkO22SojO(BO2D3nIr89KCL`#%pu3A&RB8Zxx-Ys|Ilx3Wt0e|O6No-P(1`mMAx
zBGgWc_3YD^SdR4nc+!8`<1O*$FXT<<PeQ25`@@E)pk=lH&y~Dmg*SQMLntF+Z`^Xu
zVUWIs0LU<_SOOs*vaQ&aq1f#aV(zJh?ccvQQ05KnqW-=NiXMt1Vs7v%nfRWf_-91I
z<)dG_AMKwIFh|G8MtNXUxvV~525d$MZ(7a-((~z@p#*dT>Q7MZgg|{&_;WVUoBwD^
zK=q#oYdGZdLZ{pE<pOQgFb}0jJ~g1uY)abB&sGvZ?rz-~CUd)lfwCEeD@|v2Uh6%q
zeHK$WKbGqE0!`-|CjZ$Z&<M~;g)reOdCBJv(2aI03O<j&3)VY4XO`GYtma2I4hF8U
zul0jMUi2{l`No9Zsa!E2CUSn;9%LHg_4~MJ+4T^1sLUq&f4dLx4$<I)U%uJ3<^CEB
z$E2VuNWN=D>2Brl7W5J9{d7LD(uBbePQ4xSxY||SXEFY+SxtliL=+-W$zjb#622BI
z=89m_s~1`-7rb43yge(KFJB15V(_@!#^AEmYU%X2!tw+}ya@%q#KjPO018EZ_=7|$
z<%=J`*{io*tce%&zLNqZa0<F!_(ZK{3cs=FQEg9Vw*iV4d_az!fACNw_L(zX0>{yU
zLmr^xIz6UYJ>0jphGy<_dDithbJkT|2$ZRr9m8fG>Fev$1xkTWP6Mpn0ib1tLGNZO
z+lF$0x!2+Jix}j3#N~POfC*@vjn@^w`T2cinbYO~knfUXL09PyLv>0AL^LEax$KIg
zaM_35pG1h54Lb_~CA`^-U)1{m>e`-lj?QS<DSGbYej9g9V(Gj)UWACvq!b8^K%-HS
zhQX-AAuH(lXUYV+48;ZY%k>?rL>LN?<Wu{8LMt-F)pAgW;}?#L?l(@rHG+jKlSah7
zRn|5BDhvpQ?gONp97&9hs7m2EP(D3IX=_T{rrSSY?whHFC!pjvk;a->rdciRkWL{=
zrH~<~UZzn{YdZ9!Xe{-s%k}a6P{IPBqdDMx`TTe*I^61dCIX1T#hn9MJE}{cH>QCn
zy1zVMu2!PpXR-_Tw-&$$o#u0H1hE%R8*u)C9#CWOw$$r3XRiF#?_THaW@5Q!wek-W
zO3TL>Lg=~>wuj%(OK3X_hS&fG=(-OS5d}GH2-0c(#wS$@^M6pUQi%qnYbH*-gnc}3
zivVg=XXf|8Y^<;Cio)UhgouYgEfJswwY<;cGsE6sZs~0C?Cyl_&Jj?%v{bzuJlE=q
z-|BgS2V`BRm1&d%lmZkW%#}EqeZ}S~0F*t>O!YK2*)EX$kGBf~8->T`HyJ&<8b(03
zh<^if&Ykzu-H$|s80thUMKG0zpx4Xl6|jMmv&a0P=qLUHXt@2BJI(2>*J;4Zx!Rq&
z^}gH=FNy~g%r4}T>7w@lrN-@LfS(gU#9}yZvAjULH>g#?oGKhyEvjmEJX`;u=pLJt
z0~Cc%IS1-DdtlKUh)zyr@zOg1FF(yjxmxM&5>UOFcPKa7@9Aecr|x^JD}dq<kWHnf
zwv${04k?V$tkT<YST|d1y~!c}7*(eS2$hsjS63&3EM;4-aX)DPvOqXnIJ20-V$>PA
zHSUxAqVZiT{g-dtncSR!YO&m}5t{*EQ$S!loy^Qykt!es1e8&@t<XH<zkeAb&ZKaV
zCCOE*RvvTS9{%y!YB<iYumczfNoR87+mC=|)i(cOHm@uf?}E_3%t{X&#1rhVCY-L3
zJG(&#4&U;NOzS6KxLmNMJYeRcg*RI^-2+&xF(kUXQ2fIOH$|Wh9*gBI?;|#>9zeJp
z-iz>fT(&emk9Ho*ZD)#}kEevsBa&h!L*eoOgjLAbVDkeG9QQ|y&SV|Jc_0u5ahi`y
z)%Mm@mzBIir=cu<?z8uh2NAz-*2DFIS&K%i8m-Kumk#U6YMm>6b+nfPAc9;MEE!Iq
z4e})-I!&?R5%~bTbK>P1)y4eBN!u7Uu*SXcm3Zi455pPd0BWE$0~AEl=CEvbG<t;q
zS0o!>jZLEw0g^D_W4i)C^=*a&9I-Q!ow>S}s5=9$(oe+Wuw^JtONn$-nEoiWJsiKC
z25_LP;U0JA@j$r$pT?I4(lEq7gWng|H-j&XJdRA_?cwOQ+3jieT)Twx;q*81YGyBS
zKz}7U<7~Ada>2{P2dE+?O3N!qfmAI&HfpmtuF|2yxm;r$R59_Vg0_04$`S#?-nng9
zgO0LLwMXB;bo)Y7XlNS&AZ;vC(NUiiUKfc)PiM1>vcRDAII#SID&f&ATDT(ZwQ@cP
z$d;i|4kp00B4b~IG7cmWu;!?Cb^pk-9Ll5R?9b_G9^SM4t~m317h{X(PQ=dVX2+l3
z9lwdDoc(Q~{<VPF?1KMJHQ{$Lw;Bi!35freT<&yzgMHVTh$m97(WGF9#|fPHrd4KS
zDg0x`T&dMeKLXPNPDTUK2d^LF>Ggo7+;|eO&qZuyT7MM-pvU3tF>_f$+dy<26ts|>
zOs}aCW|&YYZ8_ZyAvmLBn8s^^)$~ok=G8Zzgy+GiUY<7;9fivSL&c0|7eK0D1E578
zLmYXaSrN1RK22sx6C@J|I8GCYV}HR9!1+-SSrF@Z3=fkb&V^QEiAF5oz0cUmL~sim
z>Z|;ZwM4fes*-$0S8r)L3?}sD&XnXYYPnC<k$wnE{uaHos>KnveITn@m4OIMi2|5e
zp~i;P=UGoSh@d7(FUU*vDqC$lPEREDN}U07j=0nePV4F5@Wg#!7BCUyF+bMI=#P=w
zysvf3)&bcreRjM4X=aXKGT$yC>vU?IZL9`P$~HfXCNZ6U0-mN=ez%BZ3PbupCPnoJ
zQ|6?z!WSTg0Fy0Ds=<1`5Yu)SVUHH&i;eAk*}DbOiaEk{YGCRox9f6!<N}<^oF?jX
zGSD<tr)dH#Bk^cpiR^}y3zb)OS{iJBj!S20=-@wBP$bP{c@&Jz>%5gsV$e1A6;1^q
za{fBXK&l3f*x<N}e}g2@S6Hh302nrNtj%uu(;<?^Cq%Ap>1MX%H6qhj5?8Z)x8Z%I
z=vRl6k4J!xMoT^atM~n->Y!Zu0estDE~{xq|7)=x@8No7`4>s?mSgc?pmez~0HEH)
z8@9QfY~yilF{u>dBtNvjAmOpa^&HF=*HI6u0?{n2(QImBuSz*N{WiCFj%l*SPgj#V
z4Tq!V>*t?%-A`>J2>G%6Ovdh?V7g>hB7wQwJQ=3+S<zre1aYD91bMD-<hD-wws0g-
z;%L7h(2eQSR8I6C1<hlIuT7*{4%8_I8vp2jVbq#XVVW=Q<8e&M9gZDU@OSi(EZ>4Q
z!y0t&fMjhfkoF((@RDN;a(TMflUS`FEK*VN$O6P8SP@kiMr{D^s0`}d=LdhOU667(
znjOcj<Cb#T4&bzjfsPTaNf}=Zn&4y7do|6*5d=eK<qCMvnMZ+*?_wHkl=H<KcyL&U
z0us?IXONs_oYU%^lg5Zxzk2i8<kq)y=>3mdLE?zg?0Arn)@iyS*WT85KGbfAXZ>yW
zG{Bh|gdrikP-sOAe*rJ-ye+kP0hGeRH^t91T^S`N!q!JkL*`4MvBk1d{C{knbyQW|
z*2bkl8WE%$LAtv^8U&P<?v`$(L%O9~P`bOjOG>)CJHN%f_q+GK@fU+JIGla<*?a9d
z=lVU*bF3eNoO=*l1%+<Mi>A`@vcJn{>Ul@<FO5mFxZn_hN5uEMe|10qEVPMRpIaTB
zQM2xUf6d>1yCwuxYjcl`(!UyxfBs`Mo#%#z(S%L^-=D>Q`^`P#Yc%VUejfFIH8h~m
zWPC1O-&7`*{q-3C@$TSIC6kVrCNTfU(Llce-3=s?`VeOhsm<2mXZ4f2cMU@g&O6MO
zbB({PYGJ7$J;h$&B{P7Ol*ML`y=mH%JjB7r2Fo5fZnwk63GN#eKVVULtD?+*iqPBW
zfw{Tr55y<v?D42C%PrlO7xywojf#B#c2wFvpgCj^lAnN8gGRyUm8sfg&w&j~cDt*5
zD44*Wz5&kUmG@V_9nb1I$qyn*5_5D*T`%SwT%R7BK8LclTEp``T;b4ZltnK>6H6lY
zKDzBqSw53NxhEj0J;x40bX=?1Rcso>Zcy)~ds+22ERSXP#G8Ba2@wLP&r<TMkw&`j
zw;g@82r;JJg>{dS6A8v;4tL=U_0v;{UM^ui?@>sqJ_|v8F7hWuYea{C)%dHVN(I`2
zOlQz6g7D;94ZM{VH^T~Y<csT5P_yn%Wuu1S^Cw1A$l|`BFo|z_?X95SqqL()v6Eb$
z3)P6=_2dzP(2t)4Mv<{`R0_hovrQ~uT|E0XpjGEe$7fh%w1skT&v(R7oI>q8$M#Dp
zk&$H0coEl5iN*KARKilFw3%AnMT|Iz80|K&`oJ?B@2xUgLAdgox$p}k&TIEu_j`~H
zYXYy=b9?$2^!<QLJVK%4Xjc(DX=&5J<Kks!0=;&oMvZmM)?4|xDmRADjn2UsltJ>K
zC#aeC0UZ$#b=_?P+xzE!A_Rvez)vWq`e+2|<4@5qbN<J`9M`qd1d~F_prlbP#t~52
z?^N<)DM~a_u>0%USningM1M%2H|=`ECrU2VnRBGB*$R>pR6Q|I<2l@JZOT$JfLAg{
zjht<bm|iV<*l!N1y~L)+?+RV{q`mI7eXNZc^#>(}O!H~4SK-Dg$Ls0Qcap>^WyZ(b
z`jmMtjQhn^)7|An!Gv)RU9W(nMai8@(%!{ZI^51-lbh{ODBE}v%%;2B<)b7JNo1&$
zXe;<!pHP3y{}4}gdCYr1tspGG?RJU(dD#t@QpSYa?vj^6HhLx+>k1K<U>)HLTL~uN
zVUU%QR<k?x)y8#j%=zt*xl|&fcV~w|TX<>%wcP#;^ub}-+FL4_?NKb56n_ouO9u1t
zYKsNAxOeeC;M4DZ7TvBruJDsfrUVJwxuBVNevN2wv%RsRA%M(~tT=3mUOppovxGS`
z`85`Z_R#;^{Ju^~A^Ux9le++V_~RQgSNj6ITYWuBc`JA8E1RVzu*C$3KGEB7g}en<
zZs&j}ewPqnelEjdy@;WR#b$;%Odrept9Pk&eQd3#((6e`cnQhawOgUO$#IoStNz|e
zda;kQ1^o4GFP?|RQM14fMhhaTcnJ9$V(mm?tEIAUtKDHDJ#_;3>z*fv3p`S-M?@O7
z$D`UQn`C0fgT(S_yqN-Z!-VccCo;<fAx;aAP;fARIPa0N>Ci;7!_12t&!G1{yRCDD
zV>6`j`T{&J<|^Ib`X-{t>E$BSXmpkpxa1WVi%hafw63_LDqkOY8_$b>IT{+NYC5lG
ztYKR*I!d*iT)7TzF@0(i30+Zwq;xL9vjx<Ni;>ka4=rxX2-yiA3-rhiz;M^k_HS4o
zizIY*vYkif8yyBt`P&{^AHw>MZi4R9dRVr0Zh{Zz>-MrE{+K6Nd%g<gzMV!N5%q&d
zhsM(hMLmo<5#ri(+tl7L;|B}h@++|H@-vOmc>4(o##DBA5oGTEe)q>>s9S)2qU2jV
z8mt{L;v0C&4G8`3;}jd>rcd4?=L4k*m@&o+nK;0*#~Z0JhEh_P*pyi6tz6nVgwq>J
zC~TL}>gaOgfp%!xfCwRaSosd|u-DOG8^J-n(w=K$FiI8{68QdR6!YDFxQ1UbJTBK+
zAq{C2*e_7ZJy)<svh9{lBK2+Xay|~O#bL=wfDnLH;k!Hkfoh?54I(RU!~S4_@>(jM
zwg8E+Cp4J~s!qiMGM-)53}>567GNB?DQj=#Mh9ol3e<l~*$4jFN^aEax|e71ZhIL7
zzYCX@=+}oH)LzJSX4=*Nn^z~iiyTle--@#=)GFZXs;ss_JC^TO;>nyJ+zIXW5Fn69
zrJV!75~+{k&T>h-VT>%un%SZuwCfhfqv*EU$cmhLlbqDpoY#~kg=)+iDxaG5!}NeF
z@eW^1?D4!&>=W?3Y{OcwQCWJNuW{_n*lP0?2h6236}x<>ZsY;&e7&G~v{A_;@v2De
zLhviMl?eB*0#jbE->J6hHV{Oyid%XNT@}f<c)O>cs!_7CTQ9tKOQhZGi&IKtLh}dJ
zo5IV8^;mjK-0!TM{SPok!EYGXwDdDl-#W>e);C@1q8)7GyeH}qec8(&1Q|5>Yr16P
z`(vIa4oR)5+w|3z(0P>PD;Ybl&$Wr9EMpSi+kMj^?yl^KYPRO<5ETX1Qvp(0KXQe4
zgh*zMwhk=Ok42?0T?cc_7JdAo$9-Kh3bpPFAM2i8w2_~&O`8KaRK{ve6~5Bo@di}}
zi^=4@m;YD62tpojGv$(Zz8eTJdE<_hEoCmG%Z#rOmKF1LJa@i1i_d!<N7@>UY@#tB
zb&ec&zHfQ-WrR!!4p_osh`Z7(%krm#KC_FnXjal{bQS`p{uw}tD%GSD{|!Q5@f%uW
z%jF>tv9nHOi_wCsi~M?Ds&u>c{aM5UxW71ps>wG6!WU<QSUguT=LTQlGu?PN1bN|A
z+bj)^9AWZSBwoJ=AIlPtK}dmVq00kK((rBKM7tb1@Tt5GNx`<PX(lsd2E{tw_sj^D
zjt{Wy>qv|o&_@h9gbZ4m?L4Lv@s_-5UlzoPYJStp(AM52>%?xQi&L0B2Ip<&!n@-@
zl60V~4ls^Rl3+p%?nmIVv}x@9RQV-(*w@60P?G45oH(NaD+qjpbBH|mB@)HDmT?TS
zKYh#dBhrIswfW=h$m+$<koDC(b*`quL?$5YO~<h4)Q2A^0;Ij9#P}>mBiUF>9A%NA
zWxU(!b!K!A*CI4GW%6<FV5-38QVzt9&(uIX*Be-_IFLYt`}?QFyuVB*<F;H3_v;~D
zjPE=uC}xiy`Uujg+_{kuXRVoF+dVc#5-&$$1(Mb2QP^yJn+NBE&_IlU7a>#Fsiju*
z%9cRBKoG6b1R(i{H^cMS02^d7*qe!E+2%}$HkA5AbFni!l%hF2a{A(pdb&bKU{H6q
z#rJ65(eH92E@*GqW!?ljllnSYFMXNQ&iM?mu&K6=zykX|jOZgaEr#hLJGd!N&SsA4
z({?uVI>!UpINevxb5%d3KWq--<Swz9eOSVHZ8%+`qS4%O(v#ISP++nmEZ1RaiWn+7
zyo*{6T_m)~tL3XRzjo_j-Y{vEjkK3dV_7BVd&J0OF;@#=t}5@w;?&9KaRRnJj{Ybe
zV&9(b*CB2PPOU5Q9q@Gk1oM?F{2+k>eP<&-^3v9qCkFK#M)0<%+SGV4$G`*WTfn>m
z&le&g3Ee}JbvhjPN2qas$>5`8*46u_!;@-z)9X22oZ3K?14CQn=(%D#j#!v0oDn|w
zDC>2)tBWSD!yk_xt_rv3ree|@0C22#y-11_-)r1o@poFZ{+6JSDGZbU>FkJNwoN3^
zqfwyfjHN{h7715sHZiiwbXGIVyVP-a&iCc|fQV^bQKHUQtg>e|POJVS!tP>4iHW~1
z7N66iaKlcjZa5M_Q-%D!hvIQ6r&XmYa|R)?BJqU3%Q&O~))lGBFur09*O_PTC-bRb
zuD$vTJbww)C&P?LTAjsQH-_&YT65xAgowO=$X50{=hWY>@X5a4OVGxK=AiY1hqivM
zuaEA2R5|$wPSJjE?D{(Udi?>8;RjY?W`GVBUPVLVMxahSZk`IGhPOE1eXq!#E>=el
z@-zUIWxuJ37|~6uX8Q_J$t*jT<Df%}LgB&yw<A2~O*}uuxqy4#3?|n17;Wcp(C{qH
z=yk(fb_NL$96n6Tt+#kc@L|ka&CXp=zCGthTbIOXLZdd}ZM~BKj(Cr+-p~?`pKbM-
z`<j~p$$jfMV=i)-z>8UqPJB@ChkU}6@F?1cELC*e`vG_#oUsh;fN!Rl#nbs(V!H@M
z)6i+&^zFXggWs9QG9WzAX(=<qkMCP=HjMCxHaW#!V#lgEqUHMXq75f9HATWECfu?!
z6!`rnny;XpA7QKo2IWzSiMp2$Fv)`N;g5c|*lrA3Nq)-z;Q8gz8)pwpt@|9@R$_h(
z9|weuc}4ZAEeSWkA>&Xc;hC^25TV`B@P2igw2~IHOyM;9r9H*Jg5%rWUaLLI`*nR;
z&2Ea{c%(FJSA(9!%VZqalhOpfl?6gc!sMEu>Q&xQ_<Dbwc~%?EpvQEio(!z<V9J2U
z8ZJ=q3DYOgY7N5YUC&!3YTqfh2cn7>DCVF=D^$x+_qXBRrY&&)8SF;aat>^bt#=$U
zi?1xWZd#TJb$UtJIh>*|s~JWZPtIs46T{8+Ff<|{F$biCjp#j~RLt4{DPiw`nr770
zRl3_z4!@})lR~EFh&VAxL@>ndVw-e}vFG9XB&Jbm1M;ar=@+a31H(Gau6Dj4KZ!~0
zi$TQGs}}iGi~*?N_2r0cenR%b5t2kux8P&`5&{JZ8YJ5BO#n#c8>gg#6nx>^tw{0h
z4>XxYVkvZ3AfLBOfB8nsz@X!N?H5C3LYB5ma=lJ?y?O(JaGa05z$&&0#=BBb2jk3c
zDNPtwJS?@>_mdv-;+4TbWwF+RdaRFZSw^mpi(xc*u)*cDYO?)J|7)B`JQ(kN54~~7
zGInGiQykbVIMoSAVF+20!2+b{T{EpO&P{3?Qm;cvyX-N2Eh=<U5vG16QoKv{_ReU#
zFSqTocG1~?os=j`ru&n_c1DLCeePWaNCuM0+x_%Tl56<5)3xLyHQ%6EpUlm;Vaq@g
zU*Qwet)KSkY5d6+1Mxg@(#`2QmX9f=V*GV&Svm!CvaYaJldC0(sqLDjpN78vW$1R{
z<EWG_!K<ki&3b$P)6HQD%KYJRkK%wKUujFWTv3m*>VdScrC)PqF^n(lFOmNAPt;!S
z{+1@u@5cS4+0#m39!A`3`GfrS9?m@en4i&H=;U5(*?jX3ySw|vLP|uF9ooB!^SucX
znJTBlMUe^P;V6V`tf8cr-x+)C{IC}xoC(R2r)rZX=D0aplys_Zf`d^8d4_zp=I1wU
zWNZd~*fh3@it{*rRPj5V4+kLRxrE`2;~L=U)@pZ)LbM+f5W(*r6@JDT8zvI>m{-PF
zx~H6xDwzfyJn=d)m?*8!OIrprpfBf+Ix5j_U0^b*uo!ie$t|C(#W=3%6JV!^s3IEm
zlE}`i_rJkRTx$)6F>(Td1Md>btW3sZcUV0_oLFR$GBTokx?$H}vP`RPRR_t&dg>|l
z!8hg=8C{rR7!4C`O&34udq_5CTdD>^oDrnxNBUIpH}@g>a_bKTD+Ik3e-#MaVbj=r
zHsC81b6_&t=2$CqituG_c7GR85G6`q?g=E?mIVyrq;0x~+Hu0afOr5RpL)kN*yN{;
zc;c3I!*x^s;x&hlqdB-ndN#tkP4a|u`n|whV;vKE8qIAbAg?{hnDDq>@rl&Gu`)=t
zXEJo?h`2b1rN4ro+l+>_6YXpYF%kN!QGZn8^{*O};>n3ImVG*wUkuw@qf>ewrWjf^
zaBY08u2O|jwv%$d3f<jhTSbp<&akt*IZ`~n+O$tH>iS&suktj!&^&3xgM`Bj5L7}r
zTd;1Srb!1XI>iXB2WPrjEp{3@UC|2sgB6%^zl-$k<WU=;LBoC+IIm+XsFkKZl(0cL
z*X3m@{Q&#;SSOdFbQ0$ud<HCbg{cl~O;J-*V`Dr#{3URHo0GKHD6&|$IEUClr1*`3
zhYKwX@tCUCL2j_Jm1<Tt4M@VMr{>-L%3d|oJwq<ITg8u*Z%!`qpSPv4A!;K3uv*Se
zhqnes5E-EJ7)cEgso1m?(s<IYI3N>_Gj3N;<+xbByO+b)ByJ=&FD~rr=ty0bwFVp*
zGkj;n4N-FS=x)^>#k<A@*+kZ%EPvkw9_P#otU-1C)Pd++noe@`l^{ete|ZovWCAow
z<(n^kp`BGa>lrklV9Ab<cA8-2|5P6tL@R%wzhh${lgAhP*1BhfBnv-P$Lo6T$8IrC
z?hrWps@LTEI6qvJgqJ^?k8c1HHXO!vIJeNK7Ak6wGie%~_YM(0&bl6pf_}h!M+Z1t
zTelh|=E7>nlfi5<-E*%B&3)de%cOLCf$n9j4E=V)uX}7frOt^cPB^u?veNiSyu{ey
z{&>%2*uS1zW=oOkpw{gqZt0)>22IZyMXbe_3?9jI$f(VPWzgm`Ix6bcfn6*r@3;0n
z(#oo-)!!qC6F`0d&rXcwoVIcfGm@0;NXlRmuwpnib>@HZS@l(jgKX{AsNxDQvOFfa
zeA;0BJGqv(dI!vvnZzwrb|gIKjOz~#SI|A2Hc1dni$vWl`ki(gK~-ud0%;m(Q!p*`
zwiMqfP$V)r5p|DJM=y&$w<xfl*?fc&`U89f==|W006lcQV)P4wA;#W#hd?*{9@HO*
zSc7lPr<R2<uaI5|+3Z7#^Owp=B(avsIJY5TJs9>+ez%Y18xUTWF`GVY+Go0KbO-Sn
zg}h3tG>DS1oFpw3#V@U#n^!RVIP@0iRlHugD+N4{p}m)bznYEvY<WzmH~74eU*@np
ztYTaW3Wu1<(%yQbeL%Rftv@g74E3k`uw6fBmaMT0XKy@9^x_m$7EH^%14*$Vulw(M
zQ7PqTq)ksNaWoUyg*i(Pb1jpxFt9bCW!9@yisqb)Hhg{^6M32JkP&Ha_Yc!kmOAyk
zm(>U{#V~42w&NqQf%g{Dyc=Gis>DNOc2RD4X5M_rq6!~%h~Z*5Ib&OI(M9f~6QZ!h
z6BV%r)8!i%bibZ?!~{%cYrIWjwxmpEa7AVmdT0LemzkUqS5F2C%XHH%N@N?M^(65y
zL1<eu886*;)l|U=HiuhUL>#fw3OD^Yn4-@$QOkYf>J2ccS;uc~Jif6vE;1IHFbYZ>
zEjBSg39iRbDUh1YZi>(9K@vXJ+glvbxf!o4l6pO^N<ARg941mR!X6gqRD2>V<}#yc
z+-yTfp28^BcnWlGA4p=WKzmIlP&kytZdYwm_#OpMPqW(PKH8O3q_7}l<Zvzd)Z->N
zRrrN|#ia3>ZX#UuZ6=?;Euz?AU$olcw+csLyl+)G7r3ms1u@-86>(?b2VR(A&M})s
z>pX+WJdcx8;=C&KAC0##f#5GEKvq2nfrGcBeH{l<aX$02MjG^WSe{Heb&Qm=XUJKS
z{F2nd9NT*8biJk97$c4rc9`cHZHqeF&olB)yxRhO?BJKyF?{t7MhA`4+&UJ4-VPNl
zNO;tQghE+7m3Q86Wl5#njdzNeI4Wb`H-YM;tVmMDF~tud*3^CEBt^MMQ(?-4)ME=p
zpf5*x?MS2F4Pw|4tnk!oA`=l;=RsroI|MEIWlci*)#a_Ch&dl1N`ldrv6B9%z8KDR
zAFhzp)bJ|&vyr?6t#Px%1}4(*T=0I}9+z3h0rmyLa^ET`gm5ABH*v%Vt5>0nQ4{;R
zX~{wQqvUJ*Te86c!IXXEkAk6qNH7^2=7d~Qz0z%Bhcq4a<a8`G#4t^L3oAV1v?YC3
zHavaXV7+UQinX+20|UiqqKd>c<@J@8=hZp72?JAa$5$X5STQA-o^>*I$y^-LsLDOj
z7Y~ZT(YVpIM8+RW`~xd1<=Z`EqVvRGUIZ!gvsA7J&3NTKud%rCMNPtD$&N+UZ>kQp
z7H?p9KUFBnIzGp9Ta`uy=cd<|Gowr-?2>5U-90~bww|AwSn6$upf4b-;UL~b(tU|q
zy;^IFe9-EukZ3yRhApIFwr{;5l{WR|1MF${LmP|R$*Ljl^#EfMhk1P@``-0svs=@^
z(zR-!S@_X*(=JsLO(IV}p2OE}Jm@j3@N49k9niz^BB(iHi?BPLP8G!3g{bUDO-3kA
z_Ex_>52uld-*`yQ_)8}k5Q#K4oX~f0YxDA4ze&XDVW1YDc;<}kpg+cJ;**7)ye88*
zf}8ycEzn#1NX3JjztS`M+9$vk*^Vz8Wi#9Ql<7x>!(*<C+K7ENk~th{bw69NF0qcY
zK1=cUi11_99=nZsH7y{ok32wKhM7#`BqMmUo`{g-z(3qxw3gh$^Q(oc_-4Lj2fymK
zT1%N&z@S69!{M}R7HZo=3z@esiCY>qsLG*S#G#Q5Z>tukF2r~&_~bX8*$Ji+$vC;R
zJ1A!oW+wDDq?RxSskX|4t*kDcO(RNY22ie+X6+9Da&jEck#N=d+$`;4YqH%BHjFjF
zq``P3DoQ!xxk9!@Kjz{ifVb=l)lRD1=_3<+rzK*yWEAXi_bAgB?WW4#x1jW4)^@|R
zwN<FRt~3gs{Wgfhqg!SzI)dy}D!pxhwT-*feEKljv&~1l$oIVAZ`%?+FRFR-?`H4&
zI3kZ{l7{v%Tqh`#CU_7zdVbr95fh_RsZ>{5G$Wnu&7NU>pj<r7w!~ww8~RGCa`umX
zvC^>CC$X4nV2;4V&^CAiB4P3krAscjramEIv*SDLj7!pYV6O2VnLo$ua(5DTV9_Ru
zt3sVnFn?JkS8p^xs4^K#!DYQZlrA5y{M#PQwcraQeSLA{vo8y^%e3=BKg7j|Gtj?I
zl?Xj>pCW9RvwHnwe`pK-URz?W+;E@(xGd>uN7%WM(^=G(^0%vNn^5Cc0UihBTUHa$
za$2*G?XsDhboMHo%huUWR){;PM4RCMk6k86d~ZPxCqK96-2}yl+lzdyrh5C8RWa^i
zw+RsZIi5p;>g2?2zg_xE(!G<%{hDESz5vm1C@BuWCTsdaHz4&e-?(Hk_N}$&yDM22
zTxJ8RhW#eGn^v|j1Mx+shmAM<r(MEJM01Z4F(8zWkybdMzz~oy&-<t!tIQncsx2EL
z>|KTaixI?xfbtf6YdV^ud*a~@c|#2nA=Zce%x6zG-g~4F9xXKV+$n$7_u24(()@uS
zAYN;`@$UD}&w-XlYhx+1EM0i<TnE6^yg)A1wbF1v`Q4|V<VSR|!B`AhGRSzW7)R>I
zX)p=Pfa!S^BWpJYB1+L@xcGQ^*KIrA%aU7yZRVYZ+Y6VHV(iJBovX^Yh5Ek$ga6#W
z(?RqWq%a+2ExPug0F7|lYF@o<u2iMtkoxTLM7@s<43eHN>OAVx%~tv(2r~YHpiwVl
zy0<OYq8~FnZrC5vaF)jBhIaXd39;XNs*&QzH#QU)v<Zp8qGm;r1x(aCn0K~G9xZxM
zxMl|+8;VQ`JkA)%$qmHQZ+W<^D(#Ht8j>vn&$(0A8Z1`bdrsiw$5W(!!4p&EipgQ6
zX}xp)?SE_!!a{mWjbH9B4B#~`=7K#QoDC(z#Sa*6`j(50UA9A<-W6zx2&*yFcFI4M
zYWR;9Y@>kBz7Wp%500!l`%X``p(M5hWUnZl{@8-@mN>4H;8$<Ar;0T8h00qDeP#XL
z>W?co$XSA*lXOvr-emtgsqcy@iEnmR3^6S8M<`QfDqp#oxA`9eg2v#9q0^UVi$nzW
zP7To{Hupb>q~~W&9X#~UwMcER&r}li{<hg5EwVb}B|`+G3ve^^*+}{_o(XogO*!QP
zkZ`E9n;T`mX5qHc6P4-iXp4uBZYz)(o~;*uZWvpqR?1(9u%vT&W4^}iurCuOi#JT#
zu0*N(Je=flI#g`;L&(?dfSo+rdbEGIb&yKq<tox@3gAD1?EvUO)cuDZc1!gMKZIA*
z*3FQGpJ}@8Mm}Z%Y(=Ag;?@7Ss|wNKS)(sYBsG)^Y+vuWJ~LyY1M$Q{kkW5h<q5be
zYuum4W76lUvT@mdO0xs#@yE#;<p&&gS(ya-B2BmR>oR<rPd_EB3SlZJW~SkN+yhYX
zhRuiLKh#)#HU)U&$7&fICa3cdp~+mkx9>XDYy4a2qS>reBN7C>_;H!s6HT^4on1fv
z+dlr^Hm+L*iAN>oaJ8IZcY1RW32{Z3{&;hdK~n}m!6D}@xisNc%0p13ayyh7@L6ns
zn6iq?4JY6kOJe)gCCX%u#b8Vx_fEyuOb*AN&GPq8WfHU!+x_k*Odfo2t0ho)t&w{@
z-pdT0R+w(U0XT=u;b<%-PcD_xDB?Xn-~U2oiP22V$AR#x4fmJ*WZDq+K*Cc%^G#j~
z{+Go@7nbK3*pfzGTx6RI_@Wdw3<@c#oR{lnz;gv7mQ37{i(ad;6aUk2PZ*v&$RIj)
zY$D-7t9x38s4`m!08Tm-27^Ig!)i1tEyQMQUtmzmyzvP@NvZ^HZg0lUpPRG4t-XKw
z!2u2FpVKzmbF$V`@X|bgU(%405ddnL*^PnfI+6sAus&>hYc2~j-z$u%zpQpnewW4E
z8cr4mS)G|=jRDAaWx6F53fVoQ4K+uNpOB5B)l~0bWp#XEms}75XoYXNRPBpkB0ZJ?
zXgsC)v!l7X<WnXErN7cP|A4Dou^_#L!Fkaj*$j&#h^(}3c~GvDWh6q9!2yJrKPr*d
zAfawFyf|qpw`0aoGP}}mGq(KqL+X_tcaFPLRfukZ_lx4cZ8v*`qDaNEc7cQ(@$A^<
z$IaQ+D9z$1Zc;TQ4C281=`Lx^Z2l&XBr#X%Lhb*e43>Y15rd&4HXlol^u=$;<@}Y=
z7s6z)M`6{_cg?S9v=mc(?@tHNG!zUL7Q*m2oYSk|8nGDI#3Be6j2cTevdU1<djJ~H
zw*|EZPpi$6+2x32I%EIwFBmx_wl`t|y#f;957E#!3f1T@JLD#pz43^yF}}X(X)XF5
zp9k;m0S}$D7P$;>3H&<=l<|_)I$)kEO_lb$I|h)*M+nC%l0QKGk3$zF{xC=&@~(Ua
z4G%@$y`jueqD$mY?tgvf+Tnn)5YW56T6$|}x3|eYRdB;3Et~gWe;4wipe~z;N9g&v
zu<R}Hkf<KRCA>UXCmrs?_BT5J?<@%93y4KJiRVuU0I*w5*eJZr-`A)R4hCmLSg!y4
zuh3YKHuzc3aH|j$;K-41uY}Aq|NAY!f`O4NkI(;D!G++#-lovDk;&gRssBNwMCW<@
zmC^qPrQ%KO2WSi+gsA)vu;uSJf#d}LUtpL2zcB>SgaM3?R*$3p`hP5Pu>h_4kN19F
zaEReaz@!U)0jVhDe;m8icqQszZn^*e3pBrHgvQS*K>07%$3MSU3e!2bfBy2XBY_u&
z_d^J+=k>VcWegc(_JM#*OG{If23Y#7XgaUJSWm>Ydk%<=o;XWj@D-w|4Eg8h>J@p>
z(q@$@GSPraM9oSh66i=)^WpxBUG|4eVM*UG{a*7XAX|V}2Rt90$pUIo*#95rKTneT
z20(Z2`gy*x13>OS)>$8{XL-Za!|2?9ebQDHaK%-YG(wr2{S_Sl+kYT7c|LK^Zzqc;
zybPcXR--{x*NfdxXg}lDe!4GrE#{wrfLVO;$q)ZJ2jG?7#NVF3S~v4bJ#C*>;0#JF
zJ+;qY{#B*Veurfotl#c_YTC}nUnS>ez5sV%^Sun>yN8azE5$7yCo8yFZnLg`KezZ~
zXjJsq1S)M;nLp&y^DH%Lg8w)!<pl7|M(0W?c8B74#K^3{ia>+rPOwC4ZtANL3vA8P
ze_mFCA4G{&qgh+fSieRz)kaRWNX%&mK4k%9a1?yBjYW_`pKQA^ELNmZgA#Hzm&>ht
z#Jr3N7U_XBDhYUG%%F%1hXiKi)hHcO05iU?_k7?s9E^<$!KN{)=zd1aCkvFuF7P<E
zCkrNQwZQYxniB^hf`EtKC>p@rd7m4clxj<L3ji343BVPfcvKgIfuy()EIK{%sI`rO
z1k*p41en2VakOgD;L)&5H-B%qRs7jLX)lUajTuCwyb%k==)$<)iFsSIgIaHMLJEpr
z|B%;oW(Xa9fRoss8Pk6*vZ&tzUY$PB7nB(_;fG6Jf;$trG387UdO_B6Iyqz6|GIG8
z`QTfncEDncN%kIzaF4u_EB>VkD~Q0Ai6RrvI|e!3_6pH0`>2C!7NNPH(Wmw5qLqld
zA%edGL*+J=+;AMe?rEU=f>DiOAw%iK<yWGV&z!PUhm$U!s*%?QcEreR){7~g7FXG0
ztlX`>xAAo9<ArJ!R8DF0@q29#>j!^o0JF|_+v@Q$$F!{ku>jLt0}d5;JKOZtTUjGp
z$B+;#YT++yUAd-8KgQy1HB2Xa(fL=4mrA{#g$W=bItK}dWwbc8!DR6s=9$nxwQ))a
z6Y43a-pKHV%J+P5jrIg6_GGrWJjh{(Txf7ge;<l3HjqH4%bYkT{s`deA7tX;HlL-(
zfZW2gy;HK%;KW)O61@&E>#^WA1+Y*`p#mP0`<vf|Y9gngq)3k(w{E@(c)Yh0cus-B
zdgM+A5C1jRdkXWnG#?8k%JjSPz_+E;;wdn3y7Ap~cd{>fio-Gz`d0j3H)S&}G`(i6
zAQT)@4(LEIBoLw3vQP+k6q(X&P^esvmmzcq6UZeosGnW$J~q#D@V+0AsMs1r$=7Sz
z;PJe7CbXu@>F{!)c4~xC_dxFo`px#R3k_j1EZClcunN-Ya@FjxIP(1i4U0zRx$N=*
z<r&NTsXs%RFJbTO@PUVt#<H>NX?<q_*fR{Ookz2Y;7ygpeGdcuQ@NxCj@jkI)#CWd
zfWXr|8M)V?W=SAUQW;QEFuPb<k#J50$J2jqzX{l!%`*R3srrRPXRSLd%4F2td-7|J
z_x<_qLLjJoX}_Rl9z-0NjOS3ZI_{fT&mJx|1wPJH245a5&?Pa-sDCU}{jOZ1)!|oB
z-ASifN*qQcpgb&McN2sf?YKRvduusHIz?qo;&io+@i-w*kni>6U1_rdxwR6AIwrtj
zH6A~dockFWmo?+L7z8IV5iP)}4tWtb=Py+QaVJ@+?S>R?Cv*{`yyMkf-LqR+Y#P6d
zRG_m(Sx^sU>3bFpn47o6A13j697EY3%M{AP&`2Pw^aeP5D{qX|9;2qg76O&3+4z0-
ziRVzqYagR^WMK}PE7~>lQm)lZp&tiJEdu6Vo3kH<mg*h8y)TE|WJJB~@JAJgL42J9
z1QEfYutjfh+>r{yWy@OfdP;q~-D6;{8<2uhHTS!=OMJ1oF?@v_(;Cier`KCov1N*G
z?u#{?ZmoH{st=5wn>M`FlAl|wx@yBcW!IB?t|HC4ep|YiznaSqnGB_lpkJGvguHI9
z>KsUCAnJ-BN`HL3%R!C4yq~oThVy|vIkwqq5v2&hP9S?EmyVAG%p=tjkTj5qZh`gY
z8E~${N~_Z8iAayMJ0r^J>zI>Cd?&19R;$y-Ylrz$WBOa+3h5w;t`GbyK-xESD>QvG
zR@4vX*b0O?x-Eup$4of~@yNtNBo27&Gt5AuGD-6hVEP5w3&kD>HrOQ~AF}^dMQFo7
z0(a4j^x50IAymtJ!-4q4InAH;)B{fXNVBE7BI;#&{;K(5ge*xfF{xSy#MnneHfXj_
za|iT(|DI=+JT%dqD-#jNSrT-cs+3fE*G^vcC8pc2EI~Il@MVgClU8>=+^j1tLWDoa
zVvt^9yO!HEnnW}N;nPW%hqE;Lt^6LhAFB6fX)id^X*H@tl^>g<t&TAg#to&uvBh!W
z>#qXTd8`W&8(~2I=jr;>)ll;fK3*IFqro>6rbeYHslN6%?{#kBCnN@upx=6@+DsRJ
zE_jF9p1`7;ul6f1V)yFscXI3Lo|lR?_fo(G-uA|~1V6YPFya>;%oq<SAcUW5_PEP;
zso0E$-L>GQN@Vly`#g8Pv+g>Q#z*a#!pYx%y611B+o90p>d-{dGgqIc=_FDN!~#H8
zMOt{ooMTd!CCnanw5boRMPn4dZP9$4BAHet8io}Yf_W*2h7OlA90{rgoFDdAho8BY
zI>`HJiS?&W&v%qUu-KAn2Ape2T3<u5h-;h%1yk;~3}KKN$pEyK4}>*`rue^=i2N#f
z_@2@q(PZWrJ?r4E>;Tnb?oYppC1XO#*8kTjU<Ou>&gpO(d(A=h=~O`2=vP<wo73Gm
znnph|jE#|W?f9Tp8mEXuzI?`rqTMo>ams2mvpW%uw0UiE=$^4!R>d5Ncn2L-U)T*u
zXv&0ALf?5H1X5>mS=S|fO|PC<tlc07+{Up{mxzttHvz+1z_U|ix$`Qt*lo!LpZ&>N
zB1b(VLgPww&}%2+hZSsGZ1g01LrmDM2_7atfT!k%ip`;!=p8g!z)_Nl2g@AxEw~7$
z>{$$d7$G2g(Y~R95I$EazkkE12E3&MRMKS+x)o0_o=m+$FC*~T6fJ_0Em83G3iT{8
zEliLl<KD&1-1vl6n$3nx3p_|R-JKg%G$cV6eGFcuFet*4m>a}l$rV9)GqWT?NYw*k
zzmF{>G1TykJ}(1-Um?R7!Nj9}sbw<&{wZW)N5y$H;WsXc5Grum?9u1wd%r#k3=DK*
zuCK9j_3#acOAbPcQ>@(N`UWmUwI1FrLoghqq93&bI2Lf4K4)NvJlfmFTA@)>eCmB;
z5SCPxk2HdIlZX6%_Ah<4cVtBC1>UqjnoG{HO+i^=rS|n7;crS2%((;bv);@v6cgUA
zw5+fh0t4=>BbVTi>@PbRZNB+$OKt+|*8GBBS;PxC^nW~&e=%;HDA+FF(HZ>8aNdmE
zr)u^d=Bz8kl=<#mBD-Z$sHuKeh@oiIn(AT&mQ;vZg>hf!4N#{QI2O&FZx&4(aJyp;
z8V{7MH=aX>iwZ*1s1$Y%NLG)g)Y(x{YiQKD3@Eg4ioQr<S_;t~zpf7b8nTpSh`6KL
z5rC4-nAvpZk{>8urvL5bl5)oG@1GM@=F_!yUT8(J3h5wAKuv}M2mxsmfa4EIPhw${
zWC~|lPKQ5OtAi+w?rTpl2vxnzrVA)G{qHUxsKtaS7E%aubi50ya)4djW%+wFT}I^2
zyfNLIws)GnKe`9Giz<%3GaKf}G&)zQl<*7tWXuBGlAmWC7`&V2O2uuHx>@=KQx0+n
zr6iTbp8{nY|EjunzIxS5bGoDP{aHKFE>z%ifnAQf>u$WlcyNE%0Bi4WTuU6l&iIjv
z<5U)}a4&c1U)447I_V2((ojpJ0TN?6|J=A02Xtt-o$6DJIHEs~R78>Vy=v@geznZ>
zaY2rc_yV3O2{xGJXsn{Ylxo6Fnst7f!sA!t5Eg-0ZHkprd=|vrmo#*$IXLmMC#zlh
z)-zp0W7|u{Pl`O30w1c8l0Qv7g$ti0Vpy_u-u3>e{V6W?6}@$JD1GipG*QyV7&(-L
z5yv8wO-804C@bFsI4|45d|HyR9VwWQtp1CXZo8`kTSWnZ5en}O(K?97U|tTyn`(`<
z?vKlESU3#f5OsEj-Z5SHnOk_}3UpO9Kfx^<_p)5}yyo@06XEH%m=tCo({y!z+pkM3
zuHI}Q5?-55<b5#K8c2xaSaH;+(@d%~H67fJ;xG5rc*J4(p#&7A1w1V|rH%)1)h7Y$
z1B_1RQQK!QiDK<1k_p8NCflVewpCck71d7#sVO{&C5pMsD~2C)rPw@4JfrWX6RNVQ
z`A0(Q=3w0}CiecaaGjzt@_r)Xv;8;-lUl{7y#K_iWFrTjk;iD#3}keL%^4TA4w_~;
z6%L(>7*uG3dZB9Rych3?beZ%XYYaLW<5(j+(6^R;JgqL%(Kjcb^;FBN!p6q;xZ1P_
z<i3}Vr!9-*?o^3}#ni;y_ubSOdNU4fT%cLU+~BC)o`lU15nzJI%E4j1kn;$2J3tFj
z+~$scxbyH%)y*GeF8>Qzi_r?*=Ul1R2t?-In_Jx%zZU5^Ove+C+p<3J3U(t&y0Ujv
zhHI4SKxj$VL>fyFesjsllst_m@!DA!Fc0W)U*Ik=YUIQu63GzOZZ~r*8LAdg{7C72
z34NDFFw-KB@32gvHwm>EQaErET%*|96FJ}b-gYb8(hnOW=*P-@XPiwelu{2EO~Pw^
zIKp!#X#(9sEExO$vvY@^g>OB9i#G_x<%+I3?pqDB(DlIT{w{ET>??~_>JGbxXHqu!
zM<i9iOG^R;Fm8AWdiOqt?=H!KFlkjDBId%%$_nFP*?7we{w%DOg}d@=APOOAhYyk{
z%HA+i8wRlnR$#;%tFgs4FW*c_5sxM_-JH>E5$OAJNe3G{Ts`C$+>%#>3%O)Cx~hQz
zd)tk~?01)kF&;#rHZAxAWuKYYgVNZ}1emuI+?&Z|@vFVqU!jP*bZz1g>Y$<dbY+FZ
zC)LSBO0`Tutq&(<d_Qx<3}+rg-Cx;AW=|ZLwEN2kb%Aened&pi*5WKAo6P?D$e+h)
zKZmRFJ_{oGb_fK!b;nezhnK-t`?p_ykWQe@wcBUW0mGn=74Kyi6-|;u#Z$th%lMJ>
zr(Eo|#=tz?9aG6a!T0NVTPTKB-%1?%fJfx;tgF}F;HWa16lZV8V|!0HVfLfI)!T|$
z@<AdJn;=LrIQ(*u2|F46Iwb}u_#gw%UZK%10nxnhe#$htjedr&GO*0OIzMGL4IP%F
z<aXGlGB02L&BSi5q{GwbUYD@v+%j2gQCEI{%)5-zG{evbMIno!C1R}n2~H|gJ?LLe
zARt0sKoqX1*IQ5{6S5{^4QdcWBM(6$_zbu>Ke6+euyEALFY&LYSdp8rmR3T&>a(1y
zTxqhDmSQzt8)r5g7zM3UPKxbP>??+-&HELrr`eVfc$BB*T_S$C)Ab>mB>EPafTzLm
zWgQZB({^$-!u8>SfMrfpEh3T`*cXQ3I`XsEIcs#`A?0zHg};eMH~s&AOLtvZ@WJKQ
zWrXUfp9pVUh}(XD`4{a&(y%5xFRvbK>ub}6Jhlc(>jSAt9UQn+)H}u2&LP$LokEg;
z1^Vz0)cSU&g_i9;BhTX&B~L+H!+~8|JY<!BO-8)lFT?Xlv`#UjlZs+W2Lo%<-Y^1@
zzONt@I7l0|@KIBCh#s2w7|0ab>uF^?JEHqO3Dy7EKY!N0^V0@v;v_Wd$PyNMAjQ1b
z*jQXX_`cfxZ9wCN^O9qqvZnF$2SS-QLgN;3!55CIo<5hVfxjq+aO#y;M)SPgx#lKu
z=h!1FmaTS8e%ljikGbf+-A_Ng;b;}8m~8y_;fD_z<gu#>=c^Ohsz?;So_O$F@K@qB
zh72Tsq@Ws6_)c7KSy<^qA?a)Rj+G(6Xplp2PD5lZnOCs&*joxSiLK*%@3io+yKmgT
z=?VXSTQ8BI(Msa(%a?sX6CL7!^f8(#zNJiUs@3a%V_SrCz@}01-*y-;NWp8=-!GnH
z6aB9loG>oru8%;@f`VnlUoW!1t;5jf&k*b0pC56kRM4O$6d&-?e*IyVXYgv~<Q1#=
zu=`w-ae9X{3B_oQ(ST6q0#F%Wo;}q4T?@uW#oDpKt!XT;vNvUI&()kA6n<Fa6|Y}{
z^2b>_tzv8V52E92DB)4i>!%-1ehd9~Ov}J|akO1b+GK3i&~vcus1N1IAr^)3cHjty
zQvw0CJwRL+Zj5|;<N<DHyKHSZ%k&wvrGoSh0K+RmUv<P=FOtz>5$vCzYBEbgTA-q<
zNslFQVG+pQhpo{ex1SIak9mCBT1LCs_@!bGTpr_pKAw%pnvK?S@wuMQ*wQh|31Sv&
zH5^*TI4;HBUG*t>Qko_t<~*PeO3blQnwmd&=WsPFJ$?$$cB=z!58PW{bE+)PULD-o
zwPe$h%PgX|xE(mHu`-Jb5`l0oZyE(CHk5gRs|T0JNjjnSYj1V-mpu2==#-{`54rOo
z5^92FB3@vPQYH_lVzWN>iX)&<{lyC^2}x0*kLh=)jFLRMEX5aY14iUcf8S~lAj=>h
zN{9Hp52l0HZQY?9>!)$Qgnrqwo7t^ze*qRqJRT|~D29D0eeXk;J$8;-<Q0G<g*HqA
zlwBA5i{C*dW?F~!<}Gki$g<+Q9ZhX;g39KkTVsKID!DsI#v9F@kdGyEV_zcwLVXCd
zN2ZVMV)R|egA&FgpEDR6P0a(-=M+z}#2_n7yco<UXHF_3`r=8d%$0w<i+lG*`@y}^
z)B1*sO!n_b%YX)t*+Wue?S>rfp}-J^D~x_Uat@uW=4NT~fS#=G)owIpjgb6!^J9Ou
zAp-cx$^voF4+0)1C1BURSl+YGZuBKnO)`O=E>|vYT%-161GMA009}5y3WjF*OqpD^
z=Wnb#oqbokzKL_$8f5o2a%IuE+?-Mz2-rv%IWH{4%o4mH<aAC1@+*2Z3y{?N3|50d
zS$usP{x+~z05Vb_h#?<NYx0uvctw7k^sopNZ~n-5@h{g$XjX`cRT2}iXd{=zt46hA
z1Cg;NawO@Jqgo8_K_Z9z^R6E-@K=0RU+j!3@2^F*cYH1;X)59-LA#p4VjtzVTxj+^
zI*}H>D>vv9MR)0#bh|oKQZI(uMQO7Dawd62Dh`hRe$m%ZZtyY*HmGOoePYJLDY-yk
zqtG8qO{JmCz>Bs8nk49o+_&<jOa_Ym!+6;m)+h*;C^Ch_8Z`$Q?J$VPT66{L4Nc_~
zquoR@FEWZEN&OKOC-W8P%F+b9<lt(pn_M0Om<{_S2oL+{bh{C3=IhK+fgfg!&gN}m
z74CQDoSMm=pg=IqRM~#?g^LwPpML17T6_D5HP38|+iTjrvD!6|<v-NtF`gembM=v#
z@qx?k5+BqI-lHvFo2usPJ;Vn)Nc~V59t0c<RpY552nF)idY<xtxK7%Qmv^3GpG{xa
zqopMWzc2RbdP7a{&j<EfhZSKMgEg)7K)084)n&odx0q=jIuUM(Y|=*7c=^Huw#&o<
zOHcgSDZFjbz*#n1J)SI0_WVJfNI-IFWbk2Sy<kF-{_@^iu*3aqQ`SW*^RrY675aky
z&>!G;LM0h3Ixaq#4A0ZPq<Fmb%IyL7O`&>)@}jIW<w>zjG-sKEZMl;G!<Y2VJ7kY#
z%qu=LQfCFn$*Zx1<HNe1qcnTdiEFBX#fGl2v!@g<4wMrf&_Vn;mFZb^OG;RJg-XPi
zbsTEVyBLe*(};Rf%~ex(wA%EnC~~>F$@kmwDY{bDTy(~ES>f|(1W6UWG3H#f9=)+C
z&%^H8C#nHw!jfY?e^?gd@O_Nmvu*<%S96-x+QUTiUNR-xO>0Ai9cK+Jtp1x<jEk98
zR+*dtnJBR`dB?d;^o(@CV@Ai5q)xw}%D~IMf%AYyiVh(2v_H9N6>z+6>ySH<|BeK1
zshO(e{&;E%a?8mXgvos1(tz`#ZFj*s1F2B3G`>hx(qV5h%ep`QQW*wG7#0O**f&A+
zW0tc5LNf4(*0n_UG>9Nrdbc+Xi@YtZknOxgjxJi@v;@I>Eh&QVoeH?vX~3e&;@z>f
zG}>*2=V~I&2;R3hd5t9f(B3ACnfXYqG@eISAvQ5pXi7#x#)xYEp(Q*gnbnZH&fl>j
zk`<|*ak-MxwDmDzCEGyI*Sq5-`z*J^Ez;{%?{{FOWrs@Pb86;@u68|u?N200jjX&v
z+4T#V>DUBbkM?U71!Qvx+zwJ;Tcb)RnnndBWSHFYsQH1_W7C2%-(~yNwB6Wh?qvDR
z)qH?E^9+P1jdJm(?4*(+XLyVKjg;9!`S-~SFsPkuQV|I07Nv%XIhnP?w(+=91hOG@
zo36f!tq}xs8)6Qt`J5h{wEnv6atfc{M1|(Kd{&UTlBw#wW58weS=7V)p(Eqv6&-R7
z6UG(YWS!bX_s9GUr}q1m4xj~uoGSgAubZXUH~xCETug~bJq&vuwI@7X24E1`+hf^?
zIBA?NxL31D?$+Z2-0x*LLE4zc;Z_#KK)%z6RV=Hd-jA!vpQe?L3$W_t7BCz7!p<AJ
z4&Qr&fasQD4s0Ko&JBVn)ihpDsc-T0KOi1l`(6-@bTM?iSA;EAsx(nBTu^>+t$LOY
zG0*hyu^wI}#OfCyrGHJl+f-9+SV84>T+PveVv&pdL!@34NxL<yEkT#WmUqn?)Z-`I
z0^w^&9D$JXy<+QxPgd+;&h?<l=W41|NThFpjBBCg>gy88FO$h*l2}GvNV^LIVF+ks
zpXLY%zT3Byx{NqbZFg{f$Rm44zor<u8syX}jPl;NmrNIGjQHN`Pv(8H3*LkG3f8$@
z%hwjz>_g&(LYt&f5KcoYTQvzk+!CVH*yFHTy~CHK6g#&1GIbRgflJf*$`30Z3Y%WD
zk{3ICk&c+>GR;esAmb5DrhWdQkOaup3_{;9tv`HgyhDD|E_y@eO<uAEoPeJOGSV%h
zY5GE+W?ZekKVEFzJ%R$Uzw>C&V*vG-r6TI~e3w3N_q{s)k}dw^pN@_N;c+lWN#}ao
zLNvUn(Ofr8btFyUFRr*_mzeWn1*L<CA$rq@#8_&)8Pia<1im&vFe8$6`ezpKjC&G$
zu^Coly_5^dJK8CTQ_++t#wLLX%K%bKGA;$GqkNb~#cIFjtiag=zs2*G%V8L;J?g!+
zhClE_wXvFuA<^>zCIJcPihf^44h-ktef~%lhlxxnBdQb<BxKdW!x0^jsW%w<XOJgx
z{+;At=t!u+J6(I1X(v8ofrpU^JH8)w+&{Kzc6p!f7Vn-Go(8m@sxIe-lCAOR31^nH
z6}3Gs(vRKtDr^t7X*$x}4i7^%XTGd8twil))q;|1bfNo#=PXo-FT&$;mS_I-Rcseg
z;WQ)X#`>$KOv#R-X_&3s$65)Go8Jj5-FV&Ck3ETyF0-XH?O&Dz=3;BZja-t~?oM*=
z@TMXxi`3pGcwVZ_bmLOm4dFUYMu}fvuA@$2(;C)18fdn@3mP@H&Q*gBiNcwx?faBx
zSu@N2HreWPgEQa!#f00$7B-&p`nPDg*4Rb95!67Uso8JL<`F2>R!JH}c;6vIjxYGw
zqfL1~7^^<m{K*<Y4Ku*S7I!+rvTE=!Tc&YSbjeH8s4?3>zSH6xaTpNKY~)yKEZ9oD
z&m6nT{#8=WFf6-p%Xz#yAaip^rDIv=GzXPu@9@&YReL!wBa;96ID4ntgqdJdLFa=(
zWP0-IO@+88I*LGL1xL7h?!##5yxA}7?+%CZE8E%i{!W80eWKkWsST+@Rbdn`vJEek
z?;>rM9#8|u^77+I-D924v0Gj~+-W7!A1!B+&Fcwr&%bi|UOryqG;$8-jWBh!H66jX
za@EVKWQ!uO|KW+a{qgSmM)3RHsLwRo-+m7TR%XZAGT87Hsy35q-gPK=3S`@7G9t_D
zd}fkN=RaAOQA$bjW1807nEn_MBM*;_jEf=1Z<>loK!o79SQkb!gpEqLIn}l1$eX9g
zJ$ZoL9TxH7WbwV^O*VA{m8qt5N%A=7`nb0z{xlO&>3c2y$%L};tn+l6`>PH|x}>d*
z^ugLu2ajVRxcc9SVl?qIF1%;{yRSBa_vjbNZi+o<*Het$FEb`nT`q4NAAj-waUY2{
zDHw8iQhKbjZZ;ihw2DhxIdSJ_|HgOKE#~2N7sy>$4<yS@9L~kwn$ZV!Vy$mx7SGq1
z(y)&FR#Y^1LbM~4<ObtDPF>ujX~^Po(AO7NP!`9L5<^}jeZ9^3y|=5ha)#c@HoSl)
zyR$MtWMx@l`56<l5SW`ef2;r!k3_s#Z{1^xg7+AAqY}6RUu;!%;=MC{8RTd_L0_0G
z6@PBM^~OUyl*@jPG%yz!${Hc?s9J-@$L|r)P<`?m>z4%6=?{UYbdJt1TkUk=w&QQw
z=c>GV!Vj&2&Cw54RnxbnW4MiSk0$!&ADI0a)@rZBV8RaE5wuODESaK9WO7UU2F+L6
z#SV*u_S9nOr)I>_UA)G!YTw!OWJ$Yvy4mU9UX>d*H`*mnS)C*rOi@6VR+=o58dO;2
zp~?+nCOh%2?|ss~qkW0%bN6a`hM5L&8rehjx*x=#UEPGlttctw=&L<sbfP|>W!oRR
z+guM~T4EmMWJKx(yNwmT?@b^4{c@To)>U)slGSM;KclS4JfUNd?wp`Tu|l&@CraHg
z%&2&QN<0w*-~WJ$OWXZM?DpP7X0=^RKY5SFg;tqt*BjPF@n?)YxCNx^ux)DYFBgG-
z(ihrd8`j$Ftk!xeRUQ=H<%S(Mke=Ro!lCBzV}5G}6$Ux;QNya{(Dgjd#S?|2>)T!|
z>?0l)U1cz}@8sL^`D;p?Q(XvY$}1E8$M3UouAhwwwPif4jEGvYe3ZB6wp{*XcGMfA
z4%*l~>YV6}a4%I*#M4bb0I_wFo&upsyoBnj0{cxR`G&h447*_3Pm85@MHOmS+27bl
z_zEAa2U9i76iJrse#O?)bLkThLy~^jLg<ZF-ufj0Q}`01S!Qk52aOK>X7tu=`BD4{
zANMyE>-5a@`K(<UYK=^yMOdNEl<(qB07lO!Dixc@Qjt-!j(|!8p{a*V8sf;qA&lKf
z!*ol)Ra5D-Ycc)#Z0%tWM_rX~!k7IRv<Yg~Tp`KhSB2UN+rGao28=TOJrt}Bkx^-l
zN}6xCMj!Hv!2|F>0d6N|EKio^$of^pHzm#5BullrC;Tv^+I0*~rY}ySr*XjtUFEt<
zIkXzhgLrOKWD2E0Y;3u#IAuj&V)i5Gd?M!E*Df|OZY`XzqtZ2qvi@`w7^U*=bUG+U
zBwB4&&NQxl0XGbSs#pbr6wB#iyT27l@ZG2in#!-j_AV6?4Xd);k<1jM{>)U=vXTq=
zWQ?n$<B&R;hY=iVL^}5*HfaLvh&I<C9xZxA({i~rCYdsuvEu-bSnC<vSb2fZyA?<x
zk(jZaaWn!>h8ExG*yXLW_?_l6%kPNre#OXhpM-o@JoLY8sJ5e^V+peuIFIUjnI5~|
zgFOH3*Sq<iT8^xIUEOxlBm+4Dazp6`<AMSA`<Ocx?Olgd7k8%r>+Q<_q5A%Rma?>w
zeI3~uO9<Hq$-bo+*|Q~UmY9sCWQj!9kdP&155q_!>sYf)jW8(tzRfU<?R)$5uJ`BD
zAMl;W`QiRB=XLLSzLxWRo%=fXZ0m*%2}hQPs2Vx%jL(j=qR$o#R7ZyRjvssU2q_b<
z*~tjnKW~j^w7|X7TM8{%8U1{i1~;13&pNC>dJgX|yS}7o7dk2k=v|G*$$Rxnzn|$_
zEgr)YELREw`|--YZ20V*^#v~rsGO17cFG1&SIo_mYnNl|u@kCESk6>*PLjk&Sbg?i
z&XKvdwd#QTwrt(i!v08Lx!y5hM-6vc+ZI+UqTM8KkyXCvn9&?U6<BnHt)R_Y*B5bg
zTD^N#k5P}5>&zhLOey~9ffRhfzIv+koLOJC&)D2p(7;m<bj@WJZN*lh$WRtxxQ?S4
zWI-rqHbQc|vq@Z7BL(g(8fj=CX%tu)rOZtEsK&kua;KoQM(3$gX4dtKd6H+!gIuke
zG>&}88cCzeWyhF6F=|cGU7hmF?~(!|VvPtHZnsklFo%n8c8Z<OcHtzE2FUz2)D!XE
zb~!VjLVg`G$K8A54uu-u@z^nMi&3s&{ZbD&tMH9CT@-aP?sRE|PAYBERUoW>!5d_{
zr}KO!V>w&OY1OE<6O1o8)J-dO1PT@R_%ToLg}Bo+*;lw<1vDJ)h#y)fanLYg%2y>&
zqQkO@IJIGATDJ0USNY&*>wx?cM_f)Wi|OtHp-V^~x2o81=sXP~CScxK4{t(?tb5wA
zt~j;H+Wu;)$jc(a#`P3@d#}WyMJ0TasDt-mHTAwT8w9`A@(=4J*OPGGpj+Qx7l<Je
z!beoE**jk=ZWUIp&UaRr^aD?RWX25LpuB325ir^A56_Zd$Q}`d*njqutZ(u6C-PB*
z&`yCKYMKlMsZX6#SVSm|+dMb(S`e=bU_L8$;<7Kzv;qGm+`^SL_iA$+wfir%Jq);6
znAoveBQ1({7|Hn1OTwIlK6T$)H>MskVajdJ1-f&sc~H|2R-U=7t6q8Pg2Dwbi(SFu
zO1zfi&dR)|oQ3wYX7MCRY=3X&>b&NRd_lY=DKY#0Xmf;rqf3Z(Wm}t03~DfREA=g1
zmP<$Sch-?oC1IY+*tP7P+z;VDn7fq+h4S?+#WWF%8r9Y|u4J|`h^RJ_&R6$YKA-*;
z+6zrLEacanmS)D<H8L22B2Ze^GL$ZP2~dw00z}u)QHt|>3i+HWx6y-j&)p@nII+lT
zt0$%duWKW7C4n~|XJyK~=_On*FVL7j3SbfeYyf^=iue(z!Ol=x=UWTaV{CZyDpYP<
zt=x0WrbWWsBJkKh6WmVFeXz9X+A?jdyx6-4+AXm&CZde2)d*Gj-p)gMS3|#cMNi8V
ziV`(k*fV+_7lciyqAnG2YkZ<2rO4gAK_VK8Wmg*5Qq(J7Nc91V61eFE=ZvpnkbaX}
z`<zk7?je+2$;+=j$8ZPJoA+*wFDnL!vsmQJST2mJbz0wflJq2<VxCEb$%jE}OT`Kv
zO|FKMsb_L!c-2mz;TIJnvJt7?H}K}_BOIq1dgslF`3=aD{W0&R<qresbk)y<h(5;B
zLg<5gvjuA`VY_)@Ph*>%w^Zsz5#p$F8T{Ax)G?4lArn$o(NRwIXL|-A2nAE&906lw
zxo$wit}&f_4G)`t$rST!IP6m)YEr&wq?a5-uv%wLk$n_5AO&xby?QT)!?%ma9jeAz
zWbkoppF03?<fRP-<r*l|qIJt}Yy;on_|6+$7#~GIgN|iNz_;f%A3r}LU}So^{F1=;
zuPQ4qKAy&rccKXEkk?v~dlaRcM=TsEvQeq7HrMZ5qN6++$DvM!kR^hw`DkjN(tRzD
zM$$a{xXA1c#qbDG2Bl~?ccY_<pF)KmuqEh=YfKn1yC{pKTTZH#X812?n_Q9n;BVra
z{u2L%%&xAY=1!)tsQW5N59V=3;Cz8(*F`FjlPR^glvYuem32vSptR>)m=8ANXcoRv
zN#9ZX9NFu+h8-xr;<9!=I+Q{J5iVwD$&+mEu<INl6R0bRkz93%djQZ%`$2Yv+jn00
z&X1$ww}oThZ0n3uL@r$}YE6;8{S^s2DEo0>duY8Wl&D{W@>M&-;j3GJ`1ylIg(?L+
zETuu6;`$&xa9_4Ha$MMVdyZ>)>fZ_tvr6a9#^FiME~tOZ3));oYm3k4P;PnWhl1Zp
zwVsV>P{6;PjH>QmWm>EEd}I|jt<oLxyism92GWECmmlQGFYN6~?<SFP7eq<VP3OSQ
zef?M-SJwZ+8|4lH^AHcY%+_g$2Em{5*QOq@_Nz=*7qaTJhd|dG_qpqE6Y%M?RXVCF
z8{rhnnKK*DEk>?fgqJFQ+Mf;e(9B{?>YZn9wcj{ml@Ha}O|a~Yxg7lPWJLEFPA1GM
z>`3A0xpzmhF>C|$IRh1=lQ(ZJ62OJW{3l}Z41Djao3FSTb6}V+z1(WqR?%tTrh`vs
zd(@=4pE6}?HQ&l&L(+3<@M20<3%NwiO|O(VuNZYiwUX{;*jXEf*sjm{(Qu6qrb!(D
z$>A7!=@C14tK@V_oiOx$aaOM?|2-uP+_}3w3eJXpT2<_ueHz9$czx!y)={GBS_VO(
zD>c+0b_;W2&OI<?X@(0EgV7jfK3fZf&Pz{`_iGYh+H~wB#0&$fErC76vwnR|X{fxh
z>+l{Z|9Q^pEpU-hvYTmiU#W5xeKxK`dGX$}j6=k?sL1%J0EDN9v0lKIZjqT8zALy;
z5k?o|*gg+dCW$V7T5Ac7Xt_D}sBXD@bx1d%acRjX7rA(0GxbOx4(T?h+S`4@Q1asK
zT7ZpSNRl(ky@~Y|Fg0Y%r&)LC8IzD=gE&8^gyTTYOx50;uFRNU97&`o%u1DeMxO*^
z4TWC<P<Y`Q&xuDTX`Ah+lMrzbar#7ovM6;tQ<~4}o9!#eD8F~vGcd9X_20iaHU#IA
z+bWN+M--+-`2Z#EedoErr|wE@?=Gzv@0GmHeJ(_6B$ZUsY|>kGFXx*vSi&MuFJIDb
z&oogqS^}zu2H;JV+Z(b}&AFka5V!bTmDXM=sqElumy%5X^>T5>Za6J_{7jS8iS+#<
zm6;za92SItu3j0La2?-ZsenwJngv%!$X3;BII^2HApx^A!+<I7a?1-Y{MMKS9pH#U
zLxSWFc1A2+`rK@F)q4!UIpm26VJ?b=D_JnHp29Ce`|}@m;(lbTPVkRwTwlmP;q~L@
zbL;*x_;zxy5a|34n1FldbtusD8b(j|kfd(k3Qwwt^!o^(S=iv?P)@2a)P=2VvZ+FS
zd~I&dNwP`f(6QahI|3Y~c-(1H!7+&dV)UxtoYOn>XRU|{xm{D_#C}}KvMCw52lc&K
z_8IT2s=$0RKt@RAl#LCFm#Mit2T6O>oHDS~y}#ZBnmbsFToTNmF43{)FuR)+!DJ!D
z#%0b+h7szU^+W5WHCpQqG{rX$)AT~rbaf8}FU>`9jIWZW#3*X$#fmd5`}u*?4`{Rc
zxf9SKpR5e`?7AmU(cvgl^D?>g%!(40ZJNN7sJpyS|NEZ9a)Rp;9PnnrZcxiNNX5sU
z;Y*<{1>qHH6xgZvEH=7BRM_Wi9qzX`z6Y;mUgr~FS0!9u*EHjM0v^1@2T{AAyUOsX
z&$mTfo;g*j8+S-F5Wj1;dV@%VyT82qGIC~|m!6ECj*MQ|n|%A4Zhj{92}tzby8md?
z5Tr5VrcRAw%Yob_V&1cT_*l~o*R^Ep&>zGw>JRIvtiaoXQ+C&N9o2AjNsiMsZsUq#
z@0;Zn&Iyz;Hut}J7`<rEiQ$+2(zu5gC%<v}yji@`spq*1r{AO3xQ4p=VMl=u3Fo+8
zwk8SWM5WuozNU7nh}E}vVK<e{78Z_IRur)73;0Vt9fZ+9yB^FIg!-gf*irBr^G>$W
z{%k-n-z{#3H;W%IsKbU(hJpy+ICr+OMC;kxhf3?H<%c}Bu<ibd;U^0bKus=jn!xuH
z?tfb%uZcH~OT>#M?h+Ot1pcgek5nC2YegGLl6{p`d(5-#Xf;%d=P*GrC8t%4Q96tO
z(tqZfG$G>X;&+-{ogZ<XGO$yMnfGO9gsB3u|MjxrE8jQqFoHM8EUsCu3v@D8Jt?0~
z%)Xl|@B{FgEPD)CCTVFrxgMDyo<e%DjE<UAJ~Y6|syMHdw8yCtoUOTOl%5_CCiYv~
zbnBu8nBTG5wqCPFPP~vr<sZ`B-rX|IZ?!gCVivPzE$5Pv^V$-bwY!7W=C?x%AGhh6
zwE&A=;*^`(KMK=rcOJyf;wk?gFx^tBK;Pw*fhKQnGtp~%tQHv;`%N`WAP<PjYIM@<
z8MWF}R`Px5WZo&uqVE&C#HO&7h}fYY^>0t=+w(YS)Veaf_LI6JMv?dmb}PZ-gOd$9
zynHy};|LX>z$0!f5{739LT_536Z{I#&U$oKf_pWHXrG0=NqkkLDrsyIZt~5dkM!j;
z?owc-`eo3AUDLWd^vv8N!4)bWd(nb8h~;FNJ4-@o)CWgNjv!`-@JUzKJ{mP7tn^L0
zVuyFb`VmztuyGAq%76ZFWzeTMQZ9i)b=}b+&lK^Vh8C2DfX}i^tw^6|e;6m+J?m)P
zOHDx{_NBeVJ_)Ce`O_el7m6*?F5jgVnC+D@I*s9mf1^5Oh#hT-jBE7%mM2%~&e&mS
ziQGEP@zmec`lefKu%nP4k&nb3%Rt-ZVU^BED##8nGCo!U4sG@7Qaaj42R&|`2}RDC
z>Hw#ta5BG`buZqQ<>_X4q~)0^67qDU{X`G+0OdT*B@PdJ4tDVz13udX-(<SK4H3w0
zN@r(r>sJXpkDn8#7B;~f4k~>+Ma>28f=pHnoQFy8FmmSm*KU5Cc(BYBnEiD5#RVk&
zvgQ2amhMk2$buKX?Zu&$N3Y`XjAcH^p)U`9y6~SSEKk1OlVonHgyssa5s{R%f;`>F
zH86rbN4A_*RZV<7_!(apxv2A9(J8V=l2&D^;oJ3Af+Rv~g6dYN`7voG+5cEv&LBg%
zxej9|w$rr5q;=FtoY0uWe<V(v7nbRKlOwUc=w8wE!z}cc*D&vjQ^<N^tHH=i*?Hu^
zc1){b*8z{Usz*%4dd+d@k4(@r+Uj{_?+8xgj!z5B9nbdHrpNGypDxN=m3L?|?WC^A
zITIPb?cKK|>kubi*O~70!0PR6i!ai5Hhpng_Al49*Ub5%O)c!evc1j#l+tq@xgD0X
z%Uu?4cZ%k^Pu-JVu|al!niVXp0amkPyKew}Hl;9)jUlYTY#%7+80`o8>$9bmVT@JU
z>ts|7s-`9O$Sgx+&MAa+^j`X%BeRX7fTEIjUyT&X?CY&nHwO6Dc4D@{xAG>k<tKX>
zZ0N%FmeH-Aa;%$QM3UdnSi_h&eTEHaL)t3&1(_}*s?S9dK*zgRYQ~*i)hK)HBt&Yh
zDY>4^r+^L1SpG{(bPs*`OxAH+jwfrqw(auJB0@zJj+NY6x9i65pCuXv58$|ur^^$1
zr(f6MKYLE)EiS&Cx24wR8j<B3Kh#-o`U<#A&a1Gsk+skl3W8RoPZwNGL`{QO$BGL@
zT#~(-Fz8^VHXO_Gc7=cgi9tr?sajg;TWr|VI|<aWKUDWuR<S6}bGk^y_uMRfx^?4h
ztkq}SVnoC@>QI-f;Y|ly;JT!$+G@-BG%-tdm!mnietfcV8f8l3ns$KAvAvb%rBpi=
zx$&}4D3&{D!PS!J=qxqcLW<rOiUm<1xeq3(<_wHEfWpgvTP`Qf7b}7IZpGOG28}Ga
zGVoW9=^kKZNSUyLnLLu91vf$2BmhER7y^YT<b^To0ruI<>!cjgE?1CSN`Hf57`+H&
zYU)?7odHcbZ1pdX2octl23ltsc=)?Rxro~%5f{39f95nOXNv5dx`zd9SNGXYQ~GXx
z3f)Z9!|X6;hV8FfMcIZ>J!TPqJ!Oua_ne8z`{Cw?=kIUUlsrF)u;&5Dz2#Xjm&a+>
zY}l<kgYYq*!QAE_Euj>BTeY5Z5{t99yR}j}U$N|**OUY?-It%;`{sy^hou|o$oxCO
z{9LQ+pk!~{+c~HWUL6cg)}*6KpXhxpi>0ze-Hy~w^8og26i$5(+LHef--KejW+PQP
z^niIm8!?6Nx7obq?Rfhnb914-nqQCg`zG$`H}sp*r=)c`-%p5{tDc%@->yz{0uS5S
z2CLxw@sBq)D2SA&1nq#W<GEoV^V*yDxj8lcKlgiZBG0YLe_XDjlkxn=@*c(;+5;TY
zVY%$OW6qG=9gnaYj$OX*EEnEzd?@X<qm&CEkF>&Vr$9nXKl9o?3gkZ-8EJn}#zl2j
zla{}(9mbst?VzPO|HUJuNtz;NMn9Sd)UKE3o3|qC_8!Yra~ty|^nX#1pp>%|C_`C%
zkCXg3rLOsG1uMY0F>bVd=-+!6VfoGN4Hy1ZH0twgdw%>s9ZjYw2@>V^+PWc>vAmUC
z4NA-bJEL#0G;Q``2KNFC8k8=)a9VWD=^C%Xx@)n;{tE99>Ut%w>TPVE8|H=uHBxEm
z9o@rt?Oa=`b0b0DQmX%J7WmKqznmcxag%Mm`IcGzL^|!U<8FBETZ$PMQ_3r=y#Me7
zSqRVJIYi+5k9lV63$fuBWfQZL7|G~?qj>agabFp|;YT?Y$5WV9w#}m6dWu=S`$+eX
zq2J93Z;D*CdHF!QB7V{soaWx7+-*wPoe@qRo#MCZ-R4(u=_T@Hd^#Cu2{_%r-W0?U
zIcyi!O0^^?))Y_b3w!eWaX+0B{C-V(|Dq^9jkz6`<%!q{lv=hiEeSf7uDW>vpuV^G
zc?8Os9l#}DG$$jXZ``rn)cVvDp5EqSC||dU)8Lso&a8E}R<|OG8&hiic11bHhbj8`
zA^ft-Y^~E9=jLo)l7ccx;Y+a1&j?}-*o#BduMmj3iRq9sVK?uO)jZx8YpNQla|<@3
zA0b=}wNkXLY^(3ygnH70EGjIyu%*}3HC6Oit!y9rBYx`;Pif6ovJi}|G;JLycHrBW
zd4ukVH@xR=B9$0Gacs}dRF^54>I=+R;XiKzxQJ~Hu(J6{+zr8)TKly;v9M)xdaCn*
z27at9wTAGJ3C*7_EBTwjnJ7OraEFd&x^%ORRTjt+U}mER_w+?wGtkUAB|CtUgj0V?
zEo9c)Pd`t_y-U!tsz&fS#fVqPo{VRC40b!{q({LesI%Yx2WZGDy^mx^id8<?5jwb{
zg5xprv<0l7@*cI0?${MvkD`SwCA0^Am*3j7dXXLf#QV!990wTjM$8LQahUvvUwA;t
zp@SQi_fDRj?M;>54`QFsFn7urML6Is?gFqNX>@dZ`mR~sjX2TG?!{DIQ%K4w#PNvx
z1<UL%Q@Ced{T(RnBQ8KTx8zH$zFY?x=C`=8XK6!s7Ekrvd;+i;#-HXVl~U7xO6a>}
z6s<e^6MRyPWK_yYPn)!io@K-xqu*k3-%$pw3ko1ttV9t)!$QR2MqoLpk3KQU+|MJ`
zmyBGQkWbERcS3Bx(KF7xroIf~J1X`EU|zB?7C(c?VZAvec|T;^Ozj7tGZQd^65cCZ
z2nXu6=&+*q%w`E=)9;J^_&Y}$Wauul8FpVjY2XH>+&RF-IHEuJ_VFa{Nyq3}b$HzZ
zRP&3Z6qAu>tp8x|)X)X|Hw6NWiKeo~eU*No=k*R0Ec7pxp?lb%mFqAr`b_UH9sp!d
zhCnyiaMNeo-$VXo;JMF!4iYVTwf$FS^Diy(Cci$^{oyEJ=g%Ymx(Ik0o>HS|eo^$<
zZ^!#5sK6KiNfX-@)&DbZlhGGDQWg|^t)ex(_s8ddU36ywlD5jjvOoSMiHi?#)Mqzi
zV*eV3$pj!NHSlnG<&S&*lC;DMz!y-eaf9=}zyRQTxFrZkYFxH+{o@Y5G8+>#V6G*O
zOs}W@SmdvZ6nQ|>tj)1v@L!S?uK@sZmC!M1{{>(pplI+qX?P^=4|o0*HKhOmm!Ofw
hSN;O<|3wwMVc(~ZC@N1-d7S`$x>`n8%QfsD{U3Jy4~_r;

literal 0
HcmV?d00001

diff --git a/src/app/_components/NumberOfContent.jsx b/src/app/_components/NumberOfContent.jsx
index 98da1bd..69a03c0 100644
--- a/src/app/_components/NumberOfContent.jsx
+++ b/src/app/_components/NumberOfContent.jsx
@@ -10,7 +10,7 @@ export const NumberOfContent = ({
 }) => {
   return (
     <div className={`flex gap-3 items-start mb-2 ${className}`}>
-      <div className="size-5 text-sm border border-gray-400 rounded-sm text-gray-500 flex items-center justify-center">
+      <div className="size-5 min-w-5 text-sm border border-gray-400 rounded-sm text-gray-500 flex items-center justify-center">
         {number}
       </div>
 
@@ -37,7 +37,7 @@ export const NumberOfContent = ({
 export const NumberWithMdx = ({ number, children, className }) => {
   return (
     <div className={`flex gap-3 items-start mb-2 ${className}`}>
-      <div className="size-5 text-sm border border-gray-400 rounded-sm text-gray-500 flex items-center justify-center">
+      <div className="size-5 min-w-5 text-sm border border-gray-400 rounded-sm text-gray-500 flex items-center justify-center">
         {number}
       </div>
 
diff --git a/src/content/getting-started/self-hosting/docker/advanced-setup.mdx b/src/content/getting-started/self-hosting/docker/advanced-setup.mdx
index 1c5f903..18e4313 100644
--- a/src/content/getting-started/self-hosting/docker/advanced-setup.mdx
+++ b/src/content/getting-started/self-hosting/docker/advanced-setup.mdx
@@ -2,6 +2,7 @@ import { Steps } from "nextra/components"
 import { Table } from 'nextra/components'
 import { Callout } from 'nextra/components'
 import { CardInfo } from "@/app/_components/CardInfo.jsx"
+import { Tabs } from 'nextra/components'
 
 import {
   NumberOfContent,
@@ -118,10 +119,35 @@ cp .env.example .env
 docker compose pull
 ```
 
-## Configuring and securing SpaceDF
+## Configuration & Security
 
-The `.env.example` file includes sample passwords and keys for reference only.
-You must replace these values before starting SpaceDF in a self-hosted environment.
+Before starting SpaceDF, you need to set up the environment variables.
+
+<Tabs items={['Manual', 'Terminal']}>
+    <Tabs.Tab>
+      <NumberWithMdx number={1} className="mt-6 ml-6">
+          Copy the `.env.example` file in the root directory.
+      </NumberWithMdx>
+      <NumberWithMdx number={2} className="ml-6">
+          Rename the copy to `.env`
+      </NumberWithMdx>
+      <NumberWithMdx number={3} className="ml-6">
+          Update the values in `.env` following the guide below.
+      </NumberWithMdx>
+    </Tabs.Tab>
+
+    <Tabs.Tab>
+    Run the following command in your project root directory:
+
+    ```bash copy
+    # Switch to your project directory
+    cd spacedf-core
+    
+    # Copy the env vars
+    cp .env.example .env
+    ```
+    </Tabs.Tab>
+</Tabs>
 
 <Callout type="warning">
     Review the configuration options below and make sure all secret values are set before starting SpaceDF.
@@ -162,8 +188,8 @@ RABBITMQ_DEFAULT_USER=your_username
 RABBITMQ_DEFAULT_PASS=your_password
 ```
 
-- `RABBITMQ_DEFAULT_USER` - The username SpaceDF uses to connect to RabbitMQ.
-- `RABBITMQ_DEFAULT_PASS` - The password for the RabbitMQ user above.
+`RABBITMQ_DEFAULT_USER` - The username SpaceDF uses to connect to RabbitMQ.<br/>
+`RABBITMQ_DEFAULT_PASS` - The password for the RabbitMQ user above.
 
 <Callout type="warning">
   Do not use simple or common passwords. This account controls access to your message queue. <br/>
@@ -184,15 +210,41 @@ openssl genrsa -out private_key.pem 2048
 openssl rsa -in private_key.pem -pubout -out public_key.pem
 ```
 <NumberWithMdx number={2} href="" className="mt-6">
-    Copy the contents of each file into your `.env` file:
+   Copy the key contents from your local machine<br/>
+   Choose the command based on your operating system:
+  <Tabs items={['macOS', 'Windows', 'Linux']}>
+    <Tabs.Tab>
+    ```bash copy
+    pbcopy < private_key.pem
+    pbcopy < public_key.pem
+    ```
+    </Tabs.Tab>
+
+    <Tabs.Tab>
+    ```powershell copy
+    Get-Content private_key.pem | Set-Clipboard
+    Get-Content public_key.pem | Set-Clipboard
+    ```
+    </Tabs.Tab>
+
+    <Tabs.Tab>
+    ```bash copy
+    cat private_key.pem | xclip -selection clipboard
+    cat public_key.pem | xclip -selection clipboard
+    ```
+    </Tabs.Tab>
+  </Tabs>
+</NumberWithMdx>
+<NumberWithMdx number={3} href="" className="mt-6">
+    Paste the keys into your `.env` file:
 </NumberWithMdx>
 ```bash copy
 JWT_PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----...
 JWT_PUBLIC_KEY=-----BEGIN PUBLIC KEY-----...
 ```
-- `JWT_PRIVATE_KEY` - Signs authentication tokens (***Keep this key secret.***).
 
-- `JWT_PUBLIC_KEY` - Verifies authentication tokens. This key can be shared with other services if needed.
+`JWT_PRIVATE_KEY` - Signs authentication tokens (***Keep this key secret.***). <br/>
+`JWT_PUBLIC_KEY` - Verifies authentication tokens. This key can be shared with other services if needed.
 > Make sure the keys are pasted correctly and not broken across lines.
 ---
 ##### Google OAuth
@@ -216,6 +268,8 @@ To enable Google login, you need to create OAuth credentials in the ***Google Cl
 <NumberWithMdx number={5}>
     Create an **OAuth 2.0 Client ID:**<br/>
     Application type: **Web application**<br/>
+    <img src="/screenshots/google-oauth.png" className="w-full mt-2"/>
+    *If you see a warning about **OAuth consent screen** or **branding** not being configured, you must complete the **OAuth consent screen setup** first before creating the Client ID.*
 </NumberWithMdx>
 <NumberWithMdx number={6}>
     Authorized redirect URI: (`GOOGLE_CALLBACK_URL`)<br/>
@@ -234,13 +288,14 @@ To enable Google login, you need to create OAuth credentials in the ***Google Cl
 
 ```bash copy
 # Replace with your own values.
-GOOGLE_CALLBACK_URL=https://spacedf.example.com/auth/google/callback
-GOOGLE_CLIENT_ID=1234567890-abcxyz.apps.googleusercontent.com #(Step 5)
+GOOGLE_CALLBACK_URL=your_google_callback_uri
+GOOGLE_CLIENT_ID=your_google_client_id #(Step 5)
 GOOGLE_CLIENT_SECRET=your_google_client_secret #(Step 5)
 ```
-- `GOOGLE_CALLBACK_URL` - The URL Google redirects users back to after successful login.
-- `GOOGLE_CLIENT_ID` - Identifies your application to Google.
-- `GOOGLE_CLIENT_SECRET` - A private key used by SpaceDF to securely communicate with Google (***Keep this value secret.***)
+`GOOGLE_CALLBACK_URL` - The URL Google redirects users back to after successful login.<br/>
+`GOOGLE_CLIENT_ID` - Identifies your application to Google.<br/>
+`GOOGLE_CLIENT_SECRET` - A private key used by SpaceDF to securely communicate with Google (***Keep this value secret.***)
+
 <Callout type="info">
 Use HTTPS for the callback URL in production.
 </Callout>
@@ -256,44 +311,55 @@ Apple sign-in support is planned but not yet supported in SpaceDF.
 
 ```bash copy
 # Apple OAuth (reserved for future use)
-APPLE_CLIENT_ID=__APPLE_CLIENT_ID__
-APPLE_CLIENT_SECRET=__APPLE_CLIENT_SECRET__
-APPLE_CLIENT_KEY=__APPLE_CLIENT_KEY__
-APPLE_CERTIFICATE_KEY=__APPLE_CERTIFICATE_KEY__
+APPLE_CLIENT_ID=your_apple_client_id
+APPLE_CLIENT_SECRET=your_apple_client_secrect
+APPLE_CLIENT_KEY=your_apple_client_key
+APPLE_CERTIFICATE_KEY=your_apple_certificate_key
 ```
 ---
 ##### Auth Service
 > The Auth Service is responsible for user authentication, authorization, and tenant management in SpaceDF.
 
-Set the following values in your `.env` file.
+**`AUTH_POSTGRES_PASSWORD`**
+
+The password used by the Auth Service to connect to its *PostgreSQL database*. (*Use a strong and unique password.*)
+
 ```bash copy
-# Replace with your own values.
-AUTH_POSTGRES_PASSWORD=__AUTH_POSTGRES_PASSWORD__
-AUTH_SECRET_KEY=__AUTH_SECRET_KEY__
-DEFAULT_TENANT_HOST=__DEFAULT_TENANT_HOST__
-ROOT_API_KEY=__ROOT_API_KEY__
+AUTH_POSTGRES_PASSWORD=your_auth_postgres_password
 ```
-- `AUTH_POSTGRES_PASSWORD` - The password used by the Auth Service to connect to its ***PostgreSQL database***. (***Use a strong and unique password.***)
-- `AUTH_SECRET_KEY` - A secret key used to sign and validate authentication-related data. (***Keep this value private.***)
-- `DEFAULT_TENANT_HOST` - The default domain or host assigned to the initial tenant. This is usually your main application domain.
-- `ROOT_API_KEY` - A master API key with full access to the Auth Service. Used for administrative or internal operations only.
 
-**Secret keys**: Generate secure random values for secret keys:
+**`AUTH_SECRET_KEY`**
+
+A secret key used to sign and validate authentication-related data. (*Keep this value private.*)
+
+Generate secure random values for secret keys:
 ```bash copy
 openssl rand -hex 32
 ```
-Use the generated value for:
+
+Paste the generated Secret Key into your `.env` file:
 ```bash copy
-AUTH_SECRET_KEY=generated_secret_value
-ROOT_API_KEY=generated_root_api_key
+AUTH_SECRET_KEY=your_auth_secret_key
 ```
 
-**Default tenant host**
+**`DEFAULT_TENANT_HOST`**
+
+The default domain or host assigned to the initial tenant. This is usually your main application domain.
+
+<Tabs items={['Development', 'Production']}>
+    <Tabs.Tab>
+    ```bash copy
+    DEFAULT_TENANT_HOST=localhost
+    ```
+    </Tabs.Tab>
+
+    <Tabs.Tab>
+    ```bash copy
+    DEFAULT_TENANT_HOST=your_api_domain
+    ```
+    </Tabs.Tab>
+</Tabs>
 
-Set this to the domain or host where SpaceDF will be accessed:
-```bash copy
-DEFAULT_TENANT_HOST=app.spacedf.example
-```
 ---
 ##### S3 Service
 > The Amazon S3 service is used by SpaceDF to store files such as uploads, assets, and generated data.
@@ -354,16 +420,16 @@ Use IAM policies with **minimum required permissions**.
 
 **Set values in `.env`**
 ```bash copy
-    # Replace with your own values.
-    AWS_ACCESS_KEY_ID=AKIAXXXXXXXX
-    AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXX
+# Replace with your own values.
+AWS_ACCESS_KEY_ID=your_access_key_id #IAM credentials (Step 4)
+AWS_SECRET_ACCESS_KEY=your_secret_access_key #IAM credentials (Step 4)
     
-    AWS_STORAGE_BUCKET_NAME=spacedf-storage
-    AWS_REGION=ap-southeast-1
+AWS_STORAGE_BUCKET_NAME=your_aws_storage_bucket_name #S3 bucket (Step 3)
+AWS_REGION=your_aws_region #S3 bucket (Step 3)
 ```
 
 - `AWS_ACCESS_KEY_ID` - The access key used by SpaceDF to authenticate with S3.
-- `AWS_SECRET_ACCESS_KEY` - The secret key paired with the access key above. (***Keep this value private***)
+- `AWS_SECRET_ACCESS_KEY` - The secret key paired with the access key above. (*Keep this value private*)
 - `AWS_STORAGE_BUCKET_NAME` - The name of the S3 bucket where SpaceDF stores files.
 - `AWS_REGION` - The AWS region where the S3 bucket is located. (e.g., `us-east-1`, `ap-southeast-1`).
 ---
@@ -404,55 +470,56 @@ REDIS_HOST="redis://redis:6379/1"
 ##### Dashboard Service
 > The Dashboard Service provides the web interface for managing SpaceDF, including administration and monitoring features.
 
-**Database password**
+**`DASHBOARD_POSTGRES_PASSWORD`**
+
+The password used by the Dashboard Service to connect to its PostgreSQL database. (*Use a strong and unique password*.)
 
-Choose a strong password for the Dashboard Service database:
 ```bash copy
-# Replace with your own values.
-DASHBOARD_POSTGRES_PASSWORD=change_this_to_a_secure_password
+DASHBOARD_POSTGRES_PASSWORD=your_postgres_password
 ```
-`DASHBOARD_POSTGRES_PASSWORD` - The password used by the Dashboard Service to connect to its PostgreSQL database. (***Use a strong and unique password***.)
 
-**Secret key**: Generate a secure random value:
+**`DASHBOARD_SECRET_KEY`**
+
+A secret key used to sign and validate authentication-related data. (*Keep this value private.*)
+
+Generate secure random values for secret keys:
 ```bash
 openssl rand -hex 32
 ```
-Set it in your `.env` file:
 
+Paste the generated Secret Key into your `.env` file:
 ```bash copy
-# Replace with your own values.
-DASHBOARD_SECRET_KEY=generated_secret_value
+DASHBOARD_SECRET_KEY=your_secret_key
 ```
-`DASHBOARD_SECRET_KEY` - A secret key used to sign and protect dashboard-related sessions and data. (***Keep this value private.***)
 
 ---
 ##### Device Service
 > The Device Service manages devices, device data, and communication with telemetry-related services in SpaceDF.
 
-**Database password**
+**`DEVICE_POSTGRES_PASSWORD`**
+
+The password used by the Device Service to connect to its PostgreSQL database. (*Use a strong and unique password*.)
 
-Choose a strong password for the Device Service database:
 ```bash copy
-# Replace with your own values.
-DEVICE_POSTGRES_PASSWORD=change_this_to_a_secure_password
+DEVICE_POSTGRES_PASSWORD=your_postgres_password
 ```
 
-`DEVICE_POSTGRES_PASSWORD` - The password used by the Device Service to connect to its PostgreSQL database. (***Use a strong and unique password***.)
+**`DEVICE_SECRET_KEY`**
 
-**Secret key**: Generate a secure random value:
+A secret key used to sign and validate authentication-related data. (*Keep this value private.*)
+
+Generate secure random values for secret keys:
 ```bash
 openssl rand -hex 32
 ```
 
-Set it in your `.env` file:
-
+Paste the generated Secret Key into your `.env` file:
 ```bash copy
-# Replace with your own values.
-DEVICE_SECRET_KEY=generated_secret_value
+DEVICE_SECRET_KEY=your_secret_key
 ```
-`DEVICE_SECRET_KEY` - A secret key used to sign and protect device-related data and requests. (***Keep this value private.***)
+---
 
-**Telemetry service URL**
+##### Telemetry service
 
 Defines the internal Docker service address that SpaceDF uses to communicate with the Telemetry Service.
 
@@ -460,7 +527,7 @@ When using the **default Docker setup**, the Telemetry Service runs as a Docker
 
 ```bash copy
 # Default (recommended)
-TELEMETRY_SERVICE_URL=http://telemetry-service:8080
+TELEMETRY_SERVICE_URL=http://telemetry:8080
 ```
 <CardInfo classNames={{
   container: "!mt-6 !p-3 shadow-none",
@@ -482,12 +549,12 @@ Choose a username and a strong password:
 ```bash copy
 # Replace with your own values.
 EMQX_HOST=http://emqx:18083/api/v5
-EMQX_USERNAME=spacedf
-EMQX_PASSWORD=change_this_to_a_secure_password
+EMQX_USERNAME=your_emqx_username
+EMQX_PASSWORD=your_emqx_password
 ```
-- `EMQX_HOST` - The base URL of the EMQX Management API used by SpaceDF. This is typically the EMQX service running inside Docker.
-- `EMQX_USERNAME` - The username SpaceDF uses to authenticate with the EMQX broker.
-- `EMQX_PASSWORD` - The password for the EMQX user above. (***Use a strong and unique password***.)
+`EMQX_HOST` - The base URL of the EMQX Management API used by SpaceDF. This is typically the EMQX service running inside Docker.<br/>
+`EMQX_USERNAME` - The username SpaceDF uses to authenticate with the EMQX broker.<br/>
+`EMQX_PASSWORD` - The password for the EMQX user above. (*Use a strong and unique password*.)
 
 ---
 ##### Broker Bridge Service
@@ -496,18 +563,17 @@ EMQX_PASSWORD=change_this_to_a_secure_password
 **Broker credentials**
 ```bash copy
 # Replace with your own values.
-MQTT_BROKER_BRIDGE_USERNAME=bridge-user
-MQTT_BROKER_BRIDGE_PASSWORD=change_this_to_a_secure_password
+MQTT_BROKER_BRIDGE_USERNAME=your_username
+MQTT_BROKER_BRIDGE_PASSWORD=your_password
 ```
 
-- `MQTT_BROKER_BRIDGE_USERNAME` - The username used to authenticate with the external MQTT broker.
-- `MQTT_BROKER_BRIDGE_PASSWORD` - The password for the broker bridge user. (***Keep this value private***.)
+`MQTT_BROKER_BRIDGE_USERNAME` - The username used to authenticate with the external MQTT broker. <br/>
+`MQTT_BROKER_BRIDGE_PASSWORD` - The password for the broker bridge user. (*Keep this value private*.)
 
 **MQTT topics**
 
 Specify one or more topics, separated by commas.
 ```bash copy
-# Replace with your own values.
 MQTT_TOPICS=device/+/telemetry,device/+/status
 ```
 `MQTT_TOPICS` - A list of MQTT topics that SpaceDF subscribes to or bridges.

From e9ec74ccdd34e8cfb0d3fcaaeb0bc001b1488828 Mon Sep 17 00:00:00 2001
From: kinhdev24 <kinhdev24@gmail.com>
Date: Thu, 29 Jan 2026 16:01:47 +0700
Subject: [PATCH 2/3] chore: Updated self hosting doc

---
 src/app/_components/CardInfo.jsx              |    2 +-
 src/components/ui/badge.tsx                   |   48 +
 .../self-hosting/docker/advanced-setup.mdx    | 1798 +++++++++++------
 .../self-hosting/docker/quick-start.mdx       |    5 +-
 .../getting-started/self-hosting/index.mdx    |    2 +-
 5 files changed, 1271 insertions(+), 584 deletions(-)
 create mode 100644 src/components/ui/badge.tsx

diff --git a/src/app/_components/CardInfo.jsx b/src/app/_components/CardInfo.jsx
index 12b2fbd..2723a87 100644
--- a/src/app/_components/CardInfo.jsx
+++ b/src/app/_components/CardInfo.jsx
@@ -9,7 +9,7 @@ export const CardInfo = ({
 }) => {
   return (
     <div
-      className={`mt-10 p-6 bg-gray-100 dark:bg-zinc-800 dark:border-zinc-600 border border-gray-200 shadow rounded-lg ${classNames.container}`}
+      className={`mt-10 p-6 bg-gray-100 dark:bg-zinc-900 dark:border-zinc-800 border border-gray-200 shadow rounded-lg ${classNames.container}`}
     >
       {title && (
         <p className={`font-semibold text-xl ${classNames.title}`}>{title}</p>
diff --git a/src/components/ui/badge.tsx b/src/components/ui/badge.tsx
new file mode 100644
index 0000000..ba40cc1
--- /dev/null
+++ b/src/components/ui/badge.tsx
@@ -0,0 +1,48 @@
+import * as React from "react"
+import { Slot } from "@radix-ui/react-slot"
+import { cva, type VariantProps } from "class-variance-authority"
+
+import { cn } from "@/lib/utils"
+
+const badgeVariants = cva(
+  "inline-flex items-center justify-center rounded-full border border-transparent px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden",
+  {
+    variants: {
+      variant: {
+        default: "bg-primary text-primary-foreground [a&]:hover:bg-primary/90",
+        secondary:
+          "bg-secondary text-secondary-foreground [a&]:hover:bg-secondary/90",
+        destructive:
+          "bg-destructive text-white [a&]:hover:bg-destructive/90 focus-visible:ring-destructive/20 dark:focus-visible:ring-destructive/40 dark:bg-destructive/60",
+        outline:
+          "border-border text-foreground [a&]:hover:bg-accent [a&]:hover:text-accent-foreground",
+        ghost: "[a&]:hover:bg-accent [a&]:hover:text-accent-foreground",
+        link: "text-primary underline-offset-4 [a&]:hover:underline",
+      },
+    },
+    defaultVariants: {
+      variant: "default",
+    },
+  }
+)
+
+function Badge({
+  className,
+  variant = "default",
+  asChild = false,
+  ...props
+}: React.ComponentProps<"span"> &
+  VariantProps<typeof badgeVariants> & { asChild?: boolean }) {
+  const Comp = asChild ? Slot : "span"
+
+  return (
+    <Comp
+      data-slot="badge"
+      data-variant={variant}
+      className={cn(badgeVariants({ variant }), className)}
+      {...props}
+    />
+  )
+}
+
+export { Badge, badgeVariants }
diff --git a/src/content/getting-started/self-hosting/docker/advanced-setup.mdx b/src/content/getting-started/self-hosting/docker/advanced-setup.mdx
index 18e4313..84cf060 100644
--- a/src/content/getting-started/self-hosting/docker/advanced-setup.mdx
+++ b/src/content/getting-started/self-hosting/docker/advanced-setup.mdx
@@ -3,6 +3,7 @@ import { Table } from 'nextra/components'
 import { Callout } from 'nextra/components'
 import { CardInfo } from "@/app/_components/CardInfo.jsx"
 import { Tabs } from 'nextra/components'
+import { Badge } from "@/components/ui/badge.tsx"
 
 import {
   NumberOfContent,
@@ -30,7 +31,7 @@ If you only want to get SpaceDF running quickly with default settings, see [Quic
 <NumberOfContent number={1} title="Prerequisites" href="#prerequisites" description="What you need to prepare before setting up SpaceDF."/>
 <NumberOfContent number={2} title="System Requirements" href="#system-requirements" description="Minimum hardware and software requirements."/>
 <NumberOfContent number={3} title="Installing SpaceDF" href="#installing-spacedf" description="How to install SpaceDF using Docker."/>
-<NumberOfContent number={4} title="Configuration and Security" href="#configuring-and-securing-spacedf" description="Basic configuration and recommended security settings."/>
+<NumberOfContent number={4} title="Configuration and Security" href="#configuration--security" description="Basic configuration and recommended security settings."/>
 <NumberOfContent number={5} title="Starting and Stopping SpaceDF" href="#starting-and-stopping" description="How to start, stop, and restart the services."/>
 <NumberOfContent number={6} title="Accessing SpaceDF Services" href="#accessing-spacedf-services" description="How to access the dashboard and APIs after setup."/>
 <NumberOfContent number={7} title="Updating SpaceDF" href="#updating" description="How to upgrade to a newer version safely."/>
@@ -149,131 +150,226 @@ Before starting SpaceDF, you need to set up the environment variables.
     </Tabs.Tab>
 </Tabs>
 
-<Callout type="warning">
-    Review the configuration options below and make sure all secret values are set before starting SpaceDF.
-</Callout>
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  ⚠️ **Action Required:** You must replace all sample values in the .env file before starting the app.
+</CardInfo>
 
-<Callout type="important">
-***Security notes***
-- **Do not commit** passwords, secrets, or API keys to Git
-- **Do not expose secret values** on the client side (browser)
-- If a value is marked as **“Keep this value secret”**, it must never be shared publicly
-- **Do not reuse secrets** across systems or environments
-- Use strong and unique passwords for all services
-- Use the **minimum required permissions** for all credentials
-- **Rotate keys immediately** if they are **exposed**
-- Use **HTTPS / WSS** in production environments
-</Callout>
+<CardInfo title="✅ DO:" classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  -  **Use strong passwords**: Make them long and unique for every service.
+  -  **Use HTTPS**: Always use a secure connection (https://) when your site is live.
+  -  **Keep it private**: If a value says "Secret", never share it with anyone.
+</CardInfo>
+
+<CardInfo title="❌ DO NOT:" classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  -  **Do not share your `.env` file**: Never upload this file to GitHub, GitLab, or share screenshots of it.
+  -  **Do not reuse passwords**: Don't use the same password you use for other websites.
+  -  **Do not expose secrets**: Never use these secret keys in your frontend code (browser-side).
+</CardInfo>
 
 ### Configuring Environment Variables
-This section explains how to configure the required environment variables in the `.env` file before starting SpaceDF.
+Now that you have your `.env` file, you need to configure the settings.
+
+<NumberWithMdx number={1} className="mt-6">
+  Open the file Open the `.env` file using any text editor of your choice.<br/>
+
+  Recommended Editors:
+  - **All platforms:** VS Code (Recommended for easier reading)
+  - **Windows:** Notepad
+  - **macOS:** TextEdit
+  - **Linux:** Nano or Vim
+</NumberWithMdx>
+<NumberWithMdx number={2}>
+  **Update the values** Review the sections below and update the corresponding values in your file.
+</NumberWithMdx>
+
+<CardInfo title="Tag Note:" classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  -  <Badge variant="destructive">Required</Badge> These values are mandatory. SpaceDF **will not start** without them.
+  -  <Badge>Optional</Badge> These are for advanced features. You can leave them as default or skip them for now
+  -  <Badge variant="outline">Coming Soon</Badge> Features planned for future updates. **No action required** at this time.
+</CardInfo>
+
+#### Backend Services
 
-Open the `.env` file using a text editor (for example: VS Code, Nano, or Notepad).
+This section configures the connections between SpaceDF and your infrastructure (such as your database and cache).
 
-#### Services Configuration
+These settings are the backbone of your server.
 
-These environment variables configure the backend services that power the self-hosted SpaceDF server.  
-Backend services include APIs, messaging, databases, and integrations required to run the core system.
+##### RabbitMQ Configuration
+<Badge variant="destructive">Required</Badge>
 
-##### RabbitMQ credentials
-> RabbitMQ is used by SpaceDF for **background tasks** and **internal message** processing between services.
+SpaceDF uses RabbitMQ to handle background tasks and internal messaging. <br/>
+You need to set up credentials so the system can connect to the message queue.
 
-You can **choose any username and password you want**, as long as:
-- The same values are used by **RabbitMQ** and **all SpaceDF services**
-- The credentials are defined in the environment variables below
+**Set your credentials** You can choose any username and password you want.
 
 ```bash copy
-# Replace with your own values.
-RABBITMQ_DEFAULT_USER=your_username
-RABBITMQ_DEFAULT_PASS=your_password
+RABBITMQ_DEFAULT_USER="your_secure_username"
+RABBITMQ_DEFAULT_PASS="your_secure_password"
 ```
 
-`RABBITMQ_DEFAULT_USER` - The username SpaceDF uses to connect to RabbitMQ.<br/>
-`RABBITMQ_DEFAULT_PASS` - The password for the RabbitMQ user above.
-
-<Callout type="warning">
-  Do not use simple or common passwords. This account controls access to your message queue. <br/>
-  Keep these credentials safe—you may need them to log in to RabbitMQ for troubleshooting later.
-</Callout>
+**Variable Details:**
+- `RABBITMQ_DEFAULT_USER`: The username for the connection.
+- `RABBITMQ_DEFAULT_PASS`: The password for the connection.
 
+<CardInfo title="⚠️ Important Setup Rules:" classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  -  **Consistency:** If you are running RabbitMQ via Docker or another service, these values must match the credentials defined there.
+  -  **Security:** Use a strong password. You may need these credentials later to log in to the RabbitMQ dashboard for troubleshooting
+</CardInfo>
 ---
 ##### Authentication (JWT)
-> SpaceDF uses JSON Web Tokens (JWT) to authenticate users and secure API requests.
+<Badge variant="destructive">Required</Badge>
 
-You must set a **private key** and a **public key** before starting SpaceDF.
+SpaceDF uses **JSON Web Tokens (JWT)** to secure API requests. You need to generate a specific key pair for this to work.
 
 <NumberWithMdx number={1} href="" className="mt-6">
-    **Recommended:** Generate a new key pair
+    **Generate & Copy Keys**<br/>
+    Choose your operating system below to generate and copy the keys.
+
+    <Tabs items={['macOS', 'Windows (Git Bash)', 'Linux']}>
+      <Tabs.Tab>
+        **1. Generate Keys**
+        Open Terminal and run:
+        ```bash copy
+        openssl genrsa -out private_key.pem 2048
+        openssl rsa -in private_key.pem -pubout -out public_key.pem
+        ```
+
+        **2. Copy to Clipboard**
+        Run these commands to copy the keys directly (no manual selection needed):
+        ```bash copy
+        # Copy Private Key
+        pbcopy < private_key.pem
+
+        # Copy Public Key
+        pbcopy < public_key.pem
+        ```
+      </Tabs.Tab>
+
+      <Tabs.Tab>
+        > **Note:** Please use **Git Bash** for these commands. Do not use PowerShell or CMD.
+
+        **1. Generate Keys**
+        Run this in Git Bash:
+        ```bash copy
+        openssl genrsa -out private_key.pem 2048
+        openssl rsa -in private_key.pem -pubout -out public_key.pem
+        ```
+
+        **2. Copy to Clipboard**
+        Run these commands to copy the keys to your Windows clipboard:
+        ```bash copy
+        # Copy Private Key
+        cat private_key.pem | clip
+
+        # Copy Public Key
+        cat public_key.pem | clip
+        ```
+      </Tabs.Tab>
+
+      <Tabs.Tab>
+        **1. Generate Keys**
+        Open Terminal and run:
+        ```bash copy
+        openssl genrsa -out private_key.pem 2048
+        openssl rsa -in private_key.pem -pubout -out public_key.pem
+        ```
+
+        **2. Copy Content**
+        Run these commands to view the key content, then manually select and copy it:
+        ```bash copy
+        # Show Private Key -> Copy the output
+        cat private_key.pem
+
+        # Show Public Key -> Copy the output
+        cat public_key.pem
+        ```
+      </Tabs.Tab>
+    </Tabs>
 </NumberWithMdx>
-```bash copy
-openssl genrsa -out private_key.pem 2048
-openssl rsa -in private_key.pem -pubout -out public_key.pem
-```
+
 <NumberWithMdx number={2} href="" className="mt-6">
-   Copy the key contents from your local machine<br/>
-   Choose the command based on your operating system:
-  <Tabs items={['macOS', 'Windows', 'Linux']}>
-    <Tabs.Tab>
-    ```bash copy
-    pbcopy < private_key.pem
-    pbcopy < public_key.pem
-    ```
-    </Tabs.Tab>
+    **Update `.env` file**<br/>
+    Paste the copied keys into your `.env` file.
+</NumberWithMdx>
 
-    <Tabs.Tab>
-    ```powershell copy
-    Get-Content private_key.pem | Set-Clipboard
-    Get-Content public_key.pem | Set-Clipboard
-    ```
-    </Tabs.Tab>
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  ⚠️ **Formatting Rule:** Because these keys span multiple lines, you **must** enclose the entire value in double quotes (`""`). If you omit the quotes, the server will fail to start.
+</CardInfo>
 
-    <Tabs.Tab>
-    ```bash copy
-    cat private_key.pem | xclip -selection clipboard
-    cat public_key.pem | xclip -selection clipboard
-    ```
-    </Tabs.Tab>
-  </Tabs>
-</NumberWithMdx>
-<NumberWithMdx number={3} href="" className="mt-6">
-    Paste the keys into your `.env` file:
-</NumberWithMdx>
-```bash copy
-JWT_PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----...
-JWT_PUBLIC_KEY=-----BEGIN PUBLIC KEY-----...
-```
+**Example of correct formatting:**
 
-`JWT_PRIVATE_KEY` - Signs authentication tokens (***Keep this key secret.***). <br/>
-`JWT_PUBLIC_KEY` - Verifies authentication tokens. This key can be shared with other services if needed.
-> Make sure the keys are pasted correctly and not broken across lines.
+```bash
+# ✅ CORRECT (Quotes are used)
+JWT_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA...
+... (your long key content) ...
+...O4zXk=
+-----END RSA PRIVATE KEY-----"
+
+JWT_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG...
+... (your long key content) ...
+...IDAQAB
+-----END PUBLIC KEY-----"
+```
 ---
 ##### Google OAuth
-> Google OAuth allows users to sign in to SpaceDF using their Google account.
+<Badge>Optional</Badge>
 
-To enable Google login, you need to create OAuth credentials in the ***Google Cloud Console*** and set the values below in your `.env` file.
+Enable this to allow users to sign in to SpaceDF using their Google accounts.
 
-**How to get Google OAuth credentials**
-<NumberWithMdx number={1} className="mt-3">
-    Go to the [Google Cloud Console](https://console.cloud.google.com/)
+You will need to generate credentials in the `Google Cloud Console`.
+
+**1. Get Credentials**
+
+Follow these steps to create your `Client ID` and `Secret`.
+
+<NumberWithMdx number={1} className="mt-6">
+    Go to the [Google Cloud Console](https://console.cloud.google.com/)<br/>
+    Create a new project (or select an existing one).
 </NumberWithMdx>
 <NumberWithMdx number={2}>
-    Create or select a project.
+    Configure Consent Screen<br/>
+    - Go to **APIs & Services** > **OAuth consent screen**.<br/>
+    - Select **External** and click **Create**.<br/>
+    - Fill in the required App Information (App name, User support email) and click Save.<br/>
+    *(You can skip the Scopes and Test Users sections for now)*.
 </NumberWithMdx>
 <NumberWithMdx number={3}>
-    Enable **Google Identity Services**.
-</NumberWithMdx>
-<NumberWithMdx number={4}>
-    Go to **APIs & Services → Credentials**.
-</NumberWithMdx>
-<NumberWithMdx number={5}>
-    Create an **OAuth 2.0 Client ID:**<br/>
-    Application type: **Web application**<br/>
+    Create Credentials
+    - Go to **APIs & Services** > **Credentials**.
+    - Click + **Create Credentials** and select **OAuth client ID**.
+    - **Application type:** Select **Web application**.
+    - **Name:** Enter a name (e.g., "SpaceDF Self-Hosted").
     <img src="/screenshots/google-oauth.png" className="w-full mt-2"/>
-    *If you see a warning about **OAuth consent screen** or **branding** not being configured, you must complete the **OAuth consent screen setup** first before creating the Client ID.*
 </NumberWithMdx>
-<NumberWithMdx number={6}>
-    Authorized redirect URI: (`GOOGLE_CALLBACK_URL`)<br/>
-    This is the callback URL that Google redirects to after a user successfully signs in with Google.
+<NumberWithMdx number={4}>
+    **Set Redirect URI (Important)** Scroll down to **Authorized redirect URIs** and click **Add URI**.<br/>
+    Enter the URL based on your environment:
     ```bash copy
      # Production
      https://your-domain.com/auth/google/callback
@@ -281,468 +377,672 @@ To enable Google login, you need to create OAuth credentials in the ***Google Cl
      # Development
      http://localhost:3000/auth/google/callback
     ```
+    > Note: This URL must match exactly what you put in the .env file later.
 </NumberWithMdx>
-<NumberWithMdx number={7} className="mb-3">
-   Copy the generated **Client ID** and **Client Secret** into your `.env` file.
+<NumberWithMdx number={5} className="mb-3">
+   Copy **Keys** Click **Create**. A popup will appear with your **Client ID** and **Client Secret**. Copy these values.
 </NumberWithMdx>
 
+**2. Update Environment**
+
+Open your `.env` file and paste the values you just obtained.
+
+**Connection Settings**
+
 ```bash copy
-# Replace with your own values.
-GOOGLE_CALLBACK_URL=your_google_callback_uri
-GOOGLE_CLIENT_ID=your_google_client_id #(Step 5)
-GOOGLE_CLIENT_SECRET=your_google_client_secret #(Step 5)
+# 1. The URL you configured in Step 4 above
+GOOGLE_CALLBACK_URL="http://localhost:3000/auth/google/callback"
+
+# 2. The Client ID from Step 5
+GOOGLE_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+
+# 3. The Client Secret from Step 5
+GOOGLE_CLIENT_SECRET="your-client-secret"
 ```
-`GOOGLE_CALLBACK_URL` - The URL Google redirects users back to after successful login.<br/>
-`GOOGLE_CLIENT_ID` - Identifies your application to Google.<br/>
-`GOOGLE_CLIENT_SECRET` - A private key used by SpaceDF to securely communicate with Google (***Keep this value secret.***)
 
-<Callout type="info">
-Use HTTPS for the callback URL in production.
-</Callout>
+**Variable Details**<br/>
+- `GOOGLE_CALLBACK_URL` - Where Google sends the user after login. **Must match** the URI in Google Cloud Console exactly.<br/>
+- `GOOGLE_CLIENT_ID` - The public identifier for your app.<br/>
+- `GOOGLE_CLIENT_SECRET` - The secret key to authenticate your app. **Keep this private**.
 ---
-##### Apple OAuth (Coming Soon)
+##### Apple OAuth
+<Badge variant="outline">Coming Soon</Badge>
 
-Apple sign-in support is planned but not yet supported in SpaceDF.
+Support for "Sign in with Apple" is currently in development. It is **not enabled in this version** of SpaceDF.
 
-<Callout type="warning">
-  Do not configure these values yet.
-  Apple OAuth is **not supported** in the current release.
-</Callout>
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  ℹ️ **No Action Required:** You can safely skip this section. Please leave these values blank or commented out in your `.env` file.
+</CardInfo>
 
 ```bash copy
-# Apple OAuth (reserved for future use)
-APPLE_CLIENT_ID=your_apple_client_id
-APPLE_CLIENT_SECRET=your_apple_client_secrect
-APPLE_CLIENT_KEY=your_apple_client_key
-APPLE_CERTIFICATE_KEY=your_apple_certificate_key
+# Apple OAuth (Reserved for future updates)
+# Leave these lines commented out for now:
+# APPLE_CLIENT_ID=
+# APPLE_CLIENT_SECRET=
+# APPLE_CLIENT_KEY=
+# APPLE_CERTIFICATE_KEY=
 ```
 ---
 ##### Auth Service
-> The Auth Service is responsible for user authentication, authorization, and tenant management in SpaceDF.
+<Badge variant="destructive">Required</Badge>
 
-**`AUTH_POSTGRES_PASSWORD`**
+The Auth Service manages user logins and security. You need to configure its database connection and domain settings.
 
-The password used by the Auth Service to connect to its *PostgreSQL database*. (*Use a strong and unique password.*)
+**1. Security Credentials**
 
-```bash copy
-AUTH_POSTGRES_PASSWORD=your_auth_postgres_password
-```
+Set up the password for the database and the encryption key for sessions.
 
-**`AUTH_SECRET_KEY`**
+<NumberWithMdx number={1} className="mt-6">
+    **Generate a Secret Key**: Run this command in your terminal to get a secure random string:
 
-A secret key used to sign and validate authentication-related data. (*Keep this value private.*)
+    ```bash copy
+    openssl rand -hex 32
+    ```
+</NumberWithMdx>
 
-Generate secure random values for secret keys:
-```bash copy
-openssl rand -hex 32
-```
+<NumberWithMdx number={2}>
+    **Update `.env`**: Copy the generated string and your database password into the file:
+    
+    ```bash copy
+    # 1. Database Password (Make sure it is strong)
+    AUTH_POSTGRES_PASSWORD=your_secure_db_password
 
-Paste the generated Secret Key into your `.env` file:
-```bash copy
-AUTH_SECRET_KEY=your_auth_secret_key
-```
+    # 2. Secret Key (Paste the output from Step 1)
+    AUTH_SECRET_KEY=paste_generated_key_here
+    ```
+</NumberWithMdx>
 
-**`DEFAULT_TENANT_HOST`**
+**2. Tenant Configuration**
 
-The default domain or host assigned to the initial tenant. This is usually your main application domain.
+This defines the main domain where your application runs.
+
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  ⚠️ **Format Note:** Do not include `http://` or `https://`. Only enter the domain name
+</CardInfo>
 
 <Tabs items={['Development', 'Production']}>
     <Tabs.Tab>
+    For Localhost: Use this if you are running SpaceDF on your own computer.
     ```bash copy
     DEFAULT_TENANT_HOST=localhost
     ```
     </Tabs.Tab>
 
     <Tabs.Tab>
+    For Live Server:
+    Use your actual domain name (e.g., `app.spacedf.com` or `spacedf.com`).
     ```bash copy
-    DEFAULT_TENANT_HOST=your_api_domain
+    DEFAULT_TENANT_HOST=your-domain.com
     ```
     </Tabs.Tab>
 </Tabs>
-
 ---
 ##### S3 Service
-> The Amazon S3 service is used by SpaceDF to store files such as uploads, assets, and generated data.
+<Badge variant="destructive">Required</Badge>
 
-<Callout type="info">
-    SpaceDF supports **Amazon S3 only** for file storage in this setup.
-</Callout>
+SpaceDF uses Amazon S3 to store uploaded files, assets, and generated data. 
 
-SpaceDF connects to Amazon S3 using **IAM credentials** that you provide in the `.env` file. All file operations (upload, read, delete) are handled internally by SpaceDF services.<br/>
-End users do **not** need AWS accounts or credentials.
+You need to provide **IAM Credentials** so SpaceDF can access your storage securely.
 
-If you do not already have an AWS account, create one at, [see more](https://repost.aws/knowledge-center/create-and-activate-aws-account): <br/>
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  ℹ️ **Note:** Currently, SpaceDF supports **Amazon S3 only**.<br/>
+  Other providers (like Google Cloud Storage or MinIO) are not yet supported.
+</CardInfo>
+
+If you do not already have an AWS account, create one at: <br/>
 https://signin.aws.amazon.com/signup?request_type=register
 
-After creating your account, sign in to the AWS Management Console to continue with the steps below. 
+**1. Create an S3 Bucket**
 
-**Create an S3 bucket**
+This is the "container" where your files will be stored.
 
 <NumberWithMdx number={1} className="mt-6">
-    Open the [Amazon S3 Console](https://console.aws.amazon.com/s3/)
+    Log in to your AWS account and navigate to the [Amazon S3 Console](https://console.aws.amazon.com/s3/)
 </NumberWithMdx>
 <NumberWithMdx number={2}>
-    Create a new bucket
+    Create a new bucket<br/>
+    Click the orange `Create bucket` button. Configure the following:
+    - **Bucket name:** Enter a globally unique name (e.g., `spacedf-storage-yourname`).
+    - **AWS Region:** Choose a region close to your users (e.g., `Sydney (ap-southeast-2)`)
+    - **Block Public Access:** Keep "Block all public access" **checked** (Enabled) for security. SpaceDF handles access control internally.
+    <img src="/screenshots/bucket-guide.png" className="w-full mt-2"/>
 </NumberWithMdx>
 <NumberWithMdx number={3}>
-    Choose:<br/>
-        A unique bucket name -> will be used for `AWS_STORAGE_BUCKET_NAME`<br/>
-        An AWS region close to your server → will be used for `AWS_REGION`
-    <img src="/screenshots/bucket-guide.png" className="w-full mt-2"/>
+    Finish<br/>
+        Scroll to the bottom and click `Create bucket`. Note down your **Bucket Name** and **Region Code**.
 </NumberWithMdx>
 
-Save the bucket name and region for later use.
+Refer: [Official AWS Guide on Creating Buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html)
+
+**2. Create IAM Credentials**
 
-Read more: [AWS documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/GetStartedWithS3.html#creating-bucket)
+Now you need to create a "Service User" that has permission to read/write to that bucket.
 
 **Create IAM credentials**
 <NumberWithMdx number={1} className="mt-6">
-    Open the [AWS IAM Console](https://console.aws.amazon.com/iam/)
+    Open the [AWS IAM Console](https://console.aws.amazon.com/iam/) and click **Users** in the left sidebar.
 </NumberWithMdx>
 <NumberWithMdx number={2}>
-    Create a new **IAM user**
+    **Add User**<br/>
+    Click **Create user**. 
+    * **User name:** Enter a name like `spacedf-s3-user`. 
+    * Click **Next**.
 </NumberWithMdx>
 <NumberWithMdx number={3}>
-    Grant the user access to the S3 bucket<br/>
-    *Recommended:* grant only required S3 permissions (read/write)
+    **Set Permissions**
+    - Select **Attach policies directly**.
+    - In the search bar, type `AmazonS3FullAccess`.
+    - Check the box next to `AmazonS3FullAccess`
+    - Click **Next**, then click **Create user**
+    > Note: For advanced security, you can create a custom policy restricted to a single bucket later
 </NumberWithMdx>
 <NumberWithMdx number={4}>
-    Create an **Access Key** for the user<br/>
-    Access Key ID, Secret Access Key
+    **Generate Keys**
+    - Click on the user name you just created.
+    - Go to the **Security credentials** tab
+    - Scroll down to **Access keys** and click **Create access key**.
+    - Select **Application running outside AWS**
+    - Click **Next** -> Click **Create access key**.
     <img src="/screenshots/iam-credentials.png" className="w-full mt-2"/>
 </NumberWithMdx>
 
-Read more: [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  ⚠️ **Important:** This is the **only time** you can view the **Secret access key**. Copy it immediately or download the `.csv` file
+</CardInfo>
+
+Refer: [Managing Access Keys in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
 
-<Callout type="info">
-Use IAM policies with **minimum required permissions**.
-</Callout>
+**3. Update Environment**
+
+Open your `.env` file and fill in the values from the previous steps.
 
-**Set values in `.env`**
 ```bash copy
-# Replace with your own values.
-AWS_ACCESS_KEY_ID=your_access_key_id #IAM credentials (Step 4)
-AWS_SECRET_ACCESS_KEY=your_secret_access_key #IAM credentials (Step 4)
-    
-AWS_STORAGE_BUCKET_NAME=your_aws_storage_bucket_name #S3 bucket (Step 3)
-AWS_REGION=your_aws_region #S3 bucket (Step 3)
+# AWS S3 Configuration
+AWS_ACCESS_KEY_ID="your_access_key_id_from_phase_2"
+AWS_SECRET_ACCESS_KEY="your_secret_key_from_phase_2"
+
+AWS_STORAGE_BUCKET_NAME="your_bucket_name_from_phase_1"
+AWS_REGION="your_region_code"
 ```
 
-- `AWS_ACCESS_KEY_ID` - The access key used by SpaceDF to authenticate with S3.
-- `AWS_SECRET_ACCESS_KEY` - The secret key paired with the access key above. (*Keep this value private*)
-- `AWS_STORAGE_BUCKET_NAME` - The name of the S3 bucket where SpaceDF stores files.
-- `AWS_REGION` - The AWS region where the S3 bucket is located. (e.g., `us-east-1`, `ap-southeast-1`).
+**Variable Details:**
+- `AWS_ACCESS_KEY_ID`: The ID connecting to your IAM user.
+- `AWS_SECRET_ACCESS_KEY`: The password for the IAM user.
+- `AWS_STORAGE_BUCKET_NAME`: The name of your bucket (e.g., `my-app-storage`).
+- `AWS_REGION`: The code for your region.
 ---
 ##### Redis
-> Redis is used by SpaceDF for caching and fast data access.
+<Badge variant="destructive">Required</Badge>
 
-Set the Redis connection URL in the `.env` file.
+SpaceDF uses Redis for caching data and handling background tasks (like sending emails).
+
+**1. Default Configuration (Docker)**
+
+If you are installing SpaceDF using the standard Docker setup, you **do not need to change this**.
 
 ```bash copy
-# Replace with your own values.
 REDIS_HOST="redis://redis:6379/1"
 ```
-- `redis://` — Connection protocol
-- `redis` — Redis service name (default in Docker)
-- `6379` — Default Redis port
-- `/1` — Redis database number
-
-<CardInfo title="When you do NOT need to change this:" classNames={{
+<CardInfo classNames={{
   container: "!mt-6 !p-3 shadow-none",
-  title: "!text-lg",
+  title: "!text-base",
   description: "!text-sm"
 }}>
-  -   You are using the provided Docker setup
-  -   Redis is running as part of the included Docker Compose file
+  ❓ **Why** In our Docker setup, the service is named `redis`. SpaceDF automatically finds it at this address.
 </CardInfo>
 
-<CardInfo title="When you SHOULD change this:" classNames={{
+**2. External Configuration (Advanced)**
+
+Only change the value if your Redis runs on a different server (e.g., AWS ElastiCache, DigitalOcean Managed Redis).
+
+<CardInfo classNames={{
   container: "!mt-6 !p-3 shadow-none",
-  title: "!text-lg",
+  title: "!text-base",
   description: "!text-sm"
 }}>
-  -   Redis runs on a different server or host
-  -   Redis uses a non-default port
-  -   You want to use a different Redis database
+  ℹ️ **Syntax with Password:** If your Redis requires a password, follow this format: <br/>
+  `redis://:PASSWORD@HOST:PORT/DB_INDEX`
 </CardInfo>
 
----
-##### Dashboard Service
-> The Dashboard Service provides the web interface for managing SpaceDF, including administration and monitoring features.
-
-**`DASHBOARD_POSTGRES_PASSWORD`**
-
-The password used by the Dashboard Service to connect to its PostgreSQL database. (*Use a strong and unique password*.)
-
+Example:
 ```bash copy
-DASHBOARD_POSTGRES_PASSWORD=your_postgres_password
+# Example for external Redis with password
+REDIS_HOST="redis://:mypassword123@192.168.1.50:6379/0"
 ```
 
-**`DASHBOARD_SECRET_KEY`**
+**3. Connection Details**
 
-A secret key used to sign and validate authentication-related data. (*Keep this value private.*)
-
-Generate secure random values for secret keys:
-```bash
-openssl rand -hex 32
-```
-
-Paste the generated Secret Key into your `.env` file:
-```bash copy
-DASHBOARD_SECRET_KEY=your_secret_key
-```
+Breakdown of the connection string components:
 
+<div className="overflow-x-auto mt-4">
+  <table className="w-full border-collapse text-left text-sm">
+    <thead>
+      <tr className="border-b border-gray-300 dark:border-gray-700">
+        <th className="py-3 font-semibold text-gray-900 dark:text-gray-100">
+          Component
+        </th>
+        <th className="py-3 font-semibold text-gray-900 dark:text-gray-100">
+          Description
+        </th>
+        <th className="py-3 font-semibold text-gray-900 dark:text-gray-100">
+          Example
+        </th>
+      </tr>
+    </thead>
+    <tbody>
+        <tr className="border-b border-gray-100 dark:border-gray-800">
+            <td className="py-3 text-gray-700 dark:text-gray-300">`redis://`</td>
+            <td className="py-3 text-gray-700 dark:text-gray-300">Protocol</td>
+            <td className="py-3 text-gray-700 dark:text-gray-300">Always `redis://`</td>
+        </tr>
+        <tr className="border-b border-gray-100 dark:border-gray-800">
+            <td className="py-3 text-gray-700 dark:text-gray-300">`:password@`</td>
+            <td className="py-3 text-gray-700 dark:text-gray-300">(Optional) Password prefix</td>
+            <td className="py-3 text-gray-700 dark:text-gray-300">`:secret123@`</td>
+        </tr>
+        <tr className="border-b border-gray-100 dark:border-gray-800">
+            <td className="py-3 text-gray-700 dark:text-gray-300">`host`</td>
+            <td className="py-3 text-gray-700 dark:text-gray-300">Server IP or Domain</td>
+            <td className="py-3 text-gray-700 dark:text-gray-300">`localhost` or `192.168.x.x`</td>
+        </tr>
+        <tr className="border-b border-gray-100 dark:border-gray-800">
+            <td className="py-3 text-gray-700 dark:text-gray-300">`:6379`</td>
+            <td className="py-3 text-gray-700 dark:text-gray-300">Port number</td>
+            <td className="py-3 text-gray-700 dark:text-gray-300">Default is `6379`</td>
+        </tr>
+        <tr className="border-b border-gray-100 dark:border-gray-800">
+            <td className="py-3 text-gray-700 dark:text-gray-300">`/1`</td>
+            <td className="py-3 text-gray-700 dark:text-gray-300">Database Index (0-15)</td>
+            <td className="py-3 text-gray-700 dark:text-gray-300">`/1`</td>
+        </tr>
+    </tbody>
+  </table>
+</div>
 ---
-##### Device Service
-> The Device Service manages devices, device data, and communication with telemetry-related services in SpaceDF.
+#### Service Credentials
+<Badge variant="destructive">Required</Badge>
 
-**`DEVICE_POSTGRES_PASSWORD`**
+The following services (Dashboard & Device) operate independently. Each requires its own Database Password and unique Secret Key to function securely.
 
-The password used by the Device Service to connect to its PostgreSQL database. (*Use a strong and unique password*.)
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  🔐 **Security Rule** Do **not reuse** the same password or secret key across different services.<br/>
+  Generate a unique value for each variable below.
+</CardInfo>
 
+**1. Generate Secret Keys** Run this command twice to generate two different keys:
 ```bash copy
-DEVICE_POSTGRES_PASSWORD=your_postgres_password
-```
-
-**`DEVICE_SECRET_KEY`**
-
-A secret key used to sign and validate authentication-related data. (*Keep this value private.*)
-
-Generate secure random values for secret keys:
-```bash
 openssl rand -hex 32
 ```
 
-Paste the generated Secret Key into your `.env` file:
+**2. Update `.env`** Update the values for both the Dashboard and Device services.
 ```bash copy
-DEVICE_SECRET_KEY=your_secret_key
+# --- Dashboard Service ---
+# Password for Dashboard Database
+DASHBOARD_POSTGRES_PASSWORD=your_dashboard_db_password
+# Secret Key for Dashboard (Paste generated key 1)
+DASHBOARD_SECRET_KEY=your_dashboard_secret_key
+
+# --- Device Service ---
+# Password for Device Database
+DEVICE_POSTGRES_PASSWORD=your_device_db_password
+# Secret Key for Device (Paste generated key 2)
+DEVICE_SECRET_KEY=your_device_secret_key
 ```
 ---
 
 ##### Telemetry service
+<Badge variant="destructive">Required</Badge>
 
-Defines the internal Docker service address that SpaceDF uses to communicate with the Telemetry Service.
+This variable points to the internal Docker container that handles device data.
 
-When using the **default Docker setup**, the Telemetry Service runs as a Docker container and is accessible via its **service name**.
+**Configuration** In 99% of cases (Local & Production), you **should keep the default value**.
 
 ```bash copy
 # Default (recommended)
 TELEMETRY_SERVICE_URL=http://telemetry:8080
 ```
+
 <CardInfo classNames={{
   container: "!mt-6 !p-3 shadow-none",
-  description: "!text-base"
-}}>
-  - This value is the same for both **local and production** deployments when using Docker Compose.
-  - The Telemetry Service runs from a **Docker image** and is exposed internally.
-  - You **do not need to change this value** in most cases.
+  title: "!text-base",
+  description: "!text-sm"
+}}
+  title="❓ Why"
+>
+  - **No Action Needed:** This service runs automatically inside Docker.
+  - **Internal Access:** SpaceDF uses this URL to talk to the service internally. It does not need a public domain or HTTPS.
 </CardInfo>
 
-Only change this value if you modify the Telemetry Service name or port in `docker-compose.yml`.
+**When to change this?**
+
+Only modify this value if you have manually customized the `docker-compose.yml` file to run the Telemetry service on a different port or server.
 
 ---
 ##### EMQX Service
-> EMQX is the MQTT broker used by SpaceDF to handle device messaging and real-time communication.
+<Badge variant="destructive">Required</Badge>
 
-Choose a username and a strong password:
+EMQX is the core engine that handles real-time messages from your devices. SpaceDF needs to connect to the EMQX Management API to control it.
 
+**1. API Connection (Internal)** Use the default value if you are running SpaceDF via Docker.
 ```bash copy
-# Replace with your own values.
 EMQX_HOST=http://emqx:18083/api/v5
-EMQX_USERNAME=your_emqx_username
-EMQX_PASSWORD=your_emqx_password
 ```
-`EMQX_HOST` - The base URL of the EMQX Management API used by SpaceDF. This is typically the EMQX service running inside Docker.<br/>
-`EMQX_USERNAME` - The username SpaceDF uses to authenticate with the EMQX broker.<br/>
-`EMQX_PASSWORD` - The password for the EMQX user above. (*Use a strong and unique password*.)
+
+**2. Admin Credentials** Define the username and password SpaceDF will use to log in to EMQX.
+```bash copy
+EMQX_USERNAME=your_secure_username
+EMQX_PASSWORD=your_secure_password
+```
+
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  ⚠️ **Consistency:** These credentials must match the admin user defined in your EMQX configuration (or Dashboard).
+</CardInfo>
 
 ---
 ##### Broker Bridge Service
-> The Broker Bridge Service connects SpaceDF to an external MQTT broker or bridges messages between brokers.
+<Badge variant="destructive">Required</Badge>
+
+The Bridge Service acts as a listener. It connects to the MQTT Broker to receive device data and forward it to SpaceDF.
+
+**1. Broker Authentication**
 
-**Broker credentials**
+Enter the credentials required to connect to the MQTT Broker (usually the same credentials used for EMQX clients).
 ```bash copy
-# Replace with your own values.
-MQTT_BROKER_BRIDGE_USERNAME=your_username
-MQTT_BROKER_BRIDGE_PASSWORD=your_password
+MQTT_BROKER_BRIDGE_USERNAME=your_bridge_username
+MQTT_BROKER_BRIDGE_PASSWORD=your_bridge_password
 ```
 
-`MQTT_BROKER_BRIDGE_USERNAME` - The username used to authenticate with the external MQTT broker. <br/>
-`MQTT_BROKER_BRIDGE_PASSWORD` - The password for the broker bridge user. (*Keep this value private*.)
+**2. Topic Subscription**
 
-**MQTT topics**
+Define which MQTT topics SpaceDF should listen to.
 
-Specify one or more topics, separated by commas.
 ```bash copy
 MQTT_TOPICS=device/+/telemetry,device/+/status
 ```
-`MQTT_TOPICS` - A list of MQTT topics that SpaceDF subscribes to or bridges.
+
+**Syntax Guide:**
+- Comma (`,`): Use to separate multiple topics.
+- Plus (`+`): Wildcard for a single level (e.g., matching any device ID).
+- Hash (`#`): Wildcard for all remaining levels.
+
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  📝 **Example:** `device/+/telemetry` will match `device/sensor-01/telemetry` and `device/sensor-02/telemetry`.
+</CardInfo>
 
 ---
-##### AWS to access to SES service
-> SpaceDF uses email services to send system emails such as account verification, password resets, and notifications.
+##### Email Service (AWS SES)
+<Badge variant="destructive">Required</Badge>
 
-This setup commonly uses **AWS Simple Email Service (SES)**, but can be adapted to other SMTP-compatible providers.
+SpaceDF uses AWS SES (Simple Email Service) to send account verification emails, password resets, and notifications.
 
-**How to get AWS SES credentials**
-<NumberWithMdx number={1} className="mt-3">
-    Sign in to the [AWS Console](https://aws.amazon.com/console/)
-</NumberWithMdx>
-<NumberWithMdx number={2}>
-  Open **Simple Email Service (SES)**.
+**1. Setup & Verify**
+
+Before sending emails, you must tell AWS which email address or domain you own.
+
+<NumberWithMdx number={1} className="mt-6"> 
+  **Go to SES Console** <br/>
+  Log in to AWS and open the [Amazon SES Console](https://console.aws.amazon.com/ses/). 
 </NumberWithMdx>
-<NumberWithMdx number={3}>
-   Verify your domain or sender email address.
+
+<NumberWithMdx number={2}> 
+**Verify Identity**
+* Go to **Configuration** -> **Verified identities**. 
+* Click **Create identity**. 
+* Choose **Email address** (easiest) or **Domain**. 
+* Check your inbox and click the verification link sent by AWS. 
 </NumberWithMdx>
-<NumberWithMdx number={4}>
-    Create **SMTP credentials** in SES:
-    <ul>
-        <li>
-           These are different from your AWS access keys.
-        </li>
-    </ul>
+
+Refer: [AWS Guide on Verifying Identities](https://docs.aws.amazon.com/ses/latest/dg/creating-identities.html)
+
+**2. Get SMTP Credentials**
+
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}>
+  ⚠️ **Crucial Distinction:** Do **not** use your standard AWS Access Keys.<br/>
+  You must generate specific **SMTP Credentials**.
+</CardInfo>
+
+<NumberWithMdx number={1} className="mt-6"> 
+**Create Credentials**
+* Go to **SMTP Settings** in the left sidebar. 
+* Click the button **Create SMTP credentials**. 
 </NumberWithMdx>
-<NumberWithMdx number={5}>
-    Copy the SMTP username and password into:
-     <ul>
-        <li>
-           `EMAIL_HOST_USER`
-        </li>
-        <li>
-           `EMAIL_HOST_PASSWORD`
-        </li>
-    </ul>
+
+<NumberWithMdx number={2}> 
+**Copy Keys**
+* Click **Create**. 
+* Download the credentials or copy the **SMTP Username** and **SMTP Password** immediately. 
 </NumberWithMdx>
 
-Set the following values in your `.env` file.
+Refer: [AWS Guide on Obtaining SMTP Credentials](https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html)
+
+**3. Update Environment**
+
+Update the `.env` file with the SMTP credentials you just created.
 ```bash copy
-# Replace with your own values.
-EMAIL_HOST_USER=AKIAXXXXXXXX
-EMAIL_HOST_PASSWORD=XXXXXXXXXXXXXXXX
-DEFAULT_FROM_EMAIL=no-reply@spacedf.example
+# Acount AWS to access to SES service
+EMAIL_HOST_USER=AKIA... #(Your SMTP Username)
+EMAIL_HOST_PASSWORD=BAj... #(Your SMTP Password)
+DEFAULT_FROM_EMAIL="no-reply@yourdomain.com"
 ```
-- `EMAIL_HOST_USER` - The SMTP username generated by AWS SES.
-- `EMAIL_HOST_PASSWORD` - The SMTP password generated by AWS SES (***Keep this value secret***)
-- `DEFAULT_FROM_EMAIL` - The sender email address shown to users.
+
+**Variable Details:**
+- `EMAIL_HOST_USER`: The username specifically generated for SMTP (starts with `AKIA...` usually).
+- `EMAIL_HOST_PASSWORD`: The long secret string for SMTP authentication.
+- `DEFAULT_FROM_EMAIL`: The email address that will appear as the sender (Must be verified in Phase 1).
+
 ---
 ##### MPA Service
-> The MPA Service connects SpaceDF to an MQTT broker to receive and publish messages for application-level processing.
+<Badge variant="destructive">Required</Badge>
+
+The MPA Service connects to the MQTT Broker to process application events. It acts as a client that listens for device messages.
+
+**Configuration**
+
+Update the `.env` file with the connection details below.
 
-Example: MQTT broker running in Docker
 ```bash copy
-# Replace with your own values.
-MQTT_BROKER=emqxl
+# --- Connection Settings ---
+# Hostname (Use 'emqx' if running inside Docker)
+MQTT_BROKER=emqx
+# Port (1883 for TCP, 8883 for SSL/TLS)
 MQTT_PORT=1883
-MQTT_USERNAME=mpa
-MQTT_PASSWORD=change_this_to_a_secure_password
-MQTT_CLIENT_ID=spacedf-mpa
+# Unique name for this client
+MQTT_CLIENT_ID=spacedf-mpa-client
+# Topics to subscribe to (use '+' for wildcards)
 MQTT_TOPIC=devices/+/events
-```
-- `MQTT_BROKER` - The hostname or IP address of the MQTT broker.
-- `MQTT_USERNAME` - The username used to authenticate with the MQTT broker.
-- `MQTT_PASSWORD` - The password for the MQTT user. (***Keep this value private***.)
-- `MQTT_PORT` - The port used to connect to the MQTT broker (e.g., `1883` for plain TCP, `8883` for TLS).
-- `MQTT_CLIENT_ID` - A unique client identifier for the MPA Service when connecting to MQTT.
-- `MQTT_TOPIC` - The MQTT topic the MPA Service subscribes to.
-
-<Callout type="info">
-  Use TLS (`8883`) in production if available<br/>
-  Restrict broker permissions to required topics only
-</Callout>
----
-##### Bootstrap Service
-> The Bootstrap Service is the **backend service** responsible for initial system setup and cross-service coordination when SpaceDF starts.
-
-This service runs inside Docker as the SpaceDF backend.
 
-**Service host**
-
-This value defines the **base URL** where the Bootstrap (Backend) service is accessible.
-```bash copy 
-# Local development (default)
-HOST=http://localhost:8000
-```
-For production deployments, set this to your **public API domain**:
-```bash copy 
-# Replace with your public API domain.
-HOST=https://api.spacedf.example
+# --- Authentication ---
+MQTT_USERNAME=mpa_user
+MQTT_PASSWORD=change_this_to_secure_password
 ```
 
-`HOST` - The public base URL where the Bootstrap Service is accessible. This is used by other services to communicate with it.
+**Variable Details**
+- `MQTT_BROKER`: The IP or Hostname of the broker.
+- `MQTT_PORT`: `1883` (Plain) or `8883` (Secure).
+- `MQTT_TOPIC`: The data channel to listen to.
+- `MQTT_USERNAME`: Must match a user created in EMQX.
+- `MQTT_PASSWORD`: The password for the user above.
 
-<CardInfo title="If you change the backend port, make sure to update:" classNames={{
+<CardInfo classNames={{
   container: "!mt-6 !p-3 shadow-none",
   title: "!text-base",
   description: "!text-sm"
-}}>
-  - HOST in your `.env` file
-  - The backend port in `docker-compose.yml`
+}}
+  title="⚠️ Production Tips:"
+>
+  - **Use TLS:** In a live environment, change the port to 8883 for encrypted connections.
+  - **Client ID:** Ensure `MQTT_CLIENT_ID` is unique. If you run multiple instances of SpaceDF, they cannot share the same ID
 </CardInfo>
+---
+##### Bootstrap Service
+<Badge variant="destructive">Required</Badge>
+
+The Bootstrap Service is the **main backend API of SpaceDF**. It orchestrates the system setup and handles requests from your frontend applications.
+
+**1. API URL (`HOST`)**
+
+This variable defines the public address where your Backend API is accessible.
+
+<Tabs items={['Development (Local)', 'Production (Live)']}> 
+  <Tabs.Tab> 
+  For Localhost: Use this default value if you are running SpaceDF on your computer.
+  ```bash copy
+  HOST=http://localhost:8000 
+  ```
+  </Tabs.Tab>
+
+  <Tabs.Tab> 
+  For Public Domain: Set this to your actual API domain.
+  ```bash copy
+  HOST=https://api.yourdomain.com
+  ```
+
+  <CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    ⚠️ **Requirement:** In production, you should use HTTPS for security. .
+  </CardInfo>
+  </Tabs.Tab> 
+</Tabs>
 
-**CORS origins**
+**2. Access Control (`CORS`)**
 
-List all frontend origins that should be allowed to access the service.
-Separate multiple values with commas.
+This setting controls which websites (frontends) are allowed to talk to your backend. 
 
-Development (local)
-```bash copy 
-# Local development (default)
-CORS_ALLOWED_ORIGINS=http://localhost,http://localhost:3000,http://localhost:3001
-```
+This prevents unauthorized websites from using your API.
 
-Production
-```bash copy 
-# Replace with your own values.
-CORS_ALLOWED_ORIGINS=https://app.spacedf.example,https://admin.spacedf.example
-```
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}
+  title="⚠️ Syntax Rule:"
+>
+  - List all frontend URLs exactly (including `http/https` and port).
+  - Separate multiple URLs with a comma (`,`) and `no spaces`.
+</CardInfo>
 
-`CORS_ALLOWED_ORIGINS` - A comma-separated list of allowed origins for cross-origin requests. This controls which frontend domains can access the Bootstrap Service.
+<Tabs items={['Development (Local)', 'Production (Live)']}> 
+  <Tabs.Tab> 
+    **Allow Local Ports:** List all the local ports your frontend apps use (e.g., Dashboard on `3000`, Admin portal on `3001`). 
+    ```bash copy 
+    CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3001 
+    ```
+  </Tabs.Tab>
 
-<Callout type="info">
-  **Important notes**
-  - Controls **which frontend domains can access** the Bootstrap service
-  - Each frontend **must be listed explicitly**, including protocol and port
-  - If you change frontend ports in `docker-compose.yml`, update both the Docker ports and `CORS_ALLOWED_ORIGINS`
-</Callout>
+  <Tabs.Tab> 
+    **Allow Public Domains:** List your actual frontend domains (App and Admin). 
+    ```bash copy 
+    CORS_ALLOWED_ORIGINS=https://app.yourdomain.com,https://admin.yourdomain.com 
+    ```
+  </Tabs.Tab> 
+</Tabs>
 
-Example:
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}
+  title="⚠️ Common Mistake:"
+>
+  - If you change a frontend port (e.g., from `3000` to `4000`) in `docker-compose.yml`, you must update this list to include `http://localhost:4000`
+  - If you forget, the app will show a `Network Error` or `CORS-ERROR`.
+</CardInfo>
 
-If the Dashboard is moved from port `3000` to `4000`, you must add:
+**3. Security Key**
 
-```text copy
-http://localhost:4000
-```
-to `CORS_ALLOWED_ORIGINS`.
+This key secures the internal operations of the backend.
 
-**Secret key**: Generate a secure random value:
-```bash
+<NumberWithMdx number={1} className="mt-6"> 
+  **Generate Key**
+ ```bash copy
 openssl rand -hex 32
-```
-
-Set it in your `.env` file:
+ ```
+</NumberWithMdx>
 
-```bash copy
-# Replace with your own values.
-BOOTSTRAP_SECRET_KEY=generated_secret_value
-```
-`BOOTSTRAP_SECRET_KEY` - A secret key used to secure internal Bootstrap operations. (***Keep this value private.***)
+<NumberWithMdx number={1} className="mt-6"> 
+  **Update `.env`**
+ ```bash copy
+BOOTSTRAP_SECRET_KEY=paste_your_generated_key_here
+ ```
+</NumberWithMdx>
 
 ---
 ##### Organization Initialization
-> These settings are used to create the **initial organization and owner account** when SpaceDF starts for the first time. This step runs only during the first startup.
+<Badge variant="destructive">Required</Badge>
+
+These settings are used to generate the **Super Admin account** and the **Default Organization** when SpaceDF runs for the **very first time**.
+
+**1. Setup Credentials**
+
+Define your organization name and the login credentials for the owner.
 
 ```bash copy
 # Replace with your own values.
-ORG_NAME=SpaceDF
-ORG_SLUG=spacedf
-OWNER_EMAIL=admin@spacedf.example
-OWNER_PASSWORD=change_this_to_a_secure_password
+ORG_NAME="My IoT Company"
+OWNER_EMAIL="admin@your-domain.com"
+OWNER_PASSWORD="change_this_to_a_secure_password"
 ```
 
-- `ORG_NAME` - The display name of your organization.
-- `ORG_SLUG` - A short, URL-friendly identifier for the organization (lowercase, no spaces).
-- `OWNER_EMAIL` - The email address of the initial organization owner.
-- `OWNER_PASSWORD` - The password for the owner account. (***Use a strong and secure password***.)
+**2. Variable Details**
+- `ORG_NAME` - The display name of your organization (e.g., "SmartHome Solutions")
+- `OWNER_EMAIL` - The email address used to log in as the System Administrator.
+- `OWNER_PASSWORD` - The master password for the admin account. **Must be strong**.
+
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}
+  title="ℹ️ How to change these later?"
+>
+  These `.env` values are only read during the initial installation.
+  * **To change Password/Email:** Log in to the Dashboard and go to Profile Settings. 
+  * **To change Organization Name:** Log in to the Dashboard and go to **Organization Settings**.<br/>
+  (Modifying the `.env` file after installation will have no effect).
+</CardInfo>
+
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    ⭐ **Branding:** The `ORG_NAME` helps brand your system immediately. In production, you can point your **custom domain** (e.g., `iot.your-brand.com`) to the server to fully white-label the platform.
+</CardInfo>
 
 ---
 🎉 You have now finished configuring the backend services. <br/>
@@ -750,220 +1050,476 @@ Next, continue with the frontend (web app) configuration.
 
 ---
 ### Admin Portal Configuration
+
+The Admin Portal is your central command center. It allows **Platform Administrators** to manage organizations, users, and system-wide settings. 
+
+*(Note: This interface is for you and your staff, not for your end-users)*.
+
 <CardInfo classNames={{
-  container: "!mt-6 !p-3 shadow-none",
-  description: "!text-base"
-}}>
-  The Admin Portal is used for **system-level** and **organization-level** administration.<br/>
-  This application is typically accessed by **platform administrators**, not end users.
+      container: "!mt-6 !p-3 shadow-none",
+      title: "!text-base",
+      description: "!text-sm"
+    }}
+  >
+    SpaceDF uses `NextAuth.js` for its authentication layer. If you need to customize behavior or debug specific issues, please refer to the official documentation:
+     - [NextAuth.js Documentation](https://next-auth.js.org/) - General guide and concepts.
+     - [Environment Variables](https://next-auth.js.org/configuration/options) - Detailed list of all available options.
+     - [Security Guide](https://next-auth.js.org/security) - Best practices for securing your authentication.
 </CardInfo>
 
-Configure these environment variables to connect the Admin Portal to backend services and authentication providers.
-
-<Callout type="warning">
-  **Before continuing** <br/>
-    Make sure you have completed the **Backend Services Configuration** above.<br/>
-    The Admin Portal depends on backend authentication and API services.
-</Callout>
-##### Authentication
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    ⚠️ **Prerequisite Check:** Please ensure you have fully configured the **Backend Services** section above.<br/>
+    The Admin Portal cannot function without a running backend.
+</CardInfo>
 
-**Generate NextAuth secret**
+##### Authentication & URLs
+<Badge variant="destructive">Required</Badge>
 
-Open the [following link](https://generate-secret.vercel.app/32) in your browser to generate a secure random secret:
+This section secures user sessions and defines the public address of your Admin Portal.
 
-Copy the generated value and set it in your `.env` file:
+**1. Generate Secret Key** Create a unique key to encrypt login sessions. Run this command in your terminal:
 
 ```bash copy
-# Replace with your own values.
-PORTAL_NEXTAUTH_SECRET=4f7c2a9e8d1b6c3f0a...
+openssl rand -hex 32
 ```
-`PORTAL_NEXTAUTH_SECRET` - A secret key used by NextAuth to encrypt sessions and tokens. (***Keep this value private.***)
 
-**Admin Portal URL**
+Update the value in your `.env` file:
 
-Development
 ```bash copy
-HOST_FRONTEND_ADMIN=http://localhost:3001
-PORTAL_NEXTAUTH_URL=http://localhost:3001
+# Replace with the generated string
+PORTAL_NEXTAUTH_SECRET=your_generated_secret_key
 ```
 
-Production
-```bash copy
-HOST_FRONTEND_ADMIN=https://admin.spacedf.example
-PORTAL_NEXTAUTH_URL=https://admin.spacedf.example
-```
+**2. Configure Domain** Set the URL where administrators will access the portal.
+
+<Tabs items={['Development (Local)', 'Production (Live)']}> 
+  <Tabs.Tab> 
+    For Localhost: Use this setup if you are running the portal on your computer. 
+    ```bash copy 
+    HOST_FRONTEND_ADMIN=http://localhost:3001 
+    PORTAL_NEXTAUTH_URL=http://localhost:3001 
+    ```
+  </Tabs.Tab>
+  <Tabs.Tab> 
+    For Public Domain: Replace with your actual domain name. 
+    ```bash copy 
+    HOST_FRONTEND_ADMIN=https://admin.yourdomain.com 
+    PORTAL_NEXTAUTH_URL=https://admin.yourdomain.com 
+    ```
+    <CardInfo classNames={{
+      container: "!mt-6 !p-3 shadow-none",
+      title: "!text-base",
+      description: "!text-sm"
+    }}>
+      ⚠️ **Consistency:** In most cases, these two variables must be identical.
+    </CardInfo>
+  </Tabs.Tab> 
+</Tabs>
+
+**Variable Details:**
+- `PORTAL_NEXTAUTH_SECRET`: The encryption key for cookies/tokens. **Keep this private**.
+- `HOST_FRONTEND_ADMIN`: The public URL shown in the browser address bar.
+- `PORTAL_NEXTAUTH_URL`: The base URL used internally by the authentication system for callbacks.
 
-- `HOST_FRONTEND_ADMIN` - The public URL where the Admin Portal is accessible.
-- `PORTAL_NEXTAUTH_URL` - The base URL used by NextAuth for redirects and callbacks. <br/>This value should match the Admin Portal public URL.
 ---
-##### API Access
+##### Backend Connection (API)
 
-**Using Docker**
-```bash copy
-PORTAL_AUTH_API=http://haproxy:3000
-```
+The Admin Portal needs to communicate with the Backend API to handle user authentication and data retrieval.
 
-**External API**
-```bash copy
-# Replace with your own values.
-PORTAL_AUTH_API=https://api.spacedf.example
-```
+**Choose your deployment scenario:**
+
+<Tabs items={['Docker (Recommended)', 'Separate Hosting']}> 
+  <Tabs.Tab> 
+  **Scenario: All-in-One (Docker Compose)** If you are running both the Frontend and Backend on the same server using our provided Docker setup, use the internal service name.
+  ```bash copy
+  # Connects internally via the Docker network
+  PORTAL_AUTH_API=http://haproxy:3000
+  ```
+  <CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+  }}>
+    ❓ **Why not localhost** Inside a Docker container, `localhost` refers to the container itself, not your computer. Using `haproxy` allows the Portal to find the API within the internal Docker network.
+  </CardInfo>
+  </Tabs.Tab>
+
+  <Tabs.Tab> 
+  **Scenario: Distributed / External** Use this only if your Backend is hosted on a different server or if you are deploying the Frontend to a service like Vercel/Netlify.
+  ```bash copy
+  # Connects over the public internet
+  PORTAL_AUTH_API=https://api.yourdomain.com
+  ```
+  </Tabs.Tab>
+</Tabs>
 
-`PORTAL_AUTH_API` - The backend API endpoint used by the Admin Portal for authentication.<br/>
-This typically points to the internal API gateway or load balancer.
+**Variable Details:**
 
----
-##### References
+- `PORTAL_AUTH_API` - The endpoint the Admin Portal uses to make **server-side** requests to the Backend.
+
+<CardInfo classNames={{
+      container: "!mt-6 !p-3 shadow-none",
+      title: "!text-base",
+      description: "!text-sm"
+    }}
+  title="⭐ References"  
+  >
+     - [NextAuth.js Documentation](https://next-auth.js.org/) - General guide and concepts.
+     - [Environment Variables](https://next-auth.js.org/configuration/options) - Detailed list of all available options.
+     - [Security Guide](https://next-auth.js.org/security) - Best practices for securing your authentication.
+</CardInfo>
 
-Use the official documentation below if you need more details about **NextAuth** behavior or advanced configuration:
-- [NextAuth.js Documentation](https://next-auth.js.org/)
-- [NextAuth Environment Variables](https://next-auth.js.org/configuration/options)
-- [NextAuth Security Guide](https://next-auth.js.org/security)
 ---
 ### Dashboard Configuration
-This section configures the **SpaceDF Dashboard**, the main web interface used for daily operations, device monitoring, and data visualization.
+The Dashboard is the primary interface for **End Users (your customers)**. It is used for daily operations, including real-time device monitoring, data visualization, and asset control.
 
-<Callout type="warning">
-  **Before continuing** <br/>
-    Make sure you have completed the **Backend Services Configuration** above. <br/>
-    The Dashboard depends on backend APIs, MQTT, and authentication services.
-</Callout>
+<CardInfo classNames={{
+      container: "!mt-6 !p-3 shadow-none",
+      title: "!text-base",
+      description: "!text-sm"
+    }}
+  >
+    SpaceDF uses `NextAuth.js` for its authentication layer. If you need to customize behavior or debug specific issues, please refer to the official documentation:
+     - [NextAuth.js Documentation](https://next-auth.js.org/) - General guide and concepts.
+     - [Environment Variables](https://next-auth.js.org/configuration/options) - Detailed list of all available options.
+     - [Security Guide](https://next-auth.js.org/security) - Best practices for securing your authentication.
+</CardInfo>
 
-##### Authentication
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    ⚠️ **Prerequisite Check:** Please ensure you have fully configured the **Backend Services** section above.<br/> 
+    The Dashboard requires the Backend API and MQTT Broker to be running to fetch data.
+</CardInfo>
 
-**Generate NextAuth secret**
+##### Authentication & URLs
+<Badge variant="destructive">Required</Badge>
 
-Open the [following link](https://generate-secret.vercel.app/32) in your browser to generate a secure random secret:
+This section secures user sessions and defines the public address of your Dashboard.
 
-Copy the generated value and set it in your `.env` file:
+**1. Generate Secret Key** Create a unique key to encrypt login sessions. Run this command in your terminal:
 
 ```bash copy
-# Replace with random secret.
-DASHBOARD_NEXTAUTH_SECRET=4f7c2a9e8d1b6c3f0a...
-
-# The public URL where the Dashboard is accessible.
-DASHBOARD_NEXTAUTH_URL=http://localhost:3000
+openssl rand -hex 32
 ```
-- `DASHBOARD_NEXTAUTH_SECRET` - A secret key used by NextAuth to encrypt sessions and tokens. (***Keep this value private.***)
-- `DASHBOARD_NEXTAUTH_URL` - The public URL where the Dashboard is accessible.<br/>
-This value is used for redirects and callbacks.
----
-##### API Access
 
-**Using Docker**
-```bash copy
-DASHBOARD_AUTH_API=http://haproxy:3000
-```
+Update the value in your `.env` file:
 
-**External API**
 ```bash copy
-# Replace with your own values.
-DASHBOARD_AUTH_API=https://api.spacedf.example
+# Replace with the generated string
+DASHBOARD_NEXTAUTH_SECRET=your_generated_secret_key
 ```
+
+**2. Configure Domain** Set the URL where end-users will access the dashboard.
+
+<Tabs items={['Development (Local)', 'Production (Live)']}> 
+  <Tabs.Tab> 
+    For Localhost: Use this setup if you are running the dashboard on your computer
+    ```bash copy 
+    DASHBOARD_NEXTAUTH_URL=http://localhost:3000
+    ```
+  </Tabs.Tab>
+  <Tabs.Tab> 
+    For Public Domain: Replace with your actual domain name. 
+    ```bash copy 
+    DASHBOARD_NEXTAUTH_URL=https://dashboard.yourdomain.com
+    ```
+    <CardInfo classNames={{
+      container: "!mt-6 !p-3 shadow-none",
+      title: "!text-base",
+      description: "!text-sm"
+    }}>
+      ⚠️ **HTTPS:** In production, ensure your domain is secured with SSL (HTTPS)
+    </CardInfo>
+  </Tabs.Tab> 
+</Tabs>
+
+**Variable Details:**
+- `DASHBOARD_NEXTAUTH_SECRET`: The encryption key for cookies/tokens. **Keep this private**.
+- `DASHBOARD_NEXTAUTH_URL`: The public URL (Base URL) used by the authentication system for redirects and callbacks.
+
+---
+##### Backend Connection (API)
+<Badge variant="destructive">Required</Badge>
+
+The Dashboard needs to communicate with the Backend API to fetch user data, device status, and charts.
+
+**Choose your deployment scenario:**
+
+<Tabs items={['Docker (Recommended)', 'Separate Hosting']}> 
+  <Tabs.Tab> 
+  **Scenario: All-in-One (Docker Compose)** If you are running both the Dashboard and Backend on the same server using our Docker setup, use the internal service name.
+  ```bash copy
+  # Connects internally via the Docker network
+  DASHBOARD_AUTH_API=http://haproxy:3000
+  ```
+  <CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+  }}>
+    ℹ️ **Network Note:** Do not use `localhost` here. Inside the Docker network, `haproxy` is the correct hostname to reach the API gateway.
+  </CardInfo>
+  </Tabs.Tab>
+
+  <Tabs.Tab> 
+  **Scenario: Distributed / External** Use this **only** if your Backend is hosted on a different server or if you are deploying the Dashboard to a cloud provider (e.g., Vercel, Netlify).
+  ```bash copy
+  # Connects over the public internet
+  DASHBOARD_AUTH_API=https://api.yourdomain.com
+  ```
+  </Tabs.Tab>
+</Tabs>
+
+**Variable Details:**
+
+- `DASHBOARD_AUTH_API` - The endpoint the Dashboard uses for **server-side** data fetching and authentication.
 ---
 ##### Map Services
-> The Dashboard uses **MapTiler** as a map service to resolve location names from coordinates and support location-based features.
+<Badge>Optional</Badge>
+
+SpaceDF uses **MapTiler** to provide map visualization and **Reverse Geocoding** (converting GPS coordinates into readable addresses like "123 Main St").
+
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+  }}>
+    ℹ️ **What happens if I skip this?** The Dashboard will **still work**, but you will **not see street addresses**.<br/>
+    Locations will only be displayed as raw latitude/longitude coordinates (e.g., `10.762`, `106.660`).
+</CardInfo>
+
+**Setup Instructions:**
 
-**How to get a MapTiler API key**
 <NumberWithMdx number={1} className="mt-3">
-    Create a MapTiler account: [MapTiler](https://www.maptiler.com/)
+    **Create Account**<br/>
+    Sign up for a free account at [MapTiler](https://www.maptiler.com/)
 </NumberWithMdx>
 <NumberWithMdx number={2}>
-   Go to your dashboard and create an **API key**.
+    **Get API Key**<br/>
+   Go to the **Keys** section in your **MapTiler dashboard** and copy your **Default Key**.
 </NumberWithMdx>
 <NumberWithMdx number={3}>
-   Copy the key and set it as `MAPTILER_API_KEY`.
+   **Update `.env`**<br/>
+   Paste the key into your `.env` file.
+   ```bash copy
+    # Replace with your API Key.
+    MAPTILER_API_KEY=__MAPTILER_API_KEY__
+    ```
 </NumberWithMdx>
 
-```bash copy
-# Replace with your API Key.
-MAPTILER_API_KEY=__MAPTILER_API_KEY__
-```
+[MapTiler Documentation](https://docs.maptiler.com/)
+
 ---
 ##### MQTT (Real-time Data)
-> The Dashboard connects to MQTT to receive real-time device data.
+<Badge variant="destructive">Required</Badge>
 
-**Recommended values**<br/>
-**Development**
-```bash copy
-DASHBOARD_MQTT_PROTOCOL=ws
-DASHBOARD_MQTT_PORT=8883
-DASHBOARD_MQTT_BROKER=emqx.localhost:8000
-```
+The Dashboard connects directly to the MQTT Broker via **WebSockets** to display real-time charts and device status updates. Without this, the dashboard will not update live.
 
-**Production**
-```bash copy
-# Use wss (secure WebSocket) in production.
-DASHBOARD_MQTT_PROTOCOL=wss
-DASHBOARD_MQTT_PORT=443
-DASHBOARD_MQTT_BROKER=emqx.example.com
-```
+**Configuration by Environment:**
 
-- `DASHBOARD_MQTT_USERNAME` / `DASHBOARD_MQTT_PASSWORD` - Credentials used by the Dashboard to connect to the MQTT broker.
-- `DASHBOARD_MQTT_PROTOCOL` - Protocol used for MQTT connections. <br/>
-Use ws (WebSocket) for browser-based clients.
-- `DASHBOARD_MQTT_PORT` - Port exposed by the MQTT broker for WebSocket connections.
-- `DASHBOARD_MQTT_BROKER` - Host and port of the MQTT broker accessible from the browser.
+<Tabs items={['Development (Local)', 'Production (Live)']}>
+  <Tabs.Tab>
+    For Localhost: Use `ws` (Unencrypted WebSocket) for local development.
+    ```bash copy
+    # 1. Connection Details
+    DASHBOARD_MQTT_PROTOCOL=ws
+    DASHBOARD_MQTT_PORT=8083
+    DASHBOARD_MQTT_BROKER=localhost
+
+    # 2. Public Auth (Read-Only User recommended)
+    DASHBOARD_MQTT_USERNAME=dashboard_user
+    DASHBOARD_MQTT_PASSWORD=your_password
+    ```
+    > (Note: Ensure Port `8083` is exposed in your EMQX Docker container).
+  </Tabs.Tab>
+
+  <Tabs.Tab>
+    For Production: You **must** use `wss` (Secure WebSocket). Browsers will block insecure `ws` connections if your site is loaded over `https`.
+    ```bash copy
+    # 1. Connection Details
+    DASHBOARD_MQTT_PROTOCOL=wss
+    DASHBOARD_MQTT_PORT=443
+    DASHBOARD_MQTT_BROKER=mqtt.yourdomain.com
+
+    # 2. Public Auth (Read-Only User recommended)
+    DASHBOARD_MQTT_USERNAME=dashboard_user
+    DASHBOARD_MQTT_PASSWORD=your_password
+    ```
+  </Tabs.Tab>
+</Tabs>
+
+**Variable Details:**
+  - `DASHBOARD_MQTT_PROTOCOL`: `ws` for local, `wss` for production (SSL).
+  - `DASHBOARD_MQTT_BROKER`: The domain pointing to your MQTT Broker.
+  - `DASHBOARD_MQTT_PORT`: The WebSocket port (Default EMQX: `8083` for ws, `8084` for wss).
+
+<CardInfo classNames={{
+      container: "!mt-6 !p-3 shadow-none",
+      title: "!text-base",
+      description: "!text-sm"
+    }}>
+      ⚠️ **Browser Security Rule:** If your Dashboard runs on **HTTPS** (Production), you cannot use ws (insecure).<br/>
+      You MUST use `wss`. Failing to do so will cause "Mixed Content" errors, and the connection will fail. 
+</CardInfo>
+
+[MQTT over WebSocket](https://www.emqx.com/en/blog/connect-to-mqtt-broker-with-websocket)
+
+---
+
+<div className="p-4 bg-green-50 dark:bg-green-900/20 border border-green-200 dark:border-green-800 rounded-lg mt-8 text-center">
+  <h3 className="text-green-800 dark:text-green-300 font-bold text-lg m-0">
+    🎉 Configuration Fully Complete!
+  </h3>
+  <div className="text-green-700 dark:text-green-400 mt-2">
+    You have successfully configured the Backend APIs, Admin Portal, and User Dashboard. Your SpaceDF environment is ready.
+  </div>
+  <div className="text-green-700 dark:text-green-400 font-medium mt-3" suppressHydrationWarning>
+    👉 <strong>Next Step:</strong> Proceed to the <strong>Starting the Services</strong> section to launch your platform.
+  </div>
+</div>
 
-<Callout type="info">
-  Use HTTPS and `wss` in production environments <br/>
-  Restrict MQTT permissions to read-only topics for the Dashboard
-</Callout>
 ---
-##### References
-- [NextAuth.js Documentation](https://next-auth.js.org/)
-- [MapTiler Documentation](https://docs.maptiler.com/)
-- [MQTT over WebSocket](https://www.emqx.com/en/blog/connect-to-mqtt-broker-with-websocket)
 
 ## Starting and Stopping
-> This section explains how to start, check, and stop SpaceDF services using Docker Compose.
 
-### Starting the services
-From the directory that contains your `./entrypoint.sh` file, run:
+This section explains how to manage the lifecycle of your SpaceDF instance using standard Docker commands.
+
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    ⚠️ **Prerequisite:** Ensure your `.env` file is fully configured and saved in the root directory before running these commands.
+</CardInfo>
+
+### Starting the Services
+To launch SpaceDF, you will use the provided entrypoint script. This script handles the initialization and orchestrates the Docker containers for you.
+
+**Run the following commands in your terminal:**
 
 ```bash copy 
-# Start all services in the background
+# 1. Grant execution permission (First time only)
 chmod +x entrypoint.sh
+
+# 2. Start the system
 ./entrypoint.sh
 ```
 
-Docker will start all SpaceDF services in detached mode.
+**What happens next?**
+- The script will trigger Docker to download necessary images and start all services in **detached mode** (background).
+- You can close the terminal window without stopping the application.
+
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    🔍 **Troubleshooting:** If you see a `Permission denied` error, ensure you have run the `chmod +x` command successfully.
+</CardInfo>
 
 ### Checking service status
-After starting, you can check the status of all services:
+After running the startup script, verify that all containers are functioning correctly.
+
+**1. Check Status Command** Run the following command to list all active services:
+
 ```bash copy 
 docker compose ps
 ```
+**2. Expected Output** Give the system about **30-60 seconds** to initialize. You should see a list of services where the status column shows `Up (healthy)`.
+
 Within a minute, most services should show a status similar to:
-```scss copy 
-Up (healthy)
+```text 
+NAME                IMAGE               STATUS                  PORTS
+spacedf-backend     spacedf/backend     Up (healthy)            0.0.0.0:8000->8000/tcp
+spacedf-dashboard   spacedf/dashboard   Up (healthy)            0.0.0.0:3000->3000/tcp
+emqx                emqx/emqx           Up (healthy)            1883/tcp, 8083/tcp...
+postgres            postgres:15         Up (healthy)            5432/tcp
 ```
 
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+  }}>
+    ℹ️ **Note on "starting" status:** If you see `Up (starting)`, it means the service is still initializing (e.g., waiting for the database). Wait a moment and run the command again.
+</CardInfo>
+
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    🔍 **Troubleshooting:** If any service shows `Exited (1) or Unhealthy`, please check the logs using: `docker compose logs -f &lt;service_name&gt;`
+</CardInfo>
+
 ### Troubleshooting startup issues
-If a service shows a status like `created` or does not become Up, check its logs to see what went wrong.
+If a service shows a status like `Exited`, `Restarting`, or remains `Created` for too long, it means the container failed to start correctly.
+
+**1. View Service Logs** To identify the specific error, inspect the logs of the problematic service.
 
-For example, to view logs for a specific service:
 ```bash copy 
-docker compose logs analytics
+# Syntax: docker compose logs -f <service_name>
+docker compose logs -f backend
 ```
-Review the logs for errors such as missing environment variables or connection issues.
+- `-f`: Follows the log output in real-time (press `Ctrl+C` to exit).
+- Replace `backend` with the name of the failing service (e.g., `dashboard`, `emqx`, `postgres`)
+
+**2. Common Error Patterns** When reviewing the logs, look for these common issues:
+
+| Error Type     | Log Message Example                                         | Solution                                                                                           |
+|----------------|--------------------------------------------------------------|----------------------------------------------------------------------------------------------------|
+| Missing Config | `KeyError: 'DATABASE_URL' or Config validation failed`       | Check your `.env` file. A required variable is missing or empty.                               |
+| Connection     | `Connection refused or PGSQL connection failed`                | The service cannot reach a dependency (like the Database). Wait a moment, or check if it runs. |
+| Permission     | `EACCES: permission denied`                                    | File permission issue (often happens with scripts). Run `chmod +x` on entry scripts.           |
+
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    ⭐ **Pro Tip:** If you see `Connection refused` immediately after starting, wait 10-20 seconds. Sometimes services start faster than the Database, causing a temporary error before they automatically retry and succeed.
+</CardInfo>
 
 ### Stopping the services
-To stop all running SpaceDF services, run:
+
+To gracefully shut down the SpaceDF platform and release system resources, run the following command:
+
 ```bash copy 
 docker compose down
 ```
-This stops and removes the containers but keeps your data volumes intact.
 
-<Callout type="info">
-  **Notes**
-  - Starting and stopping services may take a short time
-  - Always check service status after starting
-  - Stop services before making configuration changes
-</Callout>
+**Data Persistence:** Rest assured, this command **only removes the containers**. Your database, user accounts, and device logs are stored in persistent volumes and **will be preserved**.
+
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}
+  title="⭐ Operational Tips:"
+  >
+   - **When to stop:** It is recommended to stop the services before making major changes to the `.env` file or `docker-compose.yml`.
+   - **Restarting:** To apply new configurations or updates, simply run `./entrypoint.sh` (or `docker compose up -d`) again after stopping.
+</CardInfo>
+
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    ⛔ **Caution:** Do not use the `-v` flag (e.g., `docker compose down -v`) unless you intend to **permanently delete** all your data and start from scratch.
+</CardInfo>
+
 
 ## Accessing SpaceDF Services
-> After all services are running, you can access SpaceDF through the web interfaces and backend APIs using the URLs below.
+
+Once all containers are running successfully, you can access the various components of the SpaceDF platform using the URLs below.
 
 <div className="overflow-x-auto mt-4">
   <table className="w-full border-collapse text-left text-sm">
@@ -1002,31 +1558,71 @@ This stops and removes the containers but keeps your data volumes intact.
   </table>
 </div>
 
-<Callout type="info">
-  **Notes**
-  - Make sure all services show **Up (healthy)** before accessing them
-  - Use HTTPS in production environments
-  - Ensure firewall and reverse proxy settings allow access to the required ports
-</Callout>
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}
+  title="⭐ Login Credentials:"
+  >
+   - **Apps (Dashboard/Admin):** Log in using the `OWNER_EMAIL` and `OWNER_PASSWORD` you defined in the `.env` file. 
+   - **EMQX Console:** Log in using `admin` / `public` (Default) or the credentials defined in `EMQX_PASSWORD`.
+</CardInfo>
+
+**Production URLs**<br/>
+If you have deployed to a live server, replace `localhost` with your configured domains:
+
+- Dashboard: `https://dashboard.yourdomain.com`
+- Admin Portal: `https://admin.yourdomain.com`
+- API: `https://api.yourdomain.com`
 
 ## Updating
-SpaceDF publishes stable updates for the Docker Compose setup on a regular basis.
-To update your self-hosted deployment, pull the latest changes from the repository and restart the services.
+SpaceDF frequently releases stable updates to introduce new features, security patches, and performance improvements. To keep your self-hosted instance running smoothly, we recommend keeping it up to date.
 
-> Updating services requires restarting containers and may cause temporary downtime.
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    ⚠️ **Downtime Notice:** The update process requires restarting Docker containers. Your services will be temporarily unavailable (usually for a few seconds to a minute) during the restart phase. Plan accordingly.
+</CardInfo>
+
+**Standard Update Procedure**
+
+Run the following commands in your terminal to upgrade your deployment.
 
-### General update process
 <NumberWithMdx number={1} className="mt-6">
-   Pull the latest changes from the SpaceDF repository.
+   **Fetch Latest Configuration**<br/>
+   Update your local repository to get the latest `docker-compose.yml` and script changes.
+   ```bash copy
+   git pull origin main
+   ```
 </NumberWithMdx>
-<NumberWithMdx number={2}>
-    Pull updated Docker images.
+
+<NumberWithMdx number={2}> 
+  **Download Updated Images**<br/>
+  Pull the latest versions of the SpaceDF Docker images. 
+  ```bash copy 
+  docker compose pull 
+  ```
 </NumberWithMdx>
-<NumberWithMdx number={3}>
-   Restart the services.
+
+<NumberWithMdx number={3}> 
+  **Apply & Restart**<br/>
+  Recreate the containers with the new images.
+  ```bash copy
+  docker compose up -d
+  ```
+  > (Note: Docker will only restart containers that have updates).
 </NumberWithMdx>
 
-In most cases, this is enough to apply the latest updates.
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    ⭐ **Cleanup (Optional):** After a major update, you can remove old, unused images to free up disk space: `docker image prune -f`
+</CardInfo>
 
 ### Updating individual services (advanced)
 You can run a specific version of a service by changing its Docker image tag in the `docker-compose.yml` file.
@@ -1036,87 +1632,129 @@ You can run a specific version of a service by changing its Docker image tag in
   This approach is recommended only if you know exactly what you are doing.
 </Callout>
 
-#### Update or rollback a single service
+### Advanced: Pinning & Rolling Back Versions
+
+In specific scenarios—such as rolling back a buggy update or testing a beta feature—you may need to force a specific version of a service instead of using `latest`.
+
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}>
+    ⛔ **Compatibility Risk:** SpaceDF services are designed to work together as a suite. Running mixed versions (e.g., a simplified Dashboard with an advanced Backend) may lead to **API errors**, **database conflicts**, or **data corruption**.
+
+    **Only proceed if you understand the dependencies**.
+</CardInfo>
+
+**Procedure: Update a Single Service**
+
+Follow these steps to update (or downgrade) a specific component, for example, the **Dashboard**.
 
-For example, if you want to update or roll back the Dashboard service:
 <NumberWithMdx number={1} className="mt-6">
-   Check available images and tags on the [SpaceDF container registry](https://github.com/orgs/Space-DF/packages).
+  **Find the Version Tag**<br/>
+  Visit the [SpaceDF Container Registry](https://github.com/orgs/Space-DF/packages) to find the exact tag you need (e.g., `v2026.01.21`).
 </NumberWithMdx>
 <NumberWithMdx number={2}>
-    Choose a version tag (for example: `v2026.01.21`).
-</NumberWithMdx>
-<NumberWithMdx number={3}>
-   Update the image field in `docker-compose.yml`
-   ```yml copy
-    image: ghcr.io/space-df/spacedf-web-app:v2026.01.21
+    **Edit Configuration**<br/>
+    Open `docker-compose.yml` and locate the service (e.g., `dashboard`). Replace the image tag with your chosen version.
+    ```yml copy
+    services:
+      dashboard:
+        # Change the tag after the colon
+        image: ghcr.io/space-df/spacedf-web-app:v2026.01.21
     ```
 </NumberWithMdx>
-<NumberWithMdx number={4}>
-   Apply the changes:
+<NumberWithMdx number={3}>
+   **Apply Changes (Smart Restart)**<br/>
+   Run the following commands to pull and restart **only** the target service, leaving the rest of the system running.
    ```bash copy
-    docker compose pull
-    docker compose down
-    docker compose up -d
-    ```
+   # 1. Pull the specific image
+    docker compose pull dashboard
+
+  # 2. Recreate only this container
+    docker compose up -d dashboard
+   ```
 </NumberWithMdx>
 
-The service will restart using the specified version.
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+}}
+>
+  ❓ **Why not use `docker compose down`** Using `down` stops the entire platform. By targeting `up -d dashboard`, you only restart the Dashboard, ensuring that the Backend and MQTT Broker continue to process device data without interruption.
+</CardInfo>
 
-### Notes on downtime
-- Services must be restarted to apply updates
-- Active users may experience brief downtime
-- Consider performing updates during low-traffic periods
+### Maintenance Strategy & Resources
 
-### Staying up to date
-- To track changes, fixes, and new features, refer to:
-    - SpaceDF release notes
-- The self-hosting changelog in the repository
+Managing updates effectively is key to maintaining a stable IoT platform.
 
-## Uninstalling
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+  }}
+  title="ℹ️ Downtime Considerations:"
+  >
+   - **Restart Required:** Applying updates always requires restarting the Docker containers.
+   - **Service Interruption:** Active users will experience a brief disconnection (typically 10-60 seconds) while the containers re-initialize.
+   - **Best Time to Update:** We strongly recommend scheduling maintenance during **low-traffic periods** (e.g., late night or weekends) to minimize the impact on your operations.
+</CardInfo>
 
-<Callout type="warning">
-  **Warning**<br/>
-  The steps below will permanently delete all SpaceDF data, including databases and storage volumes.<br/>
-  Make sure you have backups before continuing.
-</Callout>
+**Staying Up to Date:** To track the latest features, security patches, and bug fixes, please consult our official channels:
+- [SpaceDF Release Notes](https://docs.spacedf.com/blog): High-level overview of new features and major changes.
+- [GitHub Changelog](https://github.com/Space-DF): Detailed technical log of all changes in the self-hosted repository.
 
-### Stop and remove services
-From the directory that contains your `docker-compose.yml` file, run:
-```bash copy 
-# Stop all services and remove containers and volumes
-docker compose down -v
-```
+## Uninstalling
 
-This command stops all SpaceDF services and removes all associated Docker volumes.
+This section guides you through completely removing SpaceDF from your server.
 
-### (Optional) Remove remaining data manually
-In some cases, you may want to ensure all data directories are fully removed.
+<CardInfo classNames={{
+    container: "!mt-6 !p-3 shadow-none",
+    title: "!text-base",
+    description: "!text-sm"
+  }}
+  title="⛔ CRITICAL WARNING: The steps below will permanently delete all data, including:"
+  >
+   - User accounts and passwords.
+   - All device data and history.
+   - System configurations.
+   - Uploaded files.
+</CardInfo>
 
-**Remove database data**
-```bash copy 
+<Steps>
+### Wipe Containers & Volumes
+ Run the following command in your project directory to stop services and destroy their internal data volumes.
+ ```bash copy
+  # The '-v' flag ensures volumes are deleted
+  docker compose down -v
+ ```
+### Clean Host Directories (Optional)
+Docker might leave some mounted files on your host machine (usually inside the `volumes/ folder`). To ensure a 100% clean state, remove them manually.
+ 
+```bash copy
+# Remove Database files
 rm -rf volumes/db/data
-```
 
-**Remove storage data**
-```bash copy 
+# Remove File Storage (Uploads/Images)
 rm -rf volumes/storage
 ```
+</Steps>
 
-**What gets removed**
-- All SpaceDF services
-- All databases and stored data
-- All uploaded files and assets
+### Verification
 
-After these steps, SpaceDF is completely removed from your system.
+At this point, SpaceDF is completely removed.
+- Containers: Stopped and deleted.
+- Networks: Removed.
+- Data: Wiped.
 
-<Callout type="info">
-  **Notes**
-  - These actions **cannot be undone**
-  - Use this only if you want a clean uninstall
-  - For reinstallation, follow the setup guide from the beginning
-</Callout>
-
-## Demo
+<CardInfo classNames={{
+  container: "!mt-6 !p-3 shadow-none",
+  title: "!text-base",
+  description: "!text-sm"
+  }}>
+    ℹ️ **Reinstallation:** If you want to start fresh, simply run the setup guide from the beginning. The system will treat it as a brand new installation.
+</CardInfo>
 
 ## Need Help?
 
diff --git a/src/content/getting-started/self-hosting/docker/quick-start.mdx b/src/content/getting-started/self-hosting/docker/quick-start.mdx
index d6e5be0..40eece6 100644
--- a/src/content/getting-started/self-hosting/docker/quick-start.mdx
+++ b/src/content/getting-started/self-hosting/docker/quick-start.mdx
@@ -8,7 +8,7 @@ import { CardInfo } from "@/app/_components/CardInfo.jsx"
 
 # Quick Start
 
-> This guide helps you get **SpaceDF running quickly** on your own infrastructure using **Docker Compose** and **default settings**.
+This guide helps you get **SpaceDF running quickly** on your own infrastructure using **Docker Compose** and **default settings**.
 
 <CardInfo title="Quick Start Limitations">
   <ul className='list-none space-y-2'>
@@ -117,7 +117,8 @@ After startup, SpaceDF services are available on the following default ports:
 Make sure these ports are open on your server and not used by other services.
 
 ### Default account (Quick Start only)
-> Quick Start creates default accounts for initial access
+
+Quick Start creates default accounts for initial access
 
 These accounts are for **local testing only**.
 
diff --git a/src/content/getting-started/self-hosting/index.mdx b/src/content/getting-started/self-hosting/index.mdx
index 76fb78e..2ce6566 100644
--- a/src/content/getting-started/self-hosting/index.mdx
+++ b/src/content/getting-started/self-hosting/index.mdx
@@ -8,7 +8,7 @@ import { RichCardOptions, RichCardOption } from "@/app/_components/RichCard.jsx"
 
 # Self-Hosting
 
-> Install and run your own SpaceDF platform on your computer, server, or cloud infrastructure.
+Install and run your own SpaceDF platform on your computer, server, or cloud infrastructure.
 
 ---
 

From 454da83c3dd99e615b94906719ded82532ee4334 Mon Sep 17 00:00:00 2001
From: Quynh-Nguyen <quynh.nguyen@digitalfortress.dev>
Date: Thu, 29 Jan 2026 09:02:40 +0000
Subject: [PATCH 3/3] Trigger Build