From 1d0ac78bbdeeb2eeb5d61d64ed17f930b1aceee3 Mon Sep 17 00:00:00 2001
From: AlexsandrSnytkin <snytkinaleksandr5@mail.ru>
Date: Thu, 26 Mar 2026 05:10:01 +0700
Subject: [PATCH] user_accaunt_restrictions

---
 .env                                          |   6 +
 .env.template                                 |   6 +
 __pycache__/service.cpython-311.pyc           | Bin 79346 -> 119507 bytes
 ...e_integration.cpython-311-pytest-8.2.2.pyc | Bin 89330 -> 117002 bytes
 .../test_service_integration.cpython-311.pyc  | Bin 46503 -> 63848 bytes
 config.template.json                          |  17 +
 cookies-admin.txt                             |   4 +
 cookies-user.txt                              |   4 +
 docker-compose.yml                            |  22 +-
 docker/config.docker.test.json                |  21 +-
 docker/keycloak/Dockerfile                    |  12 +
 docker/keycloak/entrypoint.sh                 |  23 +
 .../triangulation-realm.template.json         |  95 ++
 service.py                                    | 882 ++++++++++++++++--
 test_service_integration.py                   | 262 ++++++
 web/app.js                                    | 496 +++++++++-
 web/index.html                                | 267 ++++--
 web/styles.css                                | 163 +++-
 18 files changed, 2046 insertions(+), 234 deletions(-)
 create mode 100644 .env
 create mode 100644 .env.template
 create mode 100644 cookies-admin.txt
 create mode 100644 cookies-user.txt
 create mode 100644 docker/keycloak/Dockerfile
 create mode 100644 docker/keycloak/entrypoint.sh
 create mode 100644 docker/keycloak/triangulation-realm.template.json

diff --git a/.env b/.env
new file mode 100644
index 0000000..11b880f
--- /dev/null
+++ b/.env
@@ -0,0 +1,6 @@
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD=admin
+TRIANGULATION_ADMIN_USERNAME=admin_ui
+TRIANGULATION_ADMIN_PASSWORD=admin123
+TRIANGULATION_VIEWER_USERNAME=viewer
+TRIANGULATION_VIEWER_PASSWORD=viewer123
diff --git a/.env.template b/.env.template
new file mode 100644
index 0000000..11b880f
--- /dev/null
+++ b/.env.template
@@ -0,0 +1,6 @@
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD=admin
+TRIANGULATION_ADMIN_USERNAME=admin_ui
+TRIANGULATION_ADMIN_PASSWORD=admin123
+TRIANGULATION_VIEWER_USERNAME=viewer
+TRIANGULATION_VIEWER_PASSWORD=viewer123
diff --git a/__pycache__/service.cpython-311.pyc b/__pycache__/service.cpython-311.pyc
index a3053a09f301e2dc33a3a83e41e14849f824e782..5f94a4f9d0aa1cdef50df6c5e1826efa03cd838c 100644
GIT binary patch
delta 51147
zcmbrn31A#Yl{Y>;_h?SdNHe-Mx~*Hb<Xe(0AM!2VIb=JEtd?!rI-H(y94n)Y60$@I
zhRE)KOt6U(5+WxK5qQ}(ED$G<<J(<eT6EAbf3!GR0)*>RAmPY<!1sIAb7*97{Qv*f
z=yi3~tE209_1>#j)xY_L_IuA5Y|mP)DJopXwy*U3;GfRfGPp0DE87=T_olR`@G4&2
zYi>8QyQSTNyQbILXKlCk+1hQK3eVbJd!M7-(U;nu%AR$-&OTSWi@Ei^X?^MK>3!~Y
zcb})-)0fen(U;kt$-)f1S$)~<*?l?fIeoe9xy;Ylo7b1$p5Nzf_Xhh4+6(#$+Y9@O
z+KV_<cV>4n{T<O{Qd!y6Uc#H&OZk-cGTz+2h_|$t^VaqX{-eC(L2Y{_{}AuOy^0^<
z({ZonALc!{*YJ<<nYh>TALDayuj9}11-LKfKh789zJ&h-Uy6IMo`00Dg`<HV<rm|=
zlt0JU<G#$K;?MIUzv4k%`*Qv<z6pLS_)qd{a9_!PieHEODt?ULi2G`Wdx75y+(!P>
z{0{gv@sIO6ac?%M5c(PZBEJuzYxqn2E%04SzVsJF;Ai<K_yY)R;m7$q5V($ilD`x8
z^)V#=DgJZ(5nycKpXQGtWF!9!e;oH#{_}h<?wj~$`2pNF^Ar4CxNqSv^M2g7^3U<7
zaNkBLp%BmW0i?2>zrx=K-yLezru8a5_@Ig({=8bHdLIALDsSUo;O_^@PW}u0M{wW8
zzsNs``|j>N{6C#wc!Eo<>fVe0-Qv09ImQP#UcFaUK6!PYI-4u)xjvy%MbiC3PiOzp
zQ@x%3o`L=jU$@VPd&GF6`%G8wK<5c@Kr^c=LYBoMudU$<u8LZRnkyEc))%@9;T=io
z02<$M+&9oKG{9q#_(T0~8x6khqkY}|{w_`_ErVJ>jY`G+b`N~VRQ@?(0o6&4=ROag
z=Q;7$7prVTT!8bbdsKVT?fp7&_8VEN&FJxidX;KWr&0~6O)9@3k@j&)n_U4epdN%v
zNh|6(Hg4rSV)L?8yT)&g`r&rmAPzTXtQgYvJBw6)M<SqDCFnR+kE%<3J4$d`b&uwD
z)oIS}N?-)E{xos%vCN=4pzY_VoaMT<i0VVG>0K(yhq_b#Bh@R)%>oUQh|Y&<J{i&U
zcK1j0hdX`U%Nio7r-WW#=aKG?!^;}@?ydp8JEB+aLN$v+_3De5Hr~_KeUchSsD-ys
z2T-mPmJ*6a=nS5Y7*2Nbd{6(;h(U?Ylg}9z8#Sf!(j~CAvUezXBWI<-S`ki-=KEKG
zVbx5Eb>!$s-vy_Xk|U?&Os5o1r4&jj#d1pV@cOXXHml-v&agdo#1yurezNOA(Ya&6
z$BvEOKAw8+kYp<w-ZZP$>YOvq4B1&RQ9tRq+$1?y%FdP3&b3p{wbwn8bBpZUGGdr<
zx*w~!aI54jk)0(Yh7rRbX3S|U@dRMmjF?7Dvl?Xjhd=z`9k+Mf^Fp!Yu9e-jA@lMP
z{7vrJ7t${GrK0pNHMcaYUT(Imvua+kaDWk=f8a!S|H3`+vxxCGdtjbu{#L4nQ@Wmw
z*PK8E)IRHx;&}d|AZu`8IXpk)YTl*c_Ad43a&4@|Pxkisg+_`*wOp<iHsKc0o$M6+
zJ|E%7S|zVTX}6B!r~Mt#mg_jxe|NXgbEK!67utZ^f`1<+fJU;|M|GpT8Lec=ku5pX
zmcl7Z;ds4dDU&T_!y9J|DI-hoAAE3dwB>>OhVNtbIAhMbuyj22;tI)JESrl%+G3#q
ziAD5X1N}#OjwaQS4FPPF8ja$vEji+)A(tM5aai3W<{NJpKW_Gn<&<$=PAvw_B^sUI
zf?<#`_7{$`i_3PTkDV;$Y-7LGac<_a3~2%yUVk?y*!>3aFD+T(qsQ#xS#yTQ$i`2G
zSo@$oTN}{wrV~_sD#D|?a`7qRn)`AYzS-}-IV0ncE}-*K(oY=7Qa`|nFQsIbTYFT=
zq;g0f(4+XOA-x|j7P|s^vCdd7{<7LG?zqp+>BW~*JYw;%H}Mvq)^lzzpPEETR6_>8
zIhKS<g+vfd<K!J<?{QpiJg#HNxB!~#W;D|RXlXa2r7VD!J|9iIToZi{jeCBWW5}{V
z5*|Kdez~m+pk?w|^U-Vzpk>d`G&p1rsD(2D12s{i()gU@Dt&+p80TT+-h^SAhmm&^
zM#?;l{Le2(mwKLcE6N<%nCGE*Z%V{M7-G+foM6Bzr~|fn5ejdLpblsP+JG)#2p9vV
zKuW+Iumr3DTfoj2T{Q8<7j+;MC2bLH=PCcO!8C&2zEeKG_i(p&;PCP8E`LqL(B0p8
zxVM{cjTlb~19$iE-9kAR6g(*NU;)LbiFwDPmc{1hvYLoBI%#+K{k<JNfk?|>K8uzV
z5RcpJt*eQcy9NeM^mKRhclLD;7BTEOKEMqsW$Yj5ukP+U=|5AWlqZ*=#&VCR8G98Y
zO)wppU!s(;Hlh={JA3;grmo%|@B<w^e8d`c`ntP>Zhyqy$@lg2cO=4H%p(}{iK3ZK
z`MQM;VW77=;!NgQC?Jxeq{6~o$>A&{k{Zospx=iysEC7WlisB!R&?d1M1P&Lj3Go@
zr^zpz>aH1VN{+<dPVBGCs9XTIB^fvViiBUg0RF}W@s$doIExpEvne@F^etnRO|h0P
z5Nq4th?U4MxIj!LwO9wJiML8^q5<N)BGGxuO~Nhcm%?oXZYR)A-~fSx1P&4CAkYZ_
z24@d$L18cX>?5$B01b(9YeaLj+n?ZuA}P0Y_MYnAC<p^WM0<E(pjVlK(>H8vZP~wl
zUq{RSeVaRW?b&(DmJJ*C2&<7sMAtiT8ofr-)9;UDCE@MexOeZCooyZa_HFM7?u}$5
z1+L$@bK91U9c?W;Hb(RUW9rHs!cI!jNOjeLallGGuiz0&til+^KUx(*stX_SrNqO{
zy%c`V33fricw<>BQ@PLw?9CMI*O=>uRbhMjql1qOUML+el<Xz4y<~WE*kBJCJYiS*
zh;hc8K6>mKtz<5d%_YQpEuOJugfeR-Tb*pH3k8jJ@7SE9E5;hnH;$VomP)S0vTLzq
zTO!+*3~!pT$AVJctZI>5>txqD$-Z8;ub;MWnX+$@?Av7fwrTtBDf@28zE`&IWqFSd
zg$%{`v78zuTa#>S3K^Sb(mWT8PgowejCZ`bY?qX=Th7=Wl+yOdX?uougbisIxG6(s
z$dJjRt&(i3W!vhIarHY+yun!S`QGuSH<xUc+}mXLHp#hNc5a_`?wNA#k(~Qv=f2@>
zVY8dwZ!O2-H%qoPvTaSsxaNi{o4sAi#5&1UE4ylkw}%a`kRdzl$s7q<sDgT**&vzA
zWpg<tu!_ZBA=y^Swv{2{%6Cu+jnl58DOb_>)=9PGs+V2$lD$E;H%!}CP1#pT_D0#>
zIBj1)WnX`Ny=31k+cytyCMM1@?eI=Hz|>9@N{(vTQ7u_&WJ}GorD4j_AX%2lmf$k5
za}L+&_UW|ZskGwp1CxbP+EO`fspMEDJC;p58mAnMlA~F6G!Ji~3bagTESkz#G?9O;
zP|9eMGn%BdW;v~SI&H&L+6F1DRZeRi-ZA6OyihfrRWX%S5vpvwc38@4k+WJP_d40V
zZrZ(h%Dq`~Z<XC!hj#{NvT`r<PUqE3<<*30H(Wm~<!zDkwn$l9<*cpKS-YmPc1c-#
z<g7g*ttY9Rp(U+S+9o+|ljPVeJ2p={+NK<Bl4F<b*oA_ori~t)PA{2CFB$I*HEfa6
zx60{TrPOV5>bB|B-BYQ%rPRH0>fYh4!I_Ng3)`o2s-|+PLe*=p7fLxB<(!RDMys6B
zI-Rk7Dr38p(I#iKg|z863=mJ8x?8xg-GhcQb#gP#oKS9u<h)aM-Wjso8Mc#%VY)-{
zKPWj5$<9L|%b~D6gZvLG{&z~wPTAQRvUG;+IYA0Iq6F}gvs-p{hb-M;d)}-{W3nOr
zu;cdkG-{XaeHFm0N^P~x>Q#=SMDU>nf-@=ATe$HQ<<5$^Pjc>;o%=(U{YW4!JDipi
z&MXZNcnWW1c*E&g;mpEtZbdl1CS0_P+*!rpf+e%Alysy)!0fQ-XH^Q&=@s7Ibz120
zgEpM(>0p8oWP88BgEDjxhY-7ra4>HFDM0b9KV^s$k6Oe}Y{?Q|{GDB+4yeU~Kf6VT
zF;#r%ZL2n*@u!f~o1V>s@3|XNGEe-yn#3Hxm85hX9<`01D&um*?|2;IXq8QT<tN$t
zQBGJ9(6Y2H|H|PU()mrX5`c-;u~aj3z_JF!m*37P(%sC%C&kb!<<PjnfTMtWc>Vkc
zB$N*sctb!JEvAk)D8)=<?6=Qx&n=K4p1gsQ&*2TcCRwKF=itNG%dubRxI8B8h`YXR
zTNlvrM#_gb&B@vH|2=2ZKbmt8Ij2xQ0aEgq+ad<xRKLHcuRCI&*Ap0TCiDYU*iC?D
zRW=_-Qj=IS)?*GLFycvKD-;HSLNTqAu0mJ~5RB;fQ++3W!eR1>>nd26V-qr)dCQG#
zx@5UWtS3($?(OO7P^PYkIa**gN0PuT^a4cezJXIhS9F%c1RHThJ?74-K4TELu_;oS
z9$g(t>37`S(|uYv1GMw__q~PIgEXC%@z~Z&{)>YXrBeQ4Ie)Q~wnR=_GQ8u4Gk@Ay
zH03NB-y%6{WM|Frwi!d}XyqlpWGI#m#TetdO<dTVGj0x<EAb14t7}KLg)+(|OT|p}
z;?R<fQgy3b-8y0prIky@iW~NvX}fpI?j3ha_C>ON5oQ4-xaiUb$xt903f@y?>1<(7
z{#f9AV0^3Osg*soBgqrcd#VhREu2^U#PP?EPq-(YQeK0c*D$j41JI1T;Dvz~{F19d
zb~Vgu)TtSx_Gw4altY=89QCrJKIEvsk?xr_sI1=E6qO@?yeed`!7p65WYlt@1C!89
zT?6R&JD!42;nFYrB~PR5X+&b_Iia+&>9oqJw91K{*Y-$hYvr`Hp|rI(GPB<^Xj7f<
zs{n$(H>zA2=S$9&Jy!OfS-%)W5nyC{D6>kkRL|N}j*<yW$licoc-e|kODK1V<fxxn
zw(9TX7^-TyzC@Y3LTRl@StjMUTfdyLT+XswB3bHZ9V$y^NSmRMLwnaLK_CeP(!$+6
zUELpA%UVwP2lgsYWs#Kr?$fc3sBIhQ@9t8IU(}{?Uls58W{tS?rEIa$Xmbji1FGY3
zC4$i6H;Mo8ts?P8rFZNpD_7(pb%!ryE>1uV@_62yBd%GNYD>~TXrX_|HmG^%4nZ18
z`#==)E1$KAn>{({iofbO6rRc@tU+dd8AZ@kyj7XcvMXg-#W6qt^o#&Nu^Ep=MWk4U
zc&wn$h62Vh5Q`B;Do5<U+}I|ZL=wVX1W3s>k5VwE9b<XkSZC;@@l?2McYK7-r7J;y
zBqtuQ0AVTD3#7mm0tD^`h}e4iy9OX69#v*CAx;~7^zO=_SB88+$4Q}^TDTkS-0$o0
z_rRr)myWwhO7IB}5TW=t{QF1&J*=8Vx6K`^IbSoLDLE@;XXOF|eFry@FPCqoF~5VG
z$;`QM;E9gMJ3`gX*VR()dO3H!l(|99+%TQFbt-eKl(}8b+&*Fp+jD7#-@%2e8|CWl
zG1_n=XwQ7~zDMr6a3sc%-^7L6!$#YPJ{)6BC0C{FsvO>a6EhmcGq`0#HI;2A_vNmz
zF>TtIF=foSkPp7nSS=f?!GkQ<gGE`c|Eb>mKzH!|qYoaP)e$<Fjq(-pqP7vsXoqAh
z2~$e-l+pq2>+9nwg)(cv*&6F*V?B~;qNJLXq+%%@pp<Hx<(l>pODMfUGFFDzZ`MFb
zDGA1*5ngOeUj2??54UZ8AL^nO*BycW+7G4aNAM(klv<0pmYB-a(b0vW41K^6VW5vq
z7av3Do1$Rq*A~Ea^_Ql1)WJ`{B|J*t908*G!eazJ1%O^Quk%vILMnkrC|s?`b*4UO
z=6flRq!L)7q8AGlK8*-J#J`UKgf54BEakko%lal)AeP$J8-%0q7aqBK()I|a6Sm+%
z{F8lgD&-R~?K^W)5nhEZagD>B{y5=&hQK8Pq^cI45RW@bxI%H%k*j+S9zVbOB}bS$
zvLGtqKS|&z0-poGyHF&7-mu&t{MA^`5)xL0R6e2(%DBSPfjH|d)xQ8AH7Dk{9>zO;
z-t|H7U*K_Bds9K-Tdol%aTC5s;7f|fRdW9`fiDA4b*Mtlt`?Mx5{{TQw|8u5>)5fm
z9ismi;1hjqawSSNcR54MN-x*bFm`j|mh}6uGWACK4Xu$$->t%^_|I8Q>7+vtzDeL)
z1YRfbhN#cJZ^Z&lAJLyW$#<etQL6}FCBOrK#rYb!zfRyA;@7ipOS=rGkJ!a%4N<QY
z%X13#--X|D?&|KG&1#hA@w`HHkc!ZHQyJii{zu8PP8iYl_CT2s&p4v*JbALapD#}l
zLWDC#VE%i+FJe5>(~A;gk$@^ZVid4?*TEm|6R5g<DJqpUQAR4{=7K`~4-nMFT|HS~
z<xt4`3Vmws74bL44QgSVxTs_qH!60NxbH|*(3`+#Jtt!7?myMnEyU~SX$pCUz~>2k
zp8&NibbbS;`gvA|5xs9f@OSeO4Y7-cXkCimD=G6(M^g%FfGb*;C}e7BmHsF28RV|6
zFSTegD9Ov}h`Odu>6>bX4aB46Thy00@k`}(hiTBGMp;?khFckMH^{|`MOBO3S#ACl
z?uenYmsCK!FikkDyN1a>g%!P<?>II%ZxC##sM5a&luvQu-4&Nmb>N4z9%XW*R*q;-
z;!WQj%}090;)k{C(-STBDrNE-fzi+HspEnlkdyV!-;wM01d0j#k-+~DSRgXyTQ;|{
zwpmR`tOrs3B>Ijr$nC;!$oIDdSY|9AmLoE=CgmpHSiGcsf$V%F9YvcZc0;YNUQ(d{
zGeSPkT|K<yX|;)}Uf2k5)wOiDCXI~~s^^Ho*V%Wn7c*|Xc+ZNRo3;_&3;`legRZ!i
zu(Lm=2?yaw9{c6Gh?NrQ@t@+mS;r2Gwv}0CEY7NguTWZ}V*SdBwFzk>Q9<#3EBuHM
ziBu?5kU9iL78O~cGAd5Iv~uzKC&+{4&$<KUK|^Rx6(~GLnxb@z3L()2JHZ0<x38wI
z`ZK35poBhtHNEjJZW${nOYh_GE$0Lm-L%552q&J8K!H9j04jPImHf4)rRr?8_}iw9
zptdWU8@Evhj->efSf=;+d%Apr6Zv6Ko$6E87`qUTWU1m=VuF>zO+2tW`@68J&l10r
zk*e#>ZoLP=ZngNs=JUv4V9k}fUr+)Z8!gdvB8H<F3@4++g%-r)MI>6XZEdDL8-Ar~
z@%Y-q<^n39hBW_wygI!$q{+)c7%PPUixSmkE@B{Ibl{X<SOrw^^$jOl<~9LxcM1QC
zitnJ5412oo0=MRm7?9)uh+#s|jA)^B=Y=(t$~_xzDW#fcy`GH@EV;9s*+^1R5M?iX
zR(yYBF}G37Y|Zx;QU<P$Bi;V4V;z0noxW2-HyJDVgq1*DtiF0%>r0wL!a6Dp5h)NB
zHrlGmV=aMtN;2N*Fo~@q4>m8T5gubxV)|J!jvx*Kt35&^F!!iM|JIB4LW(2;KcYP{
zAoPiu+e*OPL+HqgXlQwwhrLD*H>BsG$Ox$KuZ7M<FZOM_wc60XJ)pUNE0i00UekyK
z=B}<KOd)vVgQ|dL>`5!^HI^Su)tIiNh>vbtYB$Wafq>|7S5LNPaX>$Imyz@6%!s3n
z#c_~IgX6@tzw&Gks9;*54;ZdkK99ciJoP7b4H;pILA^S99XH2ZSP|1*u_o(Hma2wK
z0h4&=xUxPhPCw)><@LPniai-`D8-)}O9v_q({a1_R*Hu!7)#Z0S$f`aL<9M3{IXl@
z`(ch3#v9b8(d)P~=7Jf=twZL3`Tuox=Hsq8+0`l8-45|+$b6rf#3Z`IAY@T2C)mfR
zgq$HWpW37HSBg7&v&3KRFnN=(V`e1f&NjhIO<%x??zX}$G#s$bcM@c-i&^2+-cx=0
z^yzBq6V>SbuweiT$|o(->k$Wa&i%FxjxkuO1XPC##obNmVokXnDm<(Bf86$<s6Jb?
zS0#9XbD3kK<FZDfJkP>QnN88ti0ClV_F+mR-_zxXtaY+^u(act-+z+XiF63cV618E
z9q8)p^)=Td@cPl=eHBP#SQWCgD8DC<k9SQh{rHx>qppW<JA2zFeHWIV8+>dq9?rP`
zedQc9MgzX?yZ-;ZnXrNCawC9m?z;%B@cBnyf)-6<FOh$1i2c5jb<K6H`x(vn`X`M~
z8(%1z=)PQWr9ue{;>KPA3~(}?6Y8mEi>OE?1WE}o0h$OyxmzJ)ez+rgrC|k{W+SF}
zLq~K_+xGbq<Rw8Bg$hcol2Zj$LKQiQ1}ZF<o~DLVK1N;y8+lg~LM?$7dZdZ5+%l)M
zjQBQDI3tjZUN+F<3Ia<BECYyW{oVKY1zJk?S&#<$iq~smkWD73J2MvVMBp7%h1~#<
zs2!>dZ>XR?<Zc+=8P4$zZwMP~AwyQUqH)B2!6q5Y#P*$q!4YlPWDS`z!xcNC-ZS>J
zv%xUyMUxx;b?cY5esTLhZ%40@EG@F7CG2!VYIUT%rviAN!0+`cbLu0dqn?Lr&(=b(
zWwL%?R2iM4WtSQxgI6|qA%E*`=fXzMv@vhWn5Q(}_0z8py)yK2Rq$KXj8gusGNAD`
z*?3#Xc-u@$>e<>0T@$6(YD2sBg;MrQDf{J={a4TLJj3n(W|4cNSM|-6E!K@L&8vC~
z9$s~6H+l@OdNkzD;>exN++O>p3eBsvEtXB3=C#!v9$x3H1Z}CCN;I$MGoKROri!a~
z?!JrTmWxw+YI0~6kEEb0oa*-x*MpgO7d6BV_=|aai;4;f!Hx0Q)eX&tK&lNt*1Tys
z+b0|XYEUimdmjaN`u^TUoP%+FtoJb%^ABRx{_58Kl;SM_5VaEQ5}V-|D@lbw#&-}}
zoIS<DDpvMmEDFv4Pwdaq9|q2dT6}5$r`rk;i#TgsX=}mzDSEYtiOqe72lz7|I(9NM
zw$9!I%2ashL(jfbU=R;r5w<GI0#<n;2Oa8Sv!L3m6&-I^ijJRVGWB}RXD|bOMs-OI
zwLWIXfS%mE=AwGY2!d=1XfZ>=k_5{SC<6?)CN*hh7#8WS=-JdF?!M#|Q`XtjhD`l+
zm_BQ6M%LVf%nv0Q=p?jpu=h}t#m5!nyxA}XvtfJ&BojkcB>=Du(Ooem&vKXzF+I`5
z8=VfH{i!<(iw!AP%*lvDmVjkEW$fiLuFxT*`E{{Gk%3w4AJ1^J<qoT#+B13u%*U<b
zxekxP%3J2nmRih~u<Bax(LFk33)qq~r<INcGB>IIcJ^D9?E5p3wl-D(l#N(9c42lj
zz^>RDuz;bl-mdD`#%9B$BHNCqQjwdYMP@Uu?LHfuadF3tTO3O<I^)`S8)n?Hgm1tm
z{%D6Mm=r6PSGm0nlP)aw4C}f(g>JzM&W&c`h!v{fV*^6ZAe(=MweV{dS^ycZDr_Ow
zLNt9H@?{1$<!KQ&j1oE&b!KN*kXUX-TN&}pQ+Cpd91W(#R3L1n45+f=6n-v&XG3!>
zg|hLvgOC#>Ug1T_uZ2(;owo-Co_wgb6ds&W`)=|hLLaeob|p%vObTokNT&S?3ruXS
zLjM;O2q`&F$Gmq8MmYwdA6cHGso`U>sUa<U+O>EJW&~`h9Lw$2v}tSAl(kB-*2vbH
zP|C7NEdYMQ>u)%V!<mc68$+3k@dNd@W0?~GmZnBkZUId!j*uZIT-Y#T7{$brKVx^D
z9lTIJSy&RXuaN93Wc!L~`<f~Hn(GE->3u{?(~cu#$`N<%tm57ghjwNLt-AafYuee4
z3wtNZL)He#+8|pSkddk3nlbFm8mm5EeXjPg+G*#aDd(aI&$Y~ubCKj+FFV(dtPd}$
ze9`or>9YBXIh4NollvZPAJ?4gc&uZz<C=4%b;ji$z2~u@<SLV0Wwc}ya@9jAYEn{X
zS<I?}c*dk=YQUtH9CGs`3}K_OZVqDsf4~%INj<w}R;Aa$Vj%`#u>0t-M~*#w{Os{*
zTmF<Sf7~!>3fb}{+bTI|TQ#DYRclOzfBR)dTK|ChmF-yH=1heN5O!x@*gJY~q?P_)
zu4^hJb6prl)IYZ3;i0ob7mkb{4%ruljPrj$Bg<d$-*+_y&!8W@ve>=Rtoo**rD8*~
z=39#`c=%SccB9(xs#*j0t2&O{dgeCUH(NEYW|eO$*1V>zXsuPhR>P6I*0o8edtI%D
z`*kfxZe1q1^ElwYUTh_}ICZm8^M;yy-Z1I_BgVsI$VA3)Nvq?e<O5U5{q{V1?|ge<
zp7RsK8NH4JL%HS(V*w6!?P_JASmZ8Nkvz5PGcaVoG;clmAd(tV4{3&A3+pSuqLKCl
zOU;)Jx9$WZ_`Y<}a9?@0nynaVHmDAL59{c2=9+*GqFk2K$DPecDua$mb{ajeR;)Nv
zE*5FYCRTj;cgnPrj6T1}n3LH2>yB<JSiMl<hB=7`A+8z(ZNSi_=CG)AR;B`DNomkg
zOSSA<6RYbc#u*QqOS|vs?D8`MyLaEfYro5w+X0Y{h`NWgphQI!K3R9ysR3v_iOMNL
zIg`SfuBVRt4g&-u#xBs;BLlrWRA!72vb4+!j|`>>7M4U1Bi1OH>gXopF{b>9ScHMo
z9kCKZ{eTj~YSCu|ew6D~gr!J9g6I+Hk0N#)J`;>b7Y0%AYv>ui^>ARdxuPX(#H!7%
zOG_`Ve#SSkVxoCckjhrcWviyk)=rhJmCDx1W$UEu^>X(5ka3stdrzmS#G(s;q%9lX
zHtM-h4f1D9C+;@wf_c1aDx)0h&Jzc&t)Hr16RHlbd37+f=k_-bbV!@-lsDZOs$LVe
zyGHzBJ8Yl~x_kykG&A<h3q@GYwinBGEN643^spsu#*=lS{)y#}FCSkuAxPOv<m@Gq
zr(X8dPkUBQc~(lE)v{;xh$U?HOq;z^X0K!}l+A_DbWJRpsF^%0m9CUaSN2bru9+%b
zBbBzur7hE?Tc=95N~PQ7((O~`?IH7avOg+%qU`aq@!|=!lvOEbRZ8wE*<Cg5UNYrg
zBDou6cf-ggR$9)QANJ&p+UV~OVY7Xtfr(ua6B&9k<5j2uCS7U8q=5N*161rB%BUlz
zF`2iTJM;wS+|CUq6E-Wl^fIuSbB3cfHXM^oQeYZ0_C*tynctY4#C#;OpV6cTG~)fg
zq!nK~wvUjNjV?W?!6?zU4H|0c<$Se+dE26!aJ=N<jrLXVk<K0%3$OADchRU203sIF
ze|LcA=semDJ$HP(2(-p2)DVcPtJoL;@6QIty%cmefsH{LKd0gJ5w&4`T~T<>>*%cN
zg>JUc+D{5eY)!cj(f*zK`E^7cR$&gRTnD)eUA^LyC685J=#iX@WGCo<1%7{}KL=Td
z#`>x)E0n$M+71BxB-?h`wmoEoS)Oxr@01}UWXQO%ZK8fErzVtB^X22$J>M>tmhF_6
z?ZhLZhAsDedu!;{JKnsLm$rAy+q*;6cTe2<;(_N5T+5THH_O$VL-?JzJ7l>BKdfik
zAxi?xsurnDDOkp|xQ4+c;x#_>Y=`#rzy@eU4nQi2i71B-iSL=*>wczPsKYJLvp6E_
z0S$WAoY{iRr_komeI+^;2bv$H^K%*efZDH*b*!Wm<{=rQ9ZOBhJGc04kAr#^hg{O~
zj;b)Ps5huaxkKN_oWXLz8{&fPm64^c<IZNngzMbVqOlY`moF~ep-_Fy6pFXT$QzP(
z0a!ri^@0bqK0T^EEHWumosu@X6L<Df@-{E*=xF(sTijxIKz!rPmo(ywcVxO!=GBfR
zkiy2DaZdF>uv@TtOjJFkTsEf>|8yX04>q~kpu#k5P|>2)^RbeUpaoee_82h3Don%M
zhb;YM3_*$wc18WMTcTgh8z6OQ$E{*&N*eT@0lhz$sz<yqoUe{niEDn9!~)Xh2N(ku
zZ~_iKUF0544~G5uu^iC^THgJj>WU}1?|>F$v<=##GiG1sJxxpM>IU=UB!Q+I-`}7K
z!VnE=n)ej-lMk*z2O`1vCD>gJ{vT^}{^}16N)ELjrZKWp-3LV^EG>Ms%(8v3ES@2w
zL9x)AG9E1bhY)L+t}m|HrAd{kF`t5COm&RZnA^qYCMz5-dXjo6x-rZU#|5uwx>y`M
zuRgm2^`lmnwn)DLa+aWPj5#1iK(RPeGnFS6M`_By<UV&D|3gzF)+H5%XIWxCr{!2S
ziTmcLJY$F-1c}hKBYmj4R9ZJkM-1F>WYDa-2o}Tka@k%!Yd{Fu`WnY9=Peg*8Q&v0
z7Rio9lBHa>luuh~r!2LSWwC5oJgbSN!BSIZIUN%xBU)-}wp_R`Vmi_z?DzTGz^O)z
zy`72+3l!A6N^8?1UnB)+cm-l;BPK#qoLZ^_)&xLeS6q?YE4IB>DGs&giGQgqrrm9t
zwnXp2!d#+KPa!L;6g`gkl&dPLJ2p1<cJ>|SJ4thVB06z(ELf3IJTs`7k2L7Rsux@n
z`(C{5x!Wd>!^XFIqa3W>D3!O$<*n1@JEzKbO69xd^4-JGm;)P{>}PR<-94M-5_4NJ
z6PRET*|Hfn-JS07A7e};n-n9icp(*`ovJ3{R6K*7Clr2;Je3t>9(f9HQN~tf=2Rw4
z@})Twi&E%W%JLx_bZ5xZ%=(<db`oQW4j5f8q=jZYv3Wb{rpEGNAHm6!9YG58S&?{*
z<(xAer!7>y!l#kn|3e+~n*fZ{yj~XCc0j5)C|4Ye^Nld1C$6zgnPj(LI~2;^j-O=P
zA=`F@j4-rklWg$s&$4H}-5$EF<IT=)X~z+H$B|IY>4~E+o_OxWwHm2ri(IoMgkSIJ
zkmU@1b7xtaWR0qlGRW@4j+W@4&jm<kM}rA|6autw?DYB57X~N5iPp%T8pTe3+O>4b
zg&hgYW!G|SWWY9nuCb%%k6z%%*GcX&*<Ge^9MjI4DQAu3tdpH}BZjDLc>0CYjNhGD
zG+og&RnZh`-X&G+mMeD0xZu6-)NKk|Tw%-FPj)|cV!TXpSIF*)kY%m%0|T>|G|-Dv
zU|=<39z8g|3h!j09R{XbVJ;3u^Zqxo0PvHXx5&<0LY7;^&^_tFuUA|@_~zbQrB%1d
zt8NQ<moVH-l5?}{+#IrO#{StTIk}OuXjX@Z_lUN@zS5mCk^-Ymi%T|_PE>@<4fugG
z9@#vy8448HS~jsNWL=71*po}1H?VzS^9`frQS&3_8}8h2PVr23{&-OHtl=rcglV!t
z@~)7*E2Qj|a`wuZyn^wfXUm={o2Y~|Qn*SkTqWhLmh)Cm=e11bwMcpE<-GMXx!!Tt
zv!16s6Iqjcq=FT4!3rsNrJTERI(N-f?iwk#Mb2#rL+_taG2S|BHNX^J1@NB6WJ37?
zW&vvOK5%}Jrm{Fki$giP>1W;}nfJ(MY$Djh2Dm^&M>q>0e!=Aq4#P19qh_9q%AW>I
z*cchg)vw1BFq8|7Rx(~ZgyF@|zzrqME?6Z^o_y!<NacuxrBCfV1pQnlKR}z*O=8;~
zw|HX67F6VW9=igMa#wW8`e7z)7>10r3hJ{247@%nSb)Re4GM#UJ+L(NqZe;X=BXaw
zZq7P}3ze%*B_7ygnp+N2K!0;N=#U2x`II){qo^a{egY2wM6|nh?%j7;t!NFI!Z0po
z4Cc2o(ZlN>@OHw|=xDz;Y0|HW=r?TKzH#41NFe9fBGq|HmSls4BofH=OazHHcf{=P
z6iAdN>K92F@E?oq_=^WX>WBxx%_Nry*P)0l^Nclug{YQDW`bJM66={cbp3NEn2jc(
zzW@<ddyAJ|^L#0PGJmv8c2<X+)z^>8t#@MUP;LF>>F0tI!BLN#S{X{MyuL}^&@sGq
z##ukP>DmEhQ#*`CQ<qFGzlMD*o8;6@!&~1e4z6YbP$Lt7j!Mo_*;yJgHYz{t%L=>l
zMyqE{x)PWb0lZH@(iT9#PaWMcYl#Z@%?k+lYnX_X*gN%(HhY1rf{DDa+begp3VG=$
zFCFEjgC;czu(5|7sA$>K0|MVQN7lf}6tP_*aQr<n8z}4&dxjjhU@WLFX?Sc3;dL0B
z`iq(?h6P3h^j>T$w*}irjPVhn!LD#7tK76J{N!`#L311Hwu5%Cs^HD4V<nGhcJ1FM
zJdMU}E!SZA66Tc=6P8qAp4BOwVXNN4Me37@j$M@K*oqNgqGQKWt-+F5l30y3SmHg%
zj*k*!y_hmpr0J)~#e`|%u#{O`k)|^e9g>wB9D!2f!ezuMq5k+!h=M7+Sm{8^lRMDz
zkdc1jBlff#X?fwyyl{Fh_)HhEp#UZm^(O!j-MRfKE!v;faeuW#t(9yovaKa#Y?;-l
zYSwbl8wmwhZ@)$6_Wu+m5=H^urPl!qbeKF6y0^FKk!+L{!^x+~)kWYL0wjqEHvl3U
z995y%7#W1;#0PF`;|fLTwhH~1@#+nltK97=+|{D?Jbg7YBV#L<v;f))Js$Cz3d2u6
z&;WIJb{(UA)50FH?@n)!OmEq;2rZJ}`okJ9segn+I7l(sf(ck7mGH0h$V}l_6nZP+
z1^B%?N&$-qd;q_Q9=1v+Px&EQB(kQsFiFGW$w_|)+g9UKQvNqHg{TKkfK}chdO8b(
z35J<ojxEj#JITdrji+20$I5DLp$a2AHCAhEVJBi!io^CVK=c!6?X^5z>3m<Obe|)@
z>WwNWPvJ#bKV%h<%&&?+>0F*SL9c0GMx8xfY>7ws1|`Clem@XbAFe|496Ow&e+|A{
zG*=%vyjbg|n)}ceU(2QawugitUX_mgZ~d}(tF>VUiB~|(=;RCZLT@0csG-I%8xX>;
z#Xk$>>T&2p`fr0V+F*aNgI*wESt<Nb{6hcgYT+~FD<TopF`2h1CVZ@k<3m|#jYXX3
z892^u5g!=%RQ?vkXhUBhra|~6z+3?^n)`K)*nRR2<o>Ob_Z9zw5WN79Fn@&`EIaAY
z4(dEnLz!r-*EQm~yJ`{Z<-1l@d<`W6F<`56uT$w*uZj1whymO^spo{RiY3Co6j2vr
zuh=Ghhp@j3uu#3cN%c}9w)yHk1&A_e-^qHVmn3<tV3rC0CSLIEPhTk8?~7{x;^0e^
zIva~*ACPF3`TdafO`>RQd`7g#2YUJy75jDaWZf-Q>2B=xs3GSJBi8#4kRNrqh&^VR
z;EEYY&gp;RtN!Zd?-MTdG<JN8*L$ZzBx6t^mZ`MMtfOzB>qN}dLHI938Pi;?JGD#;
zGl!#RTDf4n+X?@Pz{^q9<^rW0RIl=aIbl^2@16o1pOh>cXbO3XQuQ+OO$;nXFqXqF
zY2%4lb#I~mZTNnmxw`LOHy4~lLyf7rRqY(FYFG1Kz5u3px^@j;$eVCNlNR?B+;w~r
zZ^2!UyA^i>?l#<wxZ82Z@ezC~?kRY7;%-JfI!MdXZRJa#Gtv@WeIEbH)oz1-DWCCR
zaDITDFJmWcIrv3<E)qyZLV375`EouVcNfor7p#bw=j@1TQ}*eVAZ<D<f{uy7Oa%#=
zqbkXOw=e{d#3tC`f%!|z{nqOcn}#+MQ;a>K+98eKeE#V&@#GK8YQJ5)^0^FgTZRpa
zw+>POvCHogzxLVEEO-$Yr+86v(F@wrabs2$g3SppUPo=HT;S;EqHB4**piV!>BV(>
z$q3?_j4TR{bK1$l=l?THJUVQ(Cnsv6L~{@;?wuTqw3`ZoBUZ3^2<8|9Z8TxmJOoP&
z!TDDZtT6;A&Xj9j3N}KhK_Sy(2)rGd$JC2z_@&4E{M9iRga(hedpOfdjmoY7H=Zdj
zzQgUFzo`~H8U>}Mq<dU9h3S>B-?_!r_uHH}CueCaJ*H+}rf6wbid;vQ6GF_~P`zIX
ztzMak!n<#hd*((lM5Ayk#c%(PB}irx(JP=+N~y`<GsWE>$<NG-g(THg3@eMzCaf)S
zr7UF1xSP*mrx(pF*-fX@_~+)WSMnCyK2n(JT`=D$2Imz!GxOBr1<bBT-14wR{C$d5
z6AjfA@UZCoNPd1%ERCZOL_3NTPeaB)EU%w^#O@}M^8SaC>eb}m%4)rKZt06}s@EN{
zG|^BdzT`@&c<6qQD`m)>l$beM;{|gQE1REKz&Kteo_iqOvwKdWW`0p1g;w6Kl;f3h
zQaIJw-TjASrLU~GsV~7QYM4%J`Ugr-`PWL2np}b^CGTQR1-mU(2g&v9^6!tiuxYy*
zO9!gs<zns83|gueS3Y8KBsH!f+OcZ*TGp|uVv&<NRt&3-Urbo#@v(-)<8FS*O&zOV
ze0(`N1RG(R27akn@L+B&OuzW0CqP$0a_#=PmA~w!SC3{~zC1Z($O;QNTflmMX;O<?
zqb*u8H_;WzQE_UL6;Y!J7pzPU9kM4SX!maw3;rova|pVd7Y=5$@~aeCZeF=pCnxd%
zhxI8(z|PjEUK>hHN-}k!Ue`E3fk3KKX_ZYkbtPxO$-0s=DOqPUS?k<aZ$|a!YNAP{
zuSw42WM#mqWRkviUWhvuQZzpf$J>)}qk}zT$Q5w;%92{MCH4~O>ktdv=JUjHvI|o5
zdU5wd>8WW+-7Hqp4as?&Oq6HiypX?Eo~)ttK)PV$TLbAdOap2Brbgr(a43U0X&OxB
z*I|aqZ0d*>j_~Fkk`{0U()^us!;{O+Qpl*evN`!R{lun5uR!WTQPKjoD_cH~vG6<_
z4}{Ba#gdvQ+kr8?Bo_JR$*r?K7RD15ZHPZ@!&7`-VPVT+VHm8H3%Px2eml;8*nuNg
z?f7qt(~QjAofn~x>>#<7T}kCwL6dAS-rthKXb%9pkY{`@;dfoxom@dko0^4POn<kh
zO<}?J!fW0+Nedsiw4M+T62KUpbK;UBZILVt$*m78UL>Xao|8S$P;_+qX%k;Bqzz?H
z_<xEWkKD?QiU0aY9``Hp`;XjG_DM?WE`UfTW7T{5Ava@hF6|oV?>f`rJJa9QDqI)&
zk5%Zm5$=rm*vD3ye?!jS61YPQf9&}hl9fnsWU}#LJiz@c+>kvJcIHW7Up!l-zC|nk
z=xj42u)L4Ey&n>;x%22zq5G&}mOz`NAjHv4aB<?kkH5^lB)UKG5k<hvA@5fZN%*>W
z`4c;K3O(d;T#55F<_`d2Gwv3?K^}TV%Kj)}kfa*1MfZXo!@eXE&6&33<*R!i&6&H^
zPmSR$XaL%j%8uJsGc!#H$;lq`wgDoX>L;-;@Ul_(fIOHliGL9@+prN`ZGvf&@8m$g
z`0LU1#Uu$u9EtW&c8x+LW;OjggeFyODknCat5QFs6%U`g7A#O+Ii8JRr1vlpNC8kx
zz46xjP|++SJ>S{gH_%_+q(~6&AbGYyTG^M@M`fmbVS`F1W<^g|V{$1pE94bB?T(qd
z1|v@9nRJ$2#KHXLoLCo0jW6esZ7mtZM{IE~ww4`R+{4;l{3JFZNF~XLBPJb3(8CME
z*lK~D<May9XsaSw^Dz_0$=wvDoVwEmEfwh>kI|+zI;B;+9nx$hb6!FUGPc*8n4?;&
zL*cxN?9Q}Azo2sblED8a!0dwW5}!QZyz5P>)gKY~J^|XFDUjF>g<JobxaufY*MFec
ze<VQEMEDqipAh&i0g{fzwc<zCx+7X&ckhuzGh%R2`zX?2#2$Zzs7H!ICD?xayOEOk
zD{;C09ZK>yV#Q;{O*D8|>JbOqLdnPXG5DB_jYIqtt7PmCQ1(4=)XV;Y^7!21OJB}Z
zW81;gj};j#TKHrb#qT^;7@To0ns7_*I@w(}VxGzIj%QEYE*C79a#qMWD@L@kF_TuV
zvM1W(3s&TrHB(qJeqyp#E?p-Tu9pkflV|>nw`hFZq*X3%mb`0Z?;7&V4QG{%AD6Qh
zkJx7lipM)9+vSqAQbCJc&_cn%JX$@goh*wlnvridB|k8EVqWs4<rB5nYUK);!)=pG
zw-IL1%p#nr5^CHbSG7rtcFK!(l5fdORqdobw06H-cZ*bYt6X&}`Iaw`>OPdZsB}Cy
z8Ia31NJSgvqK$;=ovEmv7zj1*mTUG%6?^51z2sYVBPTDMl?yxSW@w86m?w<2D(bJ~
zN#!f$@|EOMdUf`(XZ0Ye|8X%>{NiUmvh5dWIH*ChsWnK?A>@#25rO|g5LV>N;U;}o
z)EIzy52m&x4p^xHSrYs&X~p2hZ7k(i_lndViVz7&m$0PCgHnwcdob<v(hip&P<G3b
zQ%AS-51bryBqu*`@-?ma-<LWV!D8ej$<P5^Mlt0rg#+t}bJh^SU2%A(;<JmbS!kIF
z#Gp~JgMl?(MlI-)f1qoix0d#!_VCr{_BbZSk6Fq|#di@{rUt>7QxlQ2_$X0gG1LD+
z@7%I4gz+EL#fkeER^1?*YdW3JTE@VHU#?x3cvM^(jVVPa0DhM{{vLQjk(9Tt6L)T@
zq?JkT5*-hvZX49sGMa<NYg7uJT<)kP1c;?Vnm|wo^A;?1JY1qO=dv<muhz7)a>`jL
zIjd<g&Aya=1^72ERf_o!meRz`lY08G8M1kyVy4F{kBnppj~(q<uwY5&qR4->ur_QR
zi2jT#1U3qS#dxc~*J&=1{U$2brW}PC>o~&d1<Eb-;{6AU7A$3S4@q>F$TXF+H78c9
zWJGD-f!{T)ykeW;gxv<KQ^vO?*{>t6()`5gjH$$e@*FW#s1-Y3%MhO!aypV$!8K7k
z!|0Jj8u6}bPrCZ({KJ&7bS{2>S!oblFr65r0r#uD$=FVZ@uWlM>|zI@!J-}K9L+h;
zDC&#zaTzD8Z-aph9TnT5OagR>1Z-fE#xSMmV&?cNEJ;S~#Wslf<$2=oE*7g_EMhMR
zCs~MXjP85|Tat-*b8W$xaX}Kx^H0<qHFKMTndh+MWmx}Szz*zfYMCY^jh(OA`<35h
z@vHUM{VxYserx6HYhGC+t=}iF--n<}>&La9-g0rv6FVQ@DdkklIo0tfO4EH51rQzr
zfO@)(ihGzqEdk;Jl%*nKK^QXv7L+J1Yj9;1WCJ~J1c*5L2ZUfBsOKO~v0!zWq^w3_
z5&OKC8_fP2Zyur7Buz6`B%O7WIg+zkb~eM7#*;U8@A-Sjn<rtHvrP6Z!(nBxeXDvw
zE7^n9vK=Q9ai)y0%QM;#cI3=I>vBX#$R*FDN%m6NUOEStRpqr3)Q^<CU&fO$1BTzS
zxhPb&9LK)n7j|WhE@ys)q0(g`GyTG@%+Y1c%AM-78Yi5f#IY;Be0?2KWAZS@`OX@#
z#hq0SJ%=i>hhwRVOWIVAFjND(ly3?AsM4D`#LczSxCv!C#kmMJpSolbd`KPOghepw
zjjNEMe>FffbUS(dAaXdtG7@Y7PTAq^*sJo#mBkRXRq<^byRcags;uL2jXB)rXen|2
z;6)AF%7^5hkCk1;%uk|=?Kj!n>X^-~hPR$ziTLzbjJHJ>;2V>ymthyntc=s<t2dx}
zP(sE&&~py$NsgI0r`eKBRul~JN0kL*kLx+*$an{t8OO?ww~XS94Le&=ht7F*2xDAo
zxCB1$O2$BI>Tj;$W&Z3rQPKj2Wa*k}pHF9M@_2;>^zm~Ba)a(RHd2n^tcd7VeQ%G?
zi!(OZ@!d7baAb?tKckUK(sXn&x@Ij~y^J`ck_S${<|!3yriYC}%2A;cC)1Io!kojA
zsS88uvr<w`1cHA=f`cX7V!Hy^L;+(QeC6OKd)$O^LnM_M8R8=YzAk)(f|={nVt7Kp
zhg5=RTy1LySO1mNNtO)yy798Sw|~Iz#ffaaIFrR2<=7P(8BL~nt?*Nnx7;S!h$^u)
z#Vm3$I_x3WVdTc_1z?|nQ$du4@ii2ZPGFdVNxX?@VEK&2f1-AgpoIxjeDoAJR>yNz
z6{(6yb0M?=`R4sP!U=>87S5$~b9ZbewnNefJbWKT8gzOxSTEW|Zfb_59=3}&O3o(P
z*%Y!g-LR(0*2-B`z6s#~Gue3;{BnNtbpE=j{B_rxLwom2`M1dVw@BHy%GtM$Y@f+Y
zLTC)_-Y4bnm&r)*VCeRPQsyB!^U%oFusxeNy5jMa7xrDb{qlh;2d*_p)oZ4_YeGTq
zny{y6))dP!k@<U6g7@QPVF4dlRP`IVup@2SQ8wi$lN{x;qa4<OHwu@93rggI=5R^5
zT+&J=%1*L5cEY?cJ8w4CRBwa*NIlL{1duE^)AE96ym~fG<p|PwcGiR3jJq&Y)c!^j
z0DhADfb2dHavTWTvo7qNvU@`~;&R(${Z#R?Q1LS0&Z<@Et?Fx=UfTB6ZK2Hvq{f4C
z<H1>#s%e8dbm!6OJ5NmAc_P&7lkW7(cls57z%$$iHExKhK-iE5JveDn?LlePsZK~O
zIr$e(KXLEl_f9llTO#E*qw=NfHFEZv>FkYD*&C(oO>*`orQQ{^#%pN`S}4Euda;zb
zNzUAa3U^^c6lcZxzw}ynO72eC-5GLp-tbn<<P~1*`Sgj4Ctg@TshvC?l&V@}oOGSn
z0tu=X_Kg4|8)Qo*j6c)7vupmbc1g5a!o_xV-W)xF;G?0F`Pr7bO)kwV*&8Zxd)=ko
z<T1RS#Q|Pz{p>nR^VezA#I;fa3C~bo5z!DZokh=ico~n-{7jKA>8aqRoA8SG+H)(n
zeVm+(;y4fkCQp;(ag~4$9+8yTfkGX9Y~Qo6je@oUfKoj~?hyhH1BmCoQzs5S-%{<x
z1IocP7(^iy6QP?7F;bEKV3oN0g(7kIizaoePIO;cUr<1iQ|2k$6y3$kl-4zI@X9*1
zh7-SW<xq{6kU4fF9Wo@<p^$}Cg@1u7`EU^8_r#qqRI6{(iTAy*6cXvzuVjkfexa;^
z(hvyX<tYW65zpVFBtvx(I{_hTyE3oP2Xx{sUs#?)g%<vVEWmqGd*G~i=zdOt)RU(1
z3ybRFiX4!(cn!n$Zh%g##OIfEY(pfX^+A=@C%hzbFD}&|Mtj29_+o)O9!EGto^<Sn
zaEDs-z1UUCg6<@bP5_A3pP<4#O5hxU^8_9f|IdpXmd3FJN;+asC<y(`u8MUAW-D=&
z(qj|b4)N6FbIqh~R4i>s1&P;6Fsg^)0g0GZJ{kNZvDx#gYf2}6?2ES>San&{;xE3q
zNE<@R;{PmaD-(V}1>K-jB1?_3N=oh5@IWJ$q#W(;hq78|{((;X`j_eyjb-h8E02{_
zW~TW{6!r&{2h*LsM=mx~WfLCLqIt;0DuL<BzDg(%KcZT*x5z~*w}=S`wg`UMLHQyU
zY$XwUucqb3TNq#bfgz2bwFWi`ph1O4#7kGRR~)1|EuusgY#|EBCloJ%LIMQ<ku0(E
z&1_o{J(F&vyaaQjnEB6@+Y(kP$s{1+5IRpMA9KY9e~5BmL!XTi){!*y#yalmqyKE?
za9Gx7zMRKRieLS54a~sa{c@$+rn~C?myJg53s(<*V>8#x$O82@^s>X08mm|~#Mxk{
z3PazZUVwT0*kDABL-mMhgN+X~d2he8T>V3xn0<YaE4ccp>wCFY)*+Lrh_DZD3YjR8
zejVk+(tny<U6i^JT+2q<!ixd-1+n&(OcZ#_E6deC(TNYd@~^gygm?$N+e>hXYnQsO
z9{T3j)Y-)EE938f;NL2|N_e9LUK1N$`$!cV7WhWQ5hTlUq*8#uuzro?V%n}xz%Bml
zwWaDby_o-cg`$Ca6rP}5iGs6!#!8>4qEAr?c*>D_9BQej9|uk{*)CpaD3574GPSBm
zFG1NW#U4cTi1jeeN$ZHw4jfD={>SSUeIccne*TSg@i(s*so&RK^}O)}r!9c5xVX}N
zHT1t4bh%8Y{{bbr&>BF&cbnB-z1aEPRR<~BoYe+3m70-*-%-Ht2^161Q2^CtVwpnF
zlb-<qm6&)ZgYQHS&bZ`ZEcyHI)~+@Y63tXN@z12J_H^`|RPYnYv#E?NKioxy76^Pz
z><ryn#t0Hw;IRn_=W9_J`jBWc!4M^>S-l;NB&`6+-#WENiD)Bin#ull#2tDubt)<1
zI2HTvM{LuJn(wW!uv$b6m2g5WZu;J)ocF1~Uh?=WMLnPwfBwDt#VjJNtq5jB#|d|=
z;n+JTFUGJ17$Avla``rkg3CzEb&4GCXTl{aH<<@1EP0|orW0Nmpxi#E7v_qu$YtE`
z#h=S1S&ZRk%|*hK@GOA|0z1U=Hwz4fl;|n7xckitb*}#E(3=e!eF6NsINGLt^*_RQ
zaeIieqnDG;H=>887bbqfSxTaXA~T|wNiIh3w5L1q9W`3-K>uL_gW2B!9b`mc*_Elq
zPeiiRefq1<Mc&~y#c3t$J`sD=ZWgEbl0x|mh!x8sfyO8-qo{Kg&EofeSfsvNFaFOD
zCxWcR`h-QC@D9o|&l2vkI$;$TbJJ^pkLV+8_Daldjx6Zl%Z70Yy(shjI9};yUpjcA
ze7#;72@ILhu|zbYXo$u}R>GHDs4tc<bEk>x|Ena}fYg|7URX&krub!2R|`FoPEy!R
zE)tbklSC}EoY>RV*NyXWc;OrcGMdGD&?$N>BXE^~m)@m-Kp}x2Qz8V+T8zW9aMTT}
zVt=#hyVSbfI2!tI+>YqPKmOOEpjJnw?McAG>6U?MPXc;Qx03wk0{FEdkDH+0s>43G
zWRO>+gCv&>wsPAwV$qNO#l+r<-bH*->vlhl*Lz6)kme!nLpnO9F`(+<9?^~s7h&JE
z_l8}EuU9;xjy-1RapsKfh*n&6qlnXrcidPKBwGJTZNfsdTf^6lsE^>25)WEP)Al_6
zl?%3_i+LSPG<EzE-hjKFuOCs3a7WazB(=a|w1HWW8i7R?q$b?Sf;5F+8pUz~%gir}
zKBeKw!gnm^SK!O5x^^qRIJ%Nw#TUYDWA4>_G2HfU2k+)fE~@!PzWhNw>_waSN+j##
zn_(eE_M*%98r;*6uzEy;!qg(+bUq6T@HHQnh)=#%Vo>_tkHsZ#E!F=U>m6d>TRE7Q
zA9-s>-a~ry2%@@w!19KxV7y#*RfQ~7O6TDjFK&DL8PwLUw@Wyk7<qfA_}s7TdZ8YB
zr43^9e|KzvGMO2z8rxb2&9_yz?AlVjj}#$nTH41J@dpiul~bPHH6SMtoa<DKyWmz%
zygMwu_1~Fk!V&TqMbj!8V$!UNo*&<mOMN(!KIi)>ozXL*y7|G?c*Qbz;?pXLppWUr
zSASft&kcKWMo)?F|M=-O)O9|zB~B4w2b>|h_=UPqwA#e%&fi>fTs*WdU%a>7D=xZJ
zjIW}?CJqWjA3n^oS0#RNC{z61kll%+V73fliw!=>!ePt3fex1#_K4w>)D+?}mAy6C
zL0ybP0O&-EKNkmS;rHxTN(DzwMD**~*Wg&?eaNjARv?tkYao`4Zsk(_9424V$_U#5
zqB>}7UIlxpti(qQ%H1ctN%+qaD(x}2Ndawhz?PW4TouJ1Y@iAaCiz{YKJp}DL+^|e
z_xD{qIGtNPm0LY=>>3W;UoGdZmNFaV%*N@=byJz^lmqx7&6h61(IGCTsZfp%31<{W
zzl!9NGOFba=%uyRr3{Q}!!Gv)ess;~8v5eSy4->%+8=M9&`j)>a%<(>+H)zRn$i8?
zvZ`nAed^vPhn^l9HC)g<VS3#3Y4b(1<R}g~ilK`hQI3mHc*}F&aqI6voqtj-E_P=r
zpM_cVw$1L-)0uU!7SdeAGEqPrtt>%{x@!VlT(OJ~IMbAxu=+wvtCdxjhYh5Vewcmh
zM*R9u9XL^fjsjBKOyU!lJx*FcnXBz2rR$&FV*_QJvl!Y_eX?$pju@J&Q9f=Y?Q;sz
ze6&|Fa>2Pk>Da6_Z{>$mvD}O-H!DaXzMbp9PRUe?r(7&4PYIV$Ns~?$UzpHQe+%dy
z)(6yzYmQdc&^Bmh=ZaP{g{JUP6y&l-*?dm3hQJhkjNOc@Rlx(X(aaQ#5^7E9oT=nW
zh<A)<-wD5n=H$Rh!2wrPmnghSzA0o>avTCTeU{K1voOI%Zk8o&F@i|!JBHKC6~mM$
zhA-J9#fL8-cb%A{a2y_H6JP{iDTse_gnd?7eB!P8AahMn=l(Wc4g@fql{cMLJC#){
zWi2K<gKgLti0?gMd!E&K!&@EBDGC>sLQR)JYB~l|o!B0TSeaE*__#`DjhtCCow;Nx
zbIIgtxqfG8_g*P;pPadmbX#m7<b*xhqy8JIIJnCkv=#tb3&MGo(|NU1d9{-%%4XkD
z^Ngopyb|A#@ifSu2F#kN-f(vQtO3X@1_SR=-1iA2{Fn>+xV)nA)z7YZYRzQhb(dm_
z5GvaKhD*xbA?NNGO+jIvNqah&`DFIf*;AnRuBvca!E{>5R2mE{CX1!C<#O8cP}*|J
z)Si^VU(eKmQ{cw4l@+y7(@aIpmGaA#S1PZW<rTL`6}OC<E>ua5vT)VXQR{`{P=SU$
zLGP?5De=GkTJzqLDe7*Hp1|_uqocp<uG&zmdBxu1!tI;2^?={1)o!Rad}|q3jGOR%
z>Zin)C9T$);o+j?%^!>Qx2y1h-T%41D21IJQ$*`0;?Phb9nf$aY!B5mh;cXy(gA(P
zN4M}L7<FRBRnWkqR^M+2j#j}DbVpUZ?kSum-LHj9Pp+f|7sRHc7c<p!POPMl+2Hdv
z{e{u&3p6<93kJ=(K}<C#aRO!{M+-*xNoyj%1wwDe|GPfC@uCiAPOFc{_laOx%eYq+
zq>amrHZZb46hm1&)kcg1VDjlpPZ4uWpVfn771TWg5yLSY>oEWcKrj4|8eoRNe-Zc*
z0g{)LGZ_bv9t2S{B?B8J->F`I#K9h-Nd~)+CL>f4OJ8R{c6BMIg+#2;C*K(#cASFP
zFiCAM8c87`(Ul{}y_5%g1?Y@APj(*e!EvutP~_w5A#opH*&<z_Pv}JK821vTZM}%g
z=H<f(Q&w4ca@pw>+yKy+Fj<LpG@^CFj|otfDaJMQ%~jzi@Js&60V}BTJ;~_4t-*RW
zH4}$}Ih%b}{1qZzBz-PGyJm7q$M5~}1}SHyoU?LdM|k;$kZb!V>qqY$3!V>--;FcH
zJWFKH66Nqm9ESKt;m8J1rwgag2XT^t3mkZ=)j57ZE@@(}a7|sv;SD*0-f(LA1^4;9
z(Y#r;t{9Xs23W9n)@C5j7=Y&oP8E#7%<)4G!Z~Gf&eCu}O}Ml^lym69x(n;R?z(p1
zrH-$5ywM)I{eaYTP;NRXtvn>JJQU8zxlvRXD%wSKWLKzRS2(z+F0|<I<c4dlUuuKn
zjY@gz;ZW=0aBfK`cjLqXxq4%$d}Fw{Dpb6Ea+}<+Jyf?nTv8n>*)e%QUb-W+c*m?+
zUw{G<u&GLxhD++?l5MlO_B1RbD8OoC>~GS-b(}R+e^!OFa90>G9Jwg_V7Nc(#`p4I
zvcYy(kL~6-S5Ob8&d|2+-E-8%h|B)aL(Mm5)sif8VcW|?PGwpILTZH+nV3@}=o%5T
zvc;910S;-B^(g90KK#d|Z+03nOO16KWMZVXQ83Aktm8zpiUlfRKc^ma2NGGJ2gPPT
z&Z<mXSc99k7f;!X6-$ATeF>Y*!WPH0C1=W#gF`!S4XwE?RCqgnlBHd?w1+J1VOPc|
zSsG!KEL@`#ps_Wg^QRuhqva5<B`6ijCCmVXLhxsrv6oF;QBoDBqlzg6Z@@04S;oGo
z<I1!kn!{st9GAsn7<e6P6c=J7(Ob>9f%Z{}qZ#>HKIMc)?EFi<!Hj0KL}S<xgNZoS
zwtd3S)nk9MarHsrm#F$y;TM4O=-;~{T6@r?tO=8S2U`-RMg|pP?fUN&iHSdqYx)&E
zQZpwg33@=hjU!gJrrXiiiLWGp*byc1<!kY}UR(-;V*_!FHa*c3g^NF!<o8=@Y16{A
z0!M>S=PaAbSr#?c+<{MSg6)X6dzNgkATB7E*qUw3HTJnQt|FL`J9_G-ZgLYBWzP!P
z3)%W7`^>6q(i2*LFjRU7Kgn^2?6@Q3xPysl^dZ~TV{6W@8DEAoW?VJ0t46Zd%J$mH
z<@kVW$i8Y`B3o|@mEMk@<Y<>2?IA}yONCjwC=x8A?TkJX!A;sC86VMFgv=2V9M~fn
z?@q7?QHyU~&opQs))V6|{`wm^;=M1kL;b}cHd@rjwP4vj9!+BYWws0Ii<*aZFrBzd
zi>{&=Fuv<WiwWOD<6+jLZb0_h^xbV=tbyt1@XjOABQ=RxR`}%T1QMU77{@HUN#S7v
zKLAL~9Wj>I*3skhoubLh!1&y#U>EabekSlTzJEip7UF$pGQHqtF->GHku#TogC(XF
zj4%W5z&>~Llh&uLGdcN+J=IKM>C@#;Rz6)hX_o8Sq{24v$<;sxh;n?h8l5$$L}zK>
z{0l3Vkz+|F5})T{oZbRh7JO<kWXWZlmajCmEY-ZcRNJ!B@Ny#usBDQv%f>I(-YLY?
zy$`=R4Xz&I#MGZ=C=%k4eQt5l9%}*jR|P;V697rBce@r4%}5N?l3*sbtaBe`26bv>
zn*k(vHu~oYNiv!bLGj@}zh!kOEyj7QU9BD9SWco@l~z@Fg1KI4)Tpl^(n5_I&dmLX
zWfc!To;Ipy&Cbyw%m86W?zE#|%26<0F~Q@Tk;<nmXM>s;0>gTbP~RuO9{)CAt^2o7
zeNMc~%O+1twdUn&ZOdZA%MBbL(~z{X%8KOax_Y5tT6lO1G+$Q+aUPLifr3yo&$?LM
zgK7LGe+`{)PimaR420cSI>Ig2wGF21#VIF>re?6JX|;D3wqrNduJ&%mcRF_V_nukp
z-HRi{_F^@%X?y2AtGzoqgZEUo9PMtZV+x(Yihm@E5(CS2tk*Dsn#s-4seuuI4~YOU
zMj&}U@WeVuRIk%vitdORY+}4XOu|;QJ{{4(9O^pvpt=`g2I!;B7=<^|Ad8mD*~>#2
z-O3NAV<lwaROs6ZaY!v1J$)@Hd;uqq&wUE#SI8y#O*ox8jxej!5%;BwGG1-U!7WF{
zr{5_^jaccU7oD*p3VBy=yz_fby_OSy@YBW0(H^A7n4@dhj!_>m<D+e{I1$}x?6c{{
zjlRPiW60U^$)BkH{z8DPbLZ&EP!lxj=u&1_OOyjUe8%7H8(f0f_(XSy__3c=sVfcQ
zSAO=Rq5>+#Mu0AAir5vOWk>^puR3RnKX`YQT1($n_LSo@J`f87n)ydlMURBix5bXW
z7x(_Wq+P32OLCFHC{!b5!B1c--dr%^MPl@Xy(5)LdA)UT%{x+7Am&5-?$7HTtEusC
z2L=v}wWwSk(eaDL2cVmnHL0w5M5|$k1i+dp0oXKKu8x>s9fkv!Q8$q^9Pr~m(?MUF
zz#J6&+ENPDFC8@a;WFi06XO3#&t6yMjUQh^+Sn>sv-uCj*+djg6|cZ=;N`|(Y@B?G
zX-q3y80=5QCl3fadKIe#%<TAZ0knLv&kn$hQXAE-nLrP)IsiSO?g%h=;v+HYqc)#r
z_(ORM8en8!y3q0_!kS}Qsv0N4oVdm&t(;-(Mc7*A3~5nHsO4hU9625w0Y2@-rHD`d
zF4v&zFGi6q;$63<twm{_^nEGb9Q~RG`%(n^?1KJ2;y<B9xKDqYi@k|IJ(fCY^Zah*
zTv|16MIm*umnyfl32LhMDbyW~ksRA)=Q7K_LcN5lmRTmkd(gR&S}bn4NG&IPW$Yt%
zuCAcx5@D|b_MmM`KR(<FtHZ5(cedfsV@ju7GxkRZmlI@ei}F>3goe5c(O^AJgHQQN
z4(qCGDeE-^>M8BGk}x(f<2@x}!@dqb<d_b8dFd$jZLx16T&9?8<uNfvGoypl4mP-x
zSH6@)Z!x$uD*4Ry+(I3lH2gR;)S|Jjrp-kAo<2BTvUI9sX=qvN8ycx(yIiteD%c?x
z>|p0z&nViv)ijkUAnaKcVn5I^>uOA5H|)9NsZ;hs;&fgAx3(vNitD;=J~P9>u*?iI
z@MmEbhGAd?Vh6DZuoi^1ut-RjC0Rnt2Q9Xc^FdxPcx0z_?f4|6ot}>DDlv8KnAFNC
zCvhqzZED47bClLj{-6AmF%7ZO6E|tn+DNt|M~U6ud;gymBriQ3MptkCf6IOM?f2aU
z)k92ysKa@7d}i=$utTs^MA>G61-WSFOm@T&5DbAU7Hib9Z_XuH_ThJ6j~s|vz%O)s
zLe;ClD|Q?0h&x4dy=1O`d?WY=$ZK7+InUW=Homa+*{yRr(bppRT0~o`WNV$yoX&iI
z(aeIE1H=~Z;DQA6TH&-NI2&e<0D$k@pun~W#`G^#<$bJEEByba*?D&4c~16vi@9|~
z*|h?@7DT+yHqMv@vrowNk+-HtD=Jkl>RZ(pnO608)|9Vzt6p&%HmKCERO{Ba=c!+5
zV(>@17U0*pU-zq-&xBrjtCNX@-g&D``xOSJr;zjQ`W);qG$Zk=LVMr#?Vz1I-3Z~V
z1{WOIx-`qg<nB%QJnR19!ysUPYMifw3}7w-K~`CY7cJnV+<AnAw|g>1bYHhE%`;_q
znM`-3u*lN>%ZIsX!1Uc%l5|YrwGB0Ygnb748?21E;7x+2z4$x@&sA}j;hhi-CVDRP
z>uZ(auW1>-O*6^FOeTUPH?Ry9Mj#ss{+BJZ=^blm=AE((sPY^CWMdebA;3qqA=H07
zKXm_xMhy=pMBpZX)n&q*q?*yA8RXFJW5x_F3s1CcD+AWqa6qg0PMG2JNHzHb=V%@9
zD09%F8`w0I<ACiqc$N!(2S|Y33v4}LTXK1cWbi9L@ryHrg4b<1MkV=YAep#ZHc4F!
z$8Ff^rWT4m2hLQ;D3|2Ig!WN+gLD^GuMDe~8W(??k}xSarwKiBoy{>TxP0~h3m5YW
zxP-t}Ua0jEW5%S8f;mI6ppPp`SI$X8oIRI`h&!wb;v>LGjjs@V5wvPPnI5T@37TS*
zIwRq{XS_7lvM}psoG1ug&0)>9w4(|rA|N@b3K=JWjV*t`ACsLL(xKqco<zJXr6DP$
zI&(Y_x>{rp{q{tD=#Q_Pv}fY@>E(E^zExrjJ9u#Fgf*-xRtWh5s+$78>xhEZ$+^aB
z$WdSh=MEprWQy!l`iJ${XJA2tP+~!oQ&1Pr<~-D|<!+%X;ar^eI0N*v1Ougg{B9_0
zLS1wE_=NuWC^!5-^|A4j_ken!EFV!bkynE}wi;!ND~sQwKvImwwjI;!YGBWM53DJ;
zJ6h1+e~1UR$<d+H_a48Fi&9)91!e}~%h7}Upqx}@MDt&R@dW#?#QO$#O;0CsYm!*r
z{4t2gA4h=437EPPNm5@?VlV_QtMLM(uOD+91t8-AmJUhY1s{WU8>;wYTy#7(b|X`^
zAO4>t%Y=MHVo@ozUeJ=6a^3<n9A5|^V3pl?WC7QKZhK|9F*<8}9Z@BQR4GQs2^dwv
zPM!+hht38@jz1tz(!a!bZy`90#St^>8vc9`e-iE-hKSWgh<^`>`xJt8_yUJETp-GG
zFFqg!ITcU*a-`EjHYwAStB^9<%bv!VHHaB)190Z0jk*j#o>6<FRrfiZvA?7Vb>C<+
zExXqX1#cX03`Puo!QfA3DOoO#&v$K)bZr-Q>=(NZNL>d6{}6md<3Y)IP%s`0y>a7=
zm37Rs^$}p5$FJucQHy<gQ|Q3&p1IY_V<GPM!vk@4naMG?alWx9(%2(5Zk8H1<DNmz
zXwlO^XROtW6;;U6zFn-?ELCg<S@)6xa8FbMToVA(c_8g>Dh#!Ku>R(yKJ-CZyTLsD
zK*Zn{3~&t(sIQ8!t3<X+VyhA*E@fy;j>Y2IIk>^=kcvB|yQjO~Ut~RD#?BOn+gwbC
zdCqc4EBH6TS2XrW#vZ}g6MFgsf72L>HoY1!Y-?4$+N$quRKKS7_tvOitI<L@Wr@TI
z52hpLohy#e;s+b@<E!Fy2LBM9h=>PcL=JG`E`H2`++1rG+}X!D>$qZ=dVTpxN>mzN
zi3cm48je-O>}5@AzA5!So|aeHu|mw9jun<e9V~|{$4z)!nEi#UA(c<@(c=Ov1u5ud
z%f%Mur)<wN;_GECr-uVYMv|9<q-6kIx^g*O?zv1Z?|i;&nl-e2pINQvT||O>Fmj^i
zjI#YErGji0XSy5cirXBR;R_Tcu^p74fHQOIl<H^8yNk9*3>r`nQ+|QqiUoud3R8s>
z;#DzF_5_p^>Y|uag&0XP!Kp*WOuoD`xyP7^Uh?9UVF7Eag0EUNW58G*sBP}~^rb5g
zpK>;EB$%%>x`_kRa5F|sVx7!S!_a{mVlyUu**uwdzBu*ud1tD58u?TW`!AQW0B)RA
zg`cTl%ENnn44ccDI5%fM4kBcfV_~c3e96bm&?{#M-Pi%C&9su^1rctI@SsoKS_9oW
zsn;4v7HGv@Tf~hAl4zbWnP!6s#6MvDO^RWFE>#r!eZDkpKVTefgeAH<_MVpL@+p(j
zrEpaFCQWE-2$~3&=(SU(hfT^74WYym4TGd0xg>rB@W36n^1*lEKf&{@4egHAG{s&3
z7u^vHPa42tqW^q(YTIxX=L6v*YNo6!&Dc<C3rrQzi5RdN1>qOOGl3m=Ml{Yik@mi#
zTh@3L)VMOG#*H_t@e_Vx_Lgx~iA^Zji!wd|Pl&g#HqW@ie_6qlQ6I8EAF_|*(N_5&
zMZkS=Q8-V_7($O7F!<nhz5oc|Nv2~;3gZb6Iy{EMQ~Wb&JmJM$G~DWQS-6cfR4W}$
z&6nN0!(~im-~q$!IbV}X#gCdbVfsoQ^J<zi)V1kjKHQPTlo?X(U@39y(&K8ts+IiC
zT%U@}RFU$+){yps1>0ARAV!xw|2M^^k;3@wf*rV7eq2-pox(cFKJwq=o8#0|O|s#?
z$!6T)m$Xcwyo#)eMF-go>-g5>s9ekW*3fOGY>#cq4!yfK>76|dKgVb@jH|vxjPZd)
zcq9WjI$lOaqs&NaSKFiw_(|<xgPX>gWxYHh#W^~IiPR@n#ln-0)KdA(Ne8!9;bD1}
z<=#QLJ8~GC+B#E-qtLJ?mK7Ws99$<_{R_?bG<KkFmogF7rjV;B%;Yi-yg1b)(d;&b
z@-_>%PDxh3JegB%J(JvC>mk*;TyVv;F9{1UYBpK8JgvPR)>Ckw3Z}oT=Qn&A*lRDw
zS!`3qbk0bf#Ojnu%*(-$PU*5~M$lw}7v-l8^YBnU<JEAc$zmE)8<jDo;a|P^m`a<(
zW&Q1yC-D^rQFr>lkOz@71$%j*r0!8rD|>}OxrytMJwe45VmZIulqp3Sl=Ykktr!|y
zD`gaSDHY4e2xdc9DDd|53K*x{E5+NqJf3Hzcw5rr>8DC2o!r*6alcLJeZi733+%fJ
z#`mZ6C)uwsoIK<YY-V&*C9ohkxn8BOenZ)<8OHJWr+m0HCt0AYp3C)-Ey(0p{fQyC
z5mSQ6)S*}wcn;?_a(dXfxF+3`9&X^A25iM?p!32%`9t$<)|3~H#d@&6c!&<fK`3nH
zy&J@cr35Yb9f`v6DU|&&sy<l)O8LpT3@*zhcqCB>$Rd}33O<~u62|<%>cVhZjNJ4X
z)6A$BXuMOQ@n@;nWXkPIFE&A6JW4AcE{VYSXc>L)Nap#Uz*9DTCe!w3w1?TPw8Nd?
z-{2PQFc!@HSmfW6UW1RO%IH%-lf4Q}8gE9Ec>SRt=%BTd$+mA<p&!{;qeD>WT}q*Q
zZdPcFazNo=Y8U<_B;J4iKx$7&?%?1`<>PegA%A)uZ#lukBA+sQtUSRNr%v$6d&BYL
z$gi?am5w$o+YDDI>qr4^-?)SF)(}K951mtonLMU2FJ(VW%LY^t4ko4CVPaI}Fx(Nv
zEUaBQw{Wm4878I`Fk6%(L3WIJmN*n-%rq%GR%E07-<CJq&1#=qTr(X`GNyclCv8|K
zecVW5d&?aS|16(jgU3J?TxO)*bLuEaDAKJ_K6IdobP=|g)eT}dB|Mdp-;W6|vYpVM
zmgmqY=ZQJk@PN<nxKtF`<Cw6>M!7s-+6(WCf}Y`%;Nk{&Wm}P<gqs+CF9H&Sc@FtP
z+OZ>$hDR0yzYQWC{|$sD*tppY!g~cDogl&mDS81+<R-_FmBYYBf@&ggItXZcxKqPp
zWMkvlq5Bf}COnd$a2GJ?5|TNj_ZWbA6jW2`e%=aUU<MLH63PMvIO6^7g!goHUkUHw
z`U81m6ZQ>c+ucK#Y~eg3WAto+8bblFQ$+ndV0Hql5AWjm3Iwaw;T9uPorOw0AX?TN
ze$dF&>xj?h$OwPU$Taw%9K3UtwGqdVQX~fZ6FJ{k@xiykbtY!FVhuF>1rrmnqvGvE
z-hR)?(_`bF!^56VPc8Z7fViTGaWb!l-!?Jr!JlFBD$M>T7(xjvlKtgBhoL7CJP075
zS;z!ACy+$szYiIMA{#goi1mbpOwa}#9v_}yPmhkBz85^hfWV>$I}I2#Aqy!TPyo>2
zu~_aCc9N+(2~9-E$#Qn5cuEB9SZWQb<>Q#-2?XZ=Oq9s(TG3~cjE-E)@r3WB39tM@
zK>)3*jDT-O4sNC6jZSr#a07-x^hWGa3Z^a&CTL>voU$J$oa2CVn~F^`B8rb2s&8^3
zolxlsON>Zp+a{iI7ZMzAWrNVTd1)1siMhODewmma^sk8I=Bhl0Pme>Uq*f6hBr$IH
zze2V$hqW3JLDPE_F~L3t4mqq~&@ORSc3_R{(ytcr^I`uaUUEXh(TFc_qLI19q`uUT
z1(DvP1qUTAin8A0b^J;E<=<oIw+M)}{3u5GIVKBIPhW?>Q79dl_&kVr42`3_2wgOz
zOvHk&e~|RilawtvOhP6Ue~h7G%zFewH3;57fYKWLa|n(gcpkx*5um~#e+9u$gNOvW
zl}>Vhh>nB!ze0dp7Masc3bn}74wR>Jy1OAG<yMnS1A&`Dyy27$$0nva68wls3C6s5
z+)w47#A0aV(R@Q(^GVD#XA~snQGfgRkzv`POe@fTAqQM>#~+g-^JUE8I|yDu@LdFN
zVg+Xr{3HHsMnGenda^RSf$uB(T6z{=6F;6f_b-P(Gy@N)9PEUaYe{Y`+-PCidl+b?
zu|GGFVA`VD`e&UpzUKm>xe7E6C3D^58^OBb^b|=K`=T!IysIJNY7kvblB;PthlGl1
z(A<n8%sH8|V8fdEhMq`6kJzwTYS=6qYe6B*KC_S1Y#>t9Vx716A{O7wzKgprPYCsU
z;VWA9Np#sx-1=xwpWwLTiw%n9nl^B_=WdhSZK9)Ha<tDo)<qoa6!+iY0et5j(^*L=
zn$g(J$4SD1NgJ)nG4lZZ7k<*gR0kK=_C+o3c}so7QZHH>B}-$}QF6s!OQPr-qJc(G
z83ze={FbZ%2Yz;NXNbV4a(kE9+zz+{0PrpX(bzhjb9Vo1?~+|*0YxAvDqi)d)e$XS
zB{UtlJOu#1)*<*_4QkbeMR0>q2-zaYQWZL;H^H^Uj5z`~`exs3&fHj}qD`o1OU~<x
zfAwNnMbxu;-cuLx)Cu+7qGyxj*#wPJQXeg?oiA;Sls3-o7E3#%QV{Qgr&mhruIe;?
z7kEwdyOy*%n;j}*3)-)0^@st0B?3i+!J^wc)1l;Y;L;AU^meKAcG10Aa&Mk@_eb3Q
zqI<jK-aefRok6~UnOiHew@K`6pgqWft){Hh$^*jDvH`d>!D0bi)n;O;nc**3nfzeX
zSu*dejW}yBR$R6S&RWsgCpr5-H>$GX;!eS}9=_1+&}I|LEQ3@=)LlBea~|wJt?s&%
zBd*>it==YBdf^K?Ve{V3h`00dD#6<+dUr|QT}wKZsRTSmnxL5gfEX+Qy~@N+XJR*h
zI1)6J35GJt-y1P{L4{G0wHT92ECl%x!QzV-aA_wMutoB2`G^7@1nW<t!E@95p6HQf
zBdob?zIjWed5hS*O={i-!kyFlvs-3!KEa53(^xlGd2vECZjp>z1ml(q6)f{5uoZQa
zJE!G?JT|C>{f7h`+J~iv!=Gkoqn7IKXZAh4Z`L|je<9z&OsRu-118?$2JGh8eEKQo
z%>*9dTn7^ff@Lz<0M;$0j_IsL)_!))Gwn~egO<*HqN7=IG>hySiCr_#c0||?k?oS$
zu6edQ!gh;nkHq#&YZmRXoLlEO(cLb&+eQ0Y$-Z`4hvv|fLW4J-<DgWhXNG;j@vLL^
zE->O%(g}9SL}!=e?3#CWN1WZFvqy6FOzTnLTlYfFvpKU{FBXWNwUTG8d}TOaydhG&
zK`ic;in~Dp(C$2Y^qIS#zI!$RPD))ZlB-3uyILiC>%6@yV(${|>m>WSY26jGO(^LX
z%=ndOcGiX0lKYvN7Ww~07mT;dcZ#k%B-b5+>n>sMUDG{Fnobz(taHX1VFLmih`LeQ
z$u`K$!bFSzFM6wl)!Rky4#~SiDBb~@j6!*f;J`1v+AMl;7zxE&7F+s3BMIEHMoR-%
zsv3jQ%KGT)HK3>nP8!Pr7X;b*R{K>I0GPB|?V_~_Jojy%&08u`6$h}q&P8wa?3C#3
zkh~p2aR*%9&YB~RD#1}TmveC}QoCNLT@O)&njNBdQ1T86#e<994VShG+xLjxy^?pY
z;5{fDICxeUbqCP`r)?Kh0HP0y-kp+nr%=3e(F%977mr?gK(r1>)&apfuxQ26cK>CK
zXzi7(y@ItD0#TcLrX^yl6l|4IH{~=SlL932`z3F`P~86!qzED{);>S{+}(5KqQ6b@
zw+Y2-;TtWjxDuy~PJ@&|ke!W`0RTqok||?RD6^A+eo`8#>JX|rE;)pO!N|HnVI9;y
zl^BV-1eMA_eXuf}5nG*LtGj7s<aY0tE4e}RZj`(mh2o9N$psYq7{pm@IVSgp6)8{&
zl6hEN05Gj5S6Baus{4M*)q35=teh1u-@#9>36`}ONL`FqMay>qIR${_yP{>~q0j%$
z(>T3J{v#niGbBV|J_`s5C`Mmby2KAZ>SAggSIq3Z*&i|cMRSE@u7Ez6C(HjYWrSaH
zF+U8x2D`!6N{f2iRIjz^`zqBx&=mLi)j#lSG2GJGzee@LHTnU&T3`$Vg=(Qti(!{#
zpg|=x=(qdSLPzm-w_0>-AuI;+cc|47wPuG-7tu2S7s?EKn=%%fs`piB|E-(>_|uk3
z@UZlTPk+#@exuqSJZM*6v1{SSuZ%s;&s3|fR_pnI`f7`x_o=V>Kz~AgZMA{#P+jZL
zkJYH((K*Lfsoz<ph46bC|LIEAdzJe8{Ob3b{P&fpe^a7`FdSY`bb$^Nu`nJDV&Q+m
zExQuuWjvX{;ga^(FJmf7T82+E<&8R>Y-lG=A$m`tm*jj<KXwyDrhPiSAPxW>Mkq3t
zN4D0$Ruu_uAH{M=-1|d3Y{_!!l#+ziUAXP0lv9XCR#GB7SCCe-EccxjGm|F~Tgsle
z0|^{*;fw&)M5#*os20mVh>uY`GWD@4P{jW&;(Y<ZMFihOKu14Pb0cjRk|jz=3(-N2
zPIz>#qZ1wqc#>4nLSgT^JBK#(_iftTGqk>c<DQ}Qdv<p39pvf!NCHXa7`Fkz?EnC=
zxE>V$GM3&0PscPsgER2qy%1Q)AC!+mw*wmrq>=e=L%hd8T72wXCj5sb%$A^6pABOz
z6<Dp=u&2HyX!K`;NPH?7V076w*y*N#0!y}aNtFt!va?|tC9o?IObr!fW`i2dErBr)
zaaaLVgoP5u*<GPp)4r6Qi;-3UUX`mM8mL~%c4UKT`<sEbaE2E)FsGU9wk6dvII7;K
z#q2*BBq3UUi`;}(Y&aVNl;Nj#gu%jLAIBJS6L-9h5fW{TQ9Yj9;3Kzko~)K}Oljn;
zknjvPatPwR|9<#&FNmr~>l@GXF50~3T%s)?*#d&5Xi0NNjuz1WH1Nl^nyZxX-Q?u=
z7OBb_&h$x|l4y=i(AcP|Hwr+q_`<GI<|~Yqe*tQ?pyP%|4uMYlMCR(%$4-F;#F{YJ
z>}b!VL4GuRXBp!$dXXH1NCE_hv%`;<F;B>ryuj{^#&V(3&+Jua-iy(G6@D_nRAn@)
z!`}=r#k&q7^~mH8kPThbQZ|hkvme1>1jO{H#Sn^=ENBQ1Lf|?+q*;RaE$Co^->MF;
zTE%qTMQzXu*@8a2ACaRB35h%LC#A*K16_ZmHLfEzs2vH0@scF=<d)L_w|A6307>u3
zz96n*e#Qj(Z(#N?>tMNr5KTrj=W2KqE?NGxXT_(48>UN{wG&TA@l|3Hq!KcNge(6L
zzC(_RJfFtqLqzPesZaj^e!|m4wiFlm9jZVs|8zX=Uts7Qf-fSVihU^_dIm#8^B^Th
zM%1TDPN`qS)LBXP%~mQXUXHx@WXVpJ%5cS#t-TV8|A0T2t$YGL6%j-bBxw92_zC0p
z@8eIujiE#<F39f_>3@Ome~Ezb`4PJNfefzU6Uz1-3?(w4M#>`bUH*UYRibJt>}U)E
zB`YFAqNvYfbZi&dzHTB<BDRK?V^aMo11n?&?j-tPT`tC4DZy_sJ+TQB#gXPqVzDI}
zX!y2x8p@3j*P?8Qs;{q4_M)7hlrge&u?Ud$?Zz^Q<{kKuLWwdG7*M{Q5Cyv5fRbFP
z{C4^20enhiq`1mc83(#S0Tbag*HU+<5hv@`#jr_6W*9RYL6C;RQ7lZEv?(Lv#Y0^b
zWUx(A-amwyB;FHgGzuaK`Xi$gdT|0jyj75srR}$rjnGOlpNpp<3Q$aq>`*vCmlv@l
z1%V*dAkk#GNeB?*l<+3*DTRnN`h6_rCs^Ts#!w=4tX6Sayn#i5hc%4$b2&`0x4{%h
zyH1!#Xd(#gT+j~<jhr4o%?}R^@$edaodJZsE`aaC9Lb+TKrHX)@tF(XzK72&gan5A
zGs3%TnLiCukHwja-;A-og`r~zjw2XGP>O&SiA@;lLvRwog9si)@Faq#5d1ZQuOj$6
z1V2RZI)eW|a23Ia2yzh<mVrj)$*gZH{$7iKt^oF9=rDp&1jJQ;7(-7XAci`z*1v&2
zzlY$b2>u-bQV-T80JOZ}8Y1sWaXsTb2ucum0TkWHT6^*oclw^;PJRR;LQ>V(-P-Vl
zI>x8VJ41ir*Xx)jUH%#R3+L8@{fL}1^cVKkGjA0{ouz`x9(B|UDl3>Y6I6xaf(E8~
zRL=m%A{E#*4D6{=L4FUzWG<<e!JQd?26m09U<WYL_kkMiGT3<GwgzUH@l{ks;mg{W
z@>~qCnpXhpneZ!(OgStkW^1&v2AGKy-G|Xv0DX*sF@hzO6yVEe%uA|N;H_l_0kdUr
zgt1`#QbBbt%dCgkx#`dq{#7G$Yzv>w!2WAxc$J>NoBZ~Kc_@bguI@6pkqw_~Vs>b-
G!T%RI3mH=Y

delta 20153
zcmch933yz^k?`yH=G15oNh6IeOQTyO>$2rbvL(xwE#LBe$(Zq2Z)A_Hk>s9{jm5~4
zfdD2PGLP_BP7@LqgSnz?WNrw7kZ?&xiNy<cAldzP{U?CPCWN2OhOO#1r|j&X{l5MF
z@wi^U>h9|5>gww1>K=XYef=MPr?LE_*__0|XVWV`@QrIvS~5xb$+9hjLRXSMsXfVW
zYBv#1<U~zZvftcp_FLL5>|NVs_1oHQEUoKG@u#+@`qSFe{PuRcKfOKOpV6Md^7LH}
ze`b58KdU{<pWU9#aE7iNe{OrOe@6QZe_nf@KfgWS?`(Gx&YR&az<-^>U>5SkKJA5~
zvAsx4YA+T$Me_}s_7ZWQXoF{|xL-_zXPM{|GvHY+9uV{4=@Ji$1@Np8yTl@R&NOnO
zU+fmkZ_u_^ialZ#;Ht!4u?C*i;vsQ1JZnTM&V^?!D;p388=&wkF(@_ya<<qfE{12F
zk%R2R;t_Ef<jxVV5nBN}7qNgpD)x)30Y6W?R$K@8`C>?156=bSfVc^s_2MycD?A&*
zR0hSXp!7m<NW2=bi+FAYC%SLo#66Gl9Jk;J0O9^OipNC{6loH#6FcC!SiD{o;o0n6
zB6<(9ax{(Syi4JKv-F8G*Ki#X`OTc`hLMYW4w3RTQ`!Qcl_%M?)g*tUMQh_pp|nL`
znBfGplH~5{@rdpNfu3$U8xV!kt@?i-X|32uHYvhBZ;)02l2)^#+dN%;-sP0`P(|Ab
z)q*ab)?xNM00HF1>7-70C^mP8w>#*i?oQg{clYc)KpO#FE&XO@cXB=!&~@~5cl!2?
zY^nSgesBq3=u!mB5G+Tq0>LT(E*)*abd(Re5MNUeEW&)AHo-$N`g=rg7q*qaNwT}w
zLjztn%cX0f<Xre4_z1udH)+d|lkSwx*8GCxOSjjy=oP`&9i)p!CTnjY!q=o)+BbXF
zB5Xx5ZaLbk_MNq_X#Aewe#PJmbo#n|L9fd|*FiDbhF}ANjR-bL6SGT*Q~G-L46Pdw
zEhD*glce*CMX~%=1ltkp003RXN~}Sb{>lwt{#6Ke0|@8=IMokzO6_w?b$bD`i<54g
zdjh&>oA;-|gMc`#xr|Z3x&-Ql2kk_#Pets<v=6}n0EpzqQahFaXGmBvu55R&YICn!
z+3wQP4#0%Fjj0${T6kqlfpSPU%y;Q}0nx)rBlC}eM$TUFu_js3d%Hb*yS!p6ZIQAY
z8`DEb;u-`;5ey(WCUrF)tG|LaD7wC0(F6L1Lq&T4D4M-JJzXv%J%kvFARrYs?XX`B
z$$$}nDkXp*sN0(gbvFWTm>c;~(@Gwg`lh*%A4DEnFJl6bpp!%JV2Y_|x_kl98GL6g
z>pZ=^-fq#AL~lae2?WzS0yxFc>FWZPy&{vkVxWP5&n@otQ<QlC%(6MgBQp79OQCKU
zvR>pye$iqkz~pb21$c5q+P-2Ae~C!9t(Z610{Q)x-A;dBAn4rdbv8L`t6kQ(33MwI
zP!-td?e6n?X;f-EF{d5DE(EtB*bG3?(w@F<G2FL64-I-nMF@C<ppjAGDpu+_;_j4|
zuAJdOMO6EcsEvnLR_Y#vybrjM$5ti_nMnLJukh8is_sVYhxE>xRs5Hn<XBs~9Bl;%
zn{j<F(#1;j9t4a*lsfRi1pN@C6}_jctLF&F^mZ)6)cFqS*0s4X2T!l9)SU+G=bZGb
zwGV*!j;=eWu`3+KVOBJ~(6dX!&>$_8_HJrPj}2KrlDZZ_%OlTkB7;w25-ZWC5IlpR
z5Wx=+{1CwvDuab^U>2&cq6Lld^{Pt5x`Z8JB3386l|GJ$ClIjaSWB$UXRL^fYfoz3
zGCSq62BkySIiS-IZz<57g$mzrBX4c_9&bj0D*9f}QMCFaecLw*b~ZUsf{H%i@%MIl
z19X<8w69-r7dG@A1ZbA})1q4C>2`vd^>zfS!DJ-PdY4u)BN1P)PxLZvzC-HWm2G+z
z$#f%Vk-oF5qPYr_)d-?OQAe2>cNsI#NT~MjHb}vAdJYlHtiHfW-|U*zvI!BaeKydq
z!Yj_3glPk>id|g-0zG}S!wc&H>pcA_WGx&CT=iF?L#fc_kt0_hBJ*CwG^5uHDHow>
z_|VYrNAa&>su@5)0{|?@5X{cJJ#+aWk+$wx4tDmwJ&X3?h$=~epeG3C!PgO>?;=77
z^!XK`%iFDvvqn|jX2_y%VZKp>(w^=PZ$Kr!C%U3~_U)tIeK1|!)Fb-(0`vnY-$SG(
z&z;cXxaUmmBY*&YnY2{GihdtV-rlf@p|3)L2+z!-?9I}h2izc$-r2j?#B@XGqh0g|
zBlR6)f^!n`7+ds1NS!8%KIrp%d-{T3Yx{zoRSTrDeFt0PM+MqXqk~w>20+no@*e8*
z27-zni1vU{q%#q%McoT18tV0kica))z``wkuy0!_jtG+rQwo=fG6vYJdI7VL3%XHS
zzrVN{TU7+_H63W^#iIceyu(ODKGcc%Y3@#Muw%d5@AU-wsMilJNq~L@Ik%9Jk^Qd-
zixmOP7PCHJWc~><7=!c@rv88+s;02u{a-||<s)jTp6$xi{RPlZ5b6D{`;8Z|L@NNP
z-(NyBl1FRL{vi~WIT3s^9~sby+<-R3AFmeqkVbmXzny5Me4}F(7a}1|NP9;AC}`9Z
zs8#GUpfhqoedLYf4rn9kkS-*gF`%y)a~0=u1A3`OY%I}<#xqHYc>{)EN~A8wh4crE
z(s-34KRpg-c$8pAA{f!sDah|FBy%)HTrflG@jA5I2aF-3G)r9gceG$UV8#|^{y$pi
z;CI6QV!(LJxS5k)@;Z#U14c2~#|2>yb!NLdh4=z$!6W1dca5-<J3?IMHu@3pOD}NJ
z1BVI+KY=t%)I_bNv#`Xk5&Q<hZxK9=07ubf3#+8q=kE<DI&U{BBhy~`uUP2c5d0qm
zze9kwTG8R8h6#uxPb~<3k6`dK%rq{)ro-DC^np8#mJQ5Sj2|{tm^w2}{xjD4BZ5C+
zO-;~yO^|*G$txPMRQLX1u$MXNZmP~Js)ykkh5vyu0NF#_R5EAF9Lt(HW~m%nF`4Te
zS~jV-jOnwb#n)Go3sTqhStC<@ePruvwu}}t_gd)^a|<W@xGou9UgtC|8vW}U0n>Vd
zX#-1}t;-$4>$yvkmsJZtDJSsqlWH@<g(=HZg*TEB^G2$6xntz{BZmliTB<x+orhLj
zNrGA5*B!vc0EWc?EGk;C#KC}c_-GNVP4^zn)xkcIdyhyj9=!t=<hA|f#P$>lgbmO$
zn0i*a;o7P}GZdq+_vFCMM6s$K4V$qzBoSlkz+#L5)&<kx33%fS9^&k7uwT7>K{sqb
zg0!d04NL}T4pcl3{{ttX%n*0Mn0)i@^X9yB=Dd4?r#6jCwV@&4Z~v(Yvh^WsuLZy*
z9RQbkx^u<c6g2+oa=sH&Y*A~+)Gh?~08j*vD5|zvPjjV{-)#eleEi)CT^X?PF&VKv
zl0-6LMfTFez7Fr#=CUPy!Jf_PTiHnV_wsbJDAHn*LfN*u3<~cPRd<02+Xx1>V?TP;
zs*95?eg55?K?!SF0PKVR@cC*ntQkxx(}9Yr&p0(`CBB9*#j0SJX+GdC4P(Z?;OmnB
z6rCzi7@3)vfjCwd9Dxp;3hpBmHb?=LaxDZDIEC*y2%dvRvOZBb7#mLPIYotFdac^t
zA*9CKKPJ*ENfXyQ)g{y-ZA*B3QF30Y4y`MlmLuKS2yziH*`buGnFFB^H^uHNCUtIu
zc7Pec`Kp-1lg;hLjj#0H6Z7-X!&UUmefD**8B6PsC{w>DrJ^&HFqRw6<m#FL`zJC&
z&&<+fpd`PxtY@ad)3pn?C%dUM^4v3@>*hsAvh6e<)9=%Q>U4Bq2b+OZK!6l;HxTov
zbaB+hujM84OC?hE**fq7_MR<vV5d~Ah>l(Vyj9&&%8Ti;@G!}%sa7-_)^Faz7AhD8
zbURen3YFjzzFuNOk2(UwEdBND0kTc<J$HBEHo&yGh@zva`}#e2kKb&ES?c1YRnK1y
z>^%1TvEoONN*(}MLD7W*M;lE5YFOB{3D*knQr`<TQ0x0IG*rxjPQa3^!M-d;z*H;R
zAw};82g$R~OKT+Ki$5x2I)^i%jkaRx6#%Xztm7!G9S(GK`mO7k9dN38;w+=JQs||v
z*;i_E6OijKlB-Wa;KclL(%>9ygUxBCtuYO*0>Y|O&r}x8GyN2CsH2MJK##9mbu;E-
z4jLU-imI8clQ_n4Gma^$9dYvjDAtI@N{e`~^Dz&VlrE4?zg(q5KB+_c=;iD@CpMVk
zhHV-|J~|FYtQ~EKA}#!g{grtdFlcLDZzY3K<)h0W^R)JFGStsEIAOEJdLQdEo3%)m
z;`CE3nogzh&&XPAx-m1t);F}As;dT`v+a#S-PKU_VSZ%68yRG92r^~P%e51cYv;vG
zF-tT+tV|HIMI!{hH1JG<rxu<jc<Q`*F-NrApm`MP;f6{5v>O1Qi=o14c%wK&v_ril
zF;7f~rwQm_05Mt27aj22VipO6&zy=W&f>PQ7!xf5+KNdHUBNygxSzfV7@C1-O<Pa5
zw*zNr<YR>dypw-VGD{nNx>7#8o@C4JS4j#H<dhX8D~<PY)7&%-W|Z>-TIsGEU4k`e
zl}`pqwp4Aif;;)zU$Zp<z)7{&=1R3TGdPbCl>Au>$+lca;=Me{x+YWFv)-8*;@lYU
zV4q-|L&gf2s-05*Tjn(G0J_lZBbp8qitXHE&9%f+1fMl!O@>A^ix%n7Xs-0~TV`_{
zJvCd}Vk?mD{$WuzG>ayLeS$dU!k=)lTTepV<!8zEeH;{wI;Z=%0i9Z)R7^|sNC)&G
z{qdWEQ8v+!4HnDCUnM!jDjzyRvKN5>$|B8RwwQh<BT>T3xZNAB0^>7a7%(P~GDc-7
z{r>G-KBSYM{V~bN49<+BXB0C-hWoe&_%m7ZMuFt%Zr#|uSLL=s%)V?e!CM}JA-+;W
zg*c8e%3@ApSFa=C_EV>|pR2Z<U!Vh_q1v%euqKk?IB~`eAkYID@<}7fls<P_vp9EV
zBs*a+wK$m4U*0KlWJUAiN0a4iM5kDQgYAR{vm@o8foNJR3~NjBd)e{|J+bhiaLr<|
z1Z!3gB!!a1l7nn&pk76&0JEi+^;_lYm+#p!2Tb7bCx=YOOA`jlgacJNO@8H<(J?_)
zm6mqYmO5ZgpkWRcOXJ2YS6Xm>jG2%*k%(AvkY%!|aPRxMxuBbtka-z5Om@FHU`-%s
zMW&_?YGool7*s2Yyh5zHOjT?l8&efq0#zGQwN2}4wOp?!prDMFU93rLq<3b>hK<<8
z+G!aXk&Njzh-i~;`r+)1fs{~6pe$i{W~r?-h_gjo;yk*K6YCxj5}UY=fU>8?TbKxw
za}o>oMtPY#EhEfJ=0I8~jT*#xp){Osp;U4HA{dL1g-uFZViV$Q>5Gc2#`?ICv?h`b
zrG!$0xL$`pA?p<=WLBS9kl4pyW26E!eZ?xRq2x35kAh-95w-hb!~MF%)(I%gt#5@a
zFoB|0Ft{W}`app+Zpe^^-%Z{jqAe_nWQhymtvLFIc_ooIn1Rt*9iI;H;-YRMHo~Eu
z4gNR98G}4=@%?BvN+UE9m?%RgAmZ&Vzhbs4f`!H^B5ASt%#uWrLH($~6ggN%m$t!n
zxu**}aYax2x-ovl+>HJV6&sByvVh{9lTBo`w0JU)_@t{Rw>efqONy24AKac^pF7xd
z5Q0cgOV3X_$z17IlNCBOMk$#-tT)9XrVeTShfma@w}}4q5Ior?4bsd5)rGeP2|g$k
z>MxTXzL+nqRSf)RytGYenvdh9*urtcaO}$+pd*MjMFMiT)qfW-;NaqezQ;*#E3c6`
z(rv%G-p0If76CYdc~o+Kv~G95eyP_(z0|3g!N=I&Lw)@aCG6=23Wr!Jq$b4DG=K=5
zx@nn*C6KIQ2{X1I;%K<jc?fe3kG%L%F4^}arkTGygkITk0B!27;3>>uTkAqd!5$+K
zF)e-#`HadnSnDWOFsM5`hSf-mFIJJolK*06<`9+$KsyP({W}nvxmd|J3ewvb&kmwI
zp&x2p<m*NRHzBwgfV$m<u51BGphpbRL66rDf~i#fFAtVniw!j+Xh2Yfpc(=5$QNO1
zAC_Y->V8ZeL;%4814p|sIV3qhY4R`^UB=?KAvlWw{c_lucOQ*zBg4m1v=1vDMlg;A
z(KOHp5!{FXePYE3{vZs6uX~@OSqo0L^wcNUSJ)Lzz}wXs;~!$eY(C&grD6)t34D<b
z{bs)I0i^c0^we*P8*$K8!ZsGa79s4@;q|diEjrao67H`90d~B~^lT8>3jqk&<>qwa
z;K94D_-&E?ENFV*O`Wvmw}m5b{qsNSV3YOiRF-t&ch}cF0*%1V{Z_1rPB^^{!F>qs
zhOE<s-VbRURt_S@0O{S*;@@ZR+XZR+@7IJ0z4-ex^I9?Q*8qUpJy`u-L?9tNBz1eb
zknydU@fd&zLFvIybNH(T>4i_-8dQ#v_y2QgaueH;MD?6vw_rNp_LRPW;6nt50YK#9
z1g25*A&n1uL|&gn>Q^>nn(b}h#!Lt{BVs>-R{<zVkwClK&mw^oEy*P`383=m70?9;
z>gBN{5_GW*te_t9ZAN?#g3I>5?{Ko;L~8l_1o<HoX(_-iK?HDGf0z~_`?N|HlF3r?
zvgG{CF1II>)$>?Ggq_Ypm(g6&Um`$PB)p?l$Kh+^BG}w@^!R(5`e(|AOr$6&^8TbC
z6Em3$gM(z(m`P<Vl2v!%>OlsabBouglu<5`7}=0I#F1`1Bgh|`$^2aG2JOdD;Mq|>
z1OV6(1aL^@N((8kWfKnP8k}-P1+5r*djdW*Y>L)<ji)0B_564gPv^)tSjb%6%TNK*
zuUJSyMzj`v4zaHxc%H~#T1ZDJ%X<+qF984rTY?NNMX(IPas(^nK`U7{H(HD$b;a7r
z!Z+O=N8Ldd32Vl(YzzB35_}q8HS$+h@^}N=`s0>`Svcri%(S4TIjt@qEM7Ft#;K!T
zrjacvWT&2q>lPw+r@&Tj4Uq~yOOu~SAx))hvJo{d943Z#I)T`uoII9H%GfGYt&y8j
zNv&!&Yo>3!zd}x#S&H#Fj5uc4PGjm*1m_XlhTsDP%?OwZG96CCS7y@w0aIuX6(hv!
zXb=Ka0VNqUO#U>L*k?qC7=pME#|W~qfI}P@QMyRZOCvdR&Z0yMkjxSU(+3D~cVZC<
z!FLecMPz>($+z5%FK8WHC17ymd(+6wHMxkJHg(VxC^kH6PB_zHM&Kr-&rATDF-(nK
zM%=61sLf7HgghtbrjtD4l^3RyYT}d+q?4I^hcGIqljR1|F?wMJSxK6hjX;$HMT@O4
zY}T{I1;qx+(E$%d@bB+e`2GE{sVR5llllBCjeLJT=_mQ44ky`6TA5bHSrugKY3!~(
zt_ik?u_kt6J}zg9VU71FyKw_kuS0&OfMfyRKQDkL7HVXnkc^t1!?G;$7#w}0ko<zr
zc@qW4=FATvua)*=i53Lc%KubCuCHS=18%x>0#Vi;b`$I;b}3?+A^EjoQJ2TRSM)UX
z*UA1eQXt<{N>X{BM!v6<RCF`rM%XnEuyHX-G4*48iOK8_$kGtdR3l-6-`5RyGww%h
zlz&)1afY&WQA2x<1Q<VRM}A4<+A`vVzHclejr=Oj=x`Z%2<||P*1E_#Z9xc0QzVD{
zCrqe!AgjMYUNW1^lHac;M!ruYE7hdoDmG1V{>Ax8%p5$0xTuFjuSc>d$+%Pf8xZ#`
z03g9w2lRo1KDhfKf<fu6AvMj+vB6~vPQ{I?)9Hp&e^wzzpRH@m5n6>*S0ljqC$-4q
zwPaHnGfNDCOH>;(<Md}xAfcO&%8O=`CjMcKd`~S|K=R}2T9Eg@qwaS#@-4Hb)%`0n
z@^{pIL?ef0lLhQ@m%5(*lt_numnMHOo6N~QgjCoX^tbqaMk9CBk-AxIP|)?GCjh_^
zFdJDWf<#|Y4GW(j@=xoCYt1cc;R5XGT&z8WDQ5Kk17Gd<>Oc_F$uWH0f)%ZCnwTRm
zoI}b;Q0|yRN?KWjl?|f?Tmz~_phJKh!95D<^LyygfE7qN6F=06<j0{{e<><oDNi+{
zU(O+O1Q;9eDeR+*7m&kbkgW+u<}xWdaFk#Xr~ig5vuG+amyGYbutCick1xpFS<pK+
zd%lEL67=9+Y%wD)bXo20?dj@*TYf#gKh{8DJrsbOZ>bq~)tpZ)ADz=cCdi7gF@|PQ
zITdU83<WOKq1$#8EFt40R*ac&X0_wpIeGmeQpCTlk%NoKV`|rQvB)X)V832Oxnv;N
z3$Lg7SQ?x(v_LG%s$wreiOaE{Ay%hOqav)ptRG7;x<SA}tpYaBVrWc(*jN#kw#XM7
zNy*@&$kp9Q=Lt-q@RekCZ==KSh25D*KSew<VN98DP$|lprl2Y?y=HprL?U}I1HmX{
z2CR@6ivFA8ck|kfWQvP>q$a+Ssbd=X2Ti10-oBWeH8Q$LP5xpA$w<ZJ@FxBy0dEw9
zI3Kx%mp8sdGUWDVVl@ePi}YsxW}%apzuQcT2rs|cOlD_vL#6NVv5>kKLg_bivSkTz
ztjZC!5cAf;4c1(Ui`yX1u7kKZUaZwaJRIZW28aM+T-+!Yh?($A5({qTZYG_)m~}%k
zM9+1w%P;)8L_V~Xl;~CI?veSW;NE32>Bx;sNiG=f_N8Q9o`M>P_UNl2?&GwAQ?7}$
z%CY21%DM^LGVoVFTuL67^IJ$M(a4XtkoD60JFGfd7t)A2*|LndmqB!1)I+0&wk`dp
z9aT#<tg70g#syIP$3Ry7`n~G@`jQ?{t+3L}Kvvk^??WuqAV0f|WX-^vC`TYNfwy$v
zOzMaaHgK>_MCAe}<l-{2E!PRJaAph>GaQ8o@7KK|tSQjtvh*utUDU|8FDEWt?xZ7U
zI4HlgoP3WN#x~0A$!59KLke=3JyOhg=<jhy_V5a_w|8`hhy0oF-*EEA4l*m7835*^
zRbh5D@}vbH%^#5O?I3xz%n~rt71+;81XT#G!s5FDBwh@a|E+^8=ReoTH6r<SDU*G4
zt|XjbXrXEvo?zU}NmEC1<keo%zzZSyWD9X<;LeI5Kl~E0TUn$>*Valo5I+4xe$z`z
zcET<S-=ZABjKt6o<q<0&m<KEZHpV?;;y;jGP!ncQnH5z`Vd3K?<^EYr>~eP}NwR!{
z>a+#Q!jXMyhJ14;nN>8U=gfIua2m7aj|ip`0n@b6!Y;C2Agg5BLz>7s`Pm*)q6Pn_
zikE-YLuQ*;AYlOtuw2gUCB>WA02Cntc~+8eoA2Ix6i&67ssO$o@rEPby>8mm6Qni3
z6WmCKXqP((_lDU4UO*S_6rOv^xA&42yk0wczL%UQC67Rsx<3<Cd8|Qt8V}tUh;uDJ
zproa$90r9ACm8YM)SFvbk2*k}(T@pIY}D@2!l>oS?f~hN{}O=1r@L+hTTvN=gMry%
zx^!xXji(jz$s0+gyd+4<rJg*C{9KTv)HH<zQI{1ZNO@5YK}ExW24<l?eCeDQjetvn
z`%Iji@-3249MZxaCP6gC>cLxb>`gS^FUW^(C-%Y+5iMaVyAoT1!ynyHxk}Mdlq4Gd
zE`ofxLWxn-Ppbg;q(nFZiF`!c{hBBbDPbPu|4klJF5^Mkb5o{GOvPme7Z~-UBBz~j
zA+lJ66R~MQ)x<8O->+j`uz(md!d<vKm@W<V*t6r~+6R&&jfHr)jrB=uu?COOWKSQ-
zkiL8y4n+*X8Id9o;Wh;G@KB`4iKkqL!2uDoLIyE&5flj)#FgU@q)5*eIE)4{8}q`l
zPse`q2T~&i;qWadJl^u|qr@bXgbNDBV43_y9%$o?y~HMebA*7WgBs+}&w!;T-$&$!
zA0X+2&bF^fO}|jn=j%`Mb&K9>s`m%|UHyg{b!o2Y*Vlm2>;jYh9JI+iW+mx}hr-rk
zpS!P@t^!&6{tO_p(*$D!cTS=RT!nxJ^#=O7g471{4Qx>?dvF#~MRb31O(clmgKI25
zK?-jmcoP83|5%;GELQnzeT{ltOublzEkU@+P|~JFwbAj5@P~fVAoH90Ej4(2k2LVI
zQh>rQMZ$M<8j)i=Mb}d?z$GRYBcz4MHCyeNZ?YPTqv2AL;r?UKVQ(+>cKWWN%($^F
z8?(umuog4SO_;(}X1^L!9m03UHFMsYu*>0%8*8c<8(>YL7!)JBqZW60rnhfzm#+h_
zAHc6Y=z~yZ`sI81<q)aY&qS+sRFMA~A`SAY0pgQCA0S8M!DHk>1pDL%28nm@g0uL0
zNl(r>)9}o}iFqr>XRex<xoX_GdcwJS*gTmx^L$>-xxAWZjN^F?6L}58rVD8^?m776
zobj~UiL}}&PDt5BCLQIEtr>I7hwo(l!h1|(#dF6q=Uu38JbQ4WY3F!-`$T>F@R~8_
z+;RK7Nt^w=&3Vq|oU}VWE-alallKgfIr5W3q*y+7oH(`2^h&?}C_|T-!d$FbUXmqG
z9Veyo4FOUj@7YFj^l<Z26ht`K?;}|ztvX+a1$ry9yLZ~HX*^u=G=rGKA2?vqOB*bC
zQu7_otO23B0`6Z%XBEd4!|)O=Bpuge>J32J2&BKcmt>@G<|6kZ!JH*w$QwpR_G}~B
ztei<@!I2>ZaWfSD9K?l|qos`AjAWo^4he9!XNfNaM{t^OZ7Y&i>%jT`0h2Ur%aiV?
zw-v%tU>(pvPjVup;kqhLG4=^*PQh{I@^oU8Jb5z;wcYj5sq9EDl(a?C(7iHP1h9K%
z>|RPphbMq)Cmm(FV>)y;;9wY1v74Yl^ykB$kXF4EkQM8DYM6UTxGA$>n#~>1Csc+T
z1!x3ktOQ#IYpD96OM<RQ8VsHutyLxuD=3_9^QY3~@o$l$s|_JTASu2USU@`(NDvB6
zsPG3?N&W!(6YMkndcuIQdk%=EHj>ZAJ3%0h1c5C48v+s2;m|#<9oh+8)WxV`o;)rQ
z2V5@MSZ}XQ7`EsThO~J5=1lgq6HeQi9QoN3q(smKUGi`-$u1m7V%K<qnQp`Mu`zNX
z<Ea_)$=67+<G<@%E{yh!gwD<R8=X6mITsww6Am#iwy+PFLPo?alD}9$W@$pEQ+cdO
z!c-|OUvvf+Cw3p!unc+Ew~1BCIb<zP=HQM(rdSX!w1gVQ15Uiq3>RjjpO8_0?b{?v
zD7@bgU66~S6a1I|%M(0%+64a_v#|K@o`uQXHUG^lOfWJf>io-y;~`<zBwse=O4TWs
zAs@XN&LWc8`Yx0uOqoJ?Kq4hpbHdyTmn=^xStM9OYKEj6wQ2^e;kV3+M5k)N7BY)7
z;W|oe>Q{!RKC!6Q7;Q>bn72$&)s&F!_@@bdu?3gnouWANQ5`P77cPLL1Xo4Jp9|T<
znlrVD&Kg`WI?XN^r4FRQoLduDdb;JYch7?XSQ{%5OqJK)LDHq`H5pc9bXF)8Z1L;|
zaQQfK2PvAfK34WXc_baOCrW|pLUyq(yZ|_v{?Ck2n}gKu=M$MGFrUz_hEh(s&>q-=
zTO-uL-r2>u?7CC#t&f9z=Y?I)+61Xt<>SK;*z#^88Em<kAC`NTSzHjVF#GZfIhq-v
zl%d#Y)rTcr2$I_##{nNQhb)&@&#t3z4+fSVVEjzOqu@e3fjd_A8A$JLy3CT!3NI~M
zFg9V^6<Jy`|Aw()@)Pny>1>Ld!RKBWzR8r$vh<5!pc=tx#hnc-<>6Ux;ZIeDZQlQg
z4RZn;vh_|<c&8nRRk1~e&xo3{P=?qPGk@Y@^e-}WuI4u1Nh063ozyuY*2P>?T!rZ-
z^wVk(tOL)0Rs)bLeIzRzP+WiNa({2|s55-i*@?fX@jW1S`QYqH4b6Olr7Wwu55qaG
z=v=*deOrUGKf8r_b<ryvhz|cSY?`-wny}bkv<4%?t~@w9JwEu=XM?kqJ_S4h&jcP2
z2?dWIT;5XLGyDEX<c^0(bs7sOp<mCu{Vj0TsFDBSA=t1p-xSZV6{qydWS0E-LnOn_
z!lKs>^e4x$Ex+U=xw$O9JQL}JP&N_(Xm}YSYGl_bvORpQM85G9ab=^$?>8s>rjp%*
zhq6CAMP?YVUjJNQ^oDi*;BLeiU~2*UhQNN+XGeFP?L;EOg0WOrHS^!;7R)R}UR;=B
z-Z^vPHzV#t1k72-z=V>%ZpjXJ%lfv~RV&;}*Du@YUb=J3^3CuwP53>j7k{fV82>Y-
z-(lrHAc)3}RDYhuG%(twMl6{KS<KmhjU=ht6ZVr7+!!eO^_$r_R9vKV2rHx1)e}c{
zbD$9TA7rP9>dDehEYpr)7lPXm+{18Kj|IAM_u$G>!yZfqxTjDoxa9#AaKmrq_Q59a
z&rnH8>h>Oq>?OWLD!8FgEI#<v4%_yz`$5W}35(%*3;c3|?nY{+o-Q$pc@Aqb9cV@-
z>Jc;`Scrh#z`&RpU4*ZH!W7%!<RYPzFj;rth^H5V>Kz9II18QeA9+JMNzx3#VY+<y
z`($C#t+=;If~d?_cMlLpTAJg0TIIR4%JH=7iL~k|PHT3^pYI?QYf>D;x{s}C!$;3q
zo#R&LWM1L<yt;FFb>n$+C-UYFo2Gb8O3sCn^2h9Fa?iW!&$;Ty8dks6GVa<i;o2}>
zvT>qh<8a$>+gBGH1#<Fnk~=uI!aY{82fpKW&xGAGX7^0mvxi%UTc@;qO3qhbeKn=y
z?1iT`o=YnoODmnUXP&ngpR*UA+WgG+u@$?<Dz1X>xPAA8efOAsH>*0CR`84B`g3XZ
zV`=r#@{^f4AD325X-L6Ra`x&e4xb1Imy!z=i>HLhJ7D#?tn4Wcz!zF$dd43)08<Ru
zx%8aj*2#vIZ_PT_uy(9r?Qrm}etGcD!BfY^9rGp}^Ty!2Y3r~?6+%JD_p%>b_Vk*^
z*PPXlS2j;nHjfu9nJ8E?yn1*w^gn09F>?wc+{a0F&e)3GV>@;sgm1;w@Ey0iC+zMq
zyIWp-oMa9DNylXto~n3K9Cy@BIO?W2kWI92sw_IjDn$5>+r1NZ@0i`oWC6m<cRkd7
zZ}($6$Mfb-<judrhI1=<X4k~r4Y>E*N^t0Mp3Z+ff2@A>TT91X>nB|6$4g-JN;aG?
z*><jE+jz;2iIN?|ZId}JkYD;%GFiWDqJB$cmpc0U)8s*Z;r|!4Sh$M(w<EDVG7@=(
z_aAu7{&ddcInQh#cQsD98prdRCi0qwR}8O+js!@QiIo94=QuHMe)ZT`#Wwhk+qX~H
zw~yJkPg6~GRLWrY?x>w`!0!F>QSppb?1k^Ry<@`OF=p=={qq@ehaflqh?MbD8u_{(
zk@p9|9CEMCEMIEperzvVx={FW0|EGxy0Yat+#5O8))e85irm&@;mu?%q~DsKvC6{z
z%#yTfvGB9Z+*J+2&l<Fl{&{lK8WZ=nDQQi$@OHX&jZ1jjrN#7Y`&vEsjy`Ga0^yyM
z+_iPWJ9S!2H(J&?gm)d9!F4(Mck>9q_nXQ$lyPHaMH?-`xS1fFQ?@CWJC|F&*&uwN
zCjciatUDU`$%g8kRoV|L3BZpUXYO`!7hFkK7Yi5aO0UirF6L_?{cC6G9zFN5KFPxi
zAE%V=X%s$g)Iu5-7k0k22TT{H2hn;BA;1VT9Mh`@5Qt!b`I%tT)bj$i9I!(J1#=k{
zJfMRBSF8@RoVeGH%h#~jw|cl5tEHi9khJ>it|*$O0@9U?f3O73WD%qz$Uwl>JGT5`
zj9py=S@^0AUw0rtM-qC4hL|1zz*cy)v%ryJ*{mA;m7Z=9)<KG%&4)VJB?Z3V<kIKK
z>bgp9{=zAf#aKGUT>&_CMmQ`;1UC867l>=nO^gjw++}d7&?aD={~1&rsxIt`hO(d1
zoy2tp9Uay)z?LHdOQ>C~VSUB@p3~XftoGLI_InO`-TT9x^+VxbU|%VelE3{T$=xxf
zS)$VdcYiPZMOMuhtneS>tF$I_C3Qn>6PkiaQ`VR!i{_8!y+ocRS@3gJIM`71qPNon
z0n~n7Rn`6;_*vM~^1r@J7V4NfZI;VlAx@hUyLK46gJ6$N-th`K!G3e!!QpSDNB`p$
z(k|#&fV5NI^*X8K+j;rK>m+w;7D|G-eNdBwpYbs=vymW+R5Gt9=Gb7AM$s@n7z6B*
z1@obBLa45bpO?RWoh%+?T7&_4h-a=t<`_Z7#I^X!>f%T!`iPW+_-5_sqZA#JuqQA*
zp2=A7d*GK|*8!OWFs^}zp&p!2nbJ=zx^>aevI}O%J(|%oKOsLSgOLe~?83+wV$T@s
zY|h|R18f~)W7BSqie>!9un>X7skJUzwhdFbV^seh4WqgdUs-AsrZzMCz?#BH)&ICU
z(qOgsU~NO(@%{9Mq9w5%)fgGzf-|(Qb`14aWh{UxJi=EgGZE<2Ka+4XVoxB5b^8{0
z1sioJij7fXoSjtj+2t@+{~;`S3IXJUs~jfqIAR#tConZ_3=HZa!}FLG>)H$W`XU0>
z6r*H_W3?HxQV_g_AV!l38~;QD_MdUZ2uwgJ7vI(v`O!G5@B^&Mq!w%LL&U}GG;3I+
z{(*v6BTRAvy$EIDXOT!c{9ANZMCFK$KeOsg;<2_EKmUo9)L(ALF>k~<qnUo`B8<(2
z%(&5kC=!-s2F-<8j4tCW8L=RLhGyP4<Et4<u~Y~<xddM&Of5~Uei_kSkPowoH5FO@
zuwFOJ!pJN`Q{ZZWzj@{E><hwQgm727sepxWC816PZ(}nv5!a4jIpW^O)G(1>c$?fg
z$c6%^AoXBg52gwb%tp|N07E+JUoP2;sa^y(A{a*SAcE5f*p>62V(J3~=Mk`5oqxd;
zUer;44xNLkG6YQoCN%pIr+QnPnKd;2s$oQnqb{y!38&pmf$MzmN3i<3yiN2LC<o-Y
zz#NV2c^8f|Zhx25Wu%O8;qN488;gA9OYf4;<V)|7>d|k#PrPJ?BYVndC;3y{6+pFY
v8Hd|bsq)+7WdG`21_BGvmEji*|Ht^;kZq-o!1mxWxGh;8I7c?I8{+>3)$04$

diff --git a/__pycache__/test_service_integration.cpython-311-pytest-8.2.2.pyc b/__pycache__/test_service_integration.cpython-311-pytest-8.2.2.pyc
index d16edb26f56400528d62a4ef90fc7198120f1841..2942534aade57b1d147f18a27ce96ea8f09a67f4 100644
GIT binary patch
delta 28819
zcmdsg31C~*m8hQfU9zpk@+L1yY<ah{*xBu7C&3|!v)~Yn;wL*wyzwLl;@Ts(&9q@_
zp_ifnp>=6X<3gKIw@qMZ>i{X+luEAB7?nU6y3_e%ww9(q|2g+bPfxNO(&7J^&M5NH
zx#ym{yz|aI@7#0meR=CK#jRgdm44G;&`RKw+47k8-ET-FuVW(qQN@tAzjaq>eSqm!
zx2ahPEA7_wXxp?sx;9;pzD>_afF|oU^cdTWJ*GA@O*7pYZ5cpkx-;7{rIK|LR(@E*
zDjt$bBoD(M|7pu&7qTjkg;m3!#$)MJvf9InHY?ydkHur_lse+9l1^!W)g6|%+0$pT
zddSOW4W5ksLK)ULvl>>zGSG|(xN}&uCv$&pyoF9Fn*r3k<T`+w3DkU`21Hc@ISa@I
zGng$vb<Ut#fm%3&Y6EJ~45}Td#WSechvk8`k{M(NFwdDm%>n9MHutckZ62Eku$0XQ
zSjH9rbg@o=<ul3@LYayg)FPl(#;Adqq~O|%fm}6%xdf=yGpKWbS~G(>7pS!}sPlkY
zH-lOV)Oyws5Z_zqL>Z9h&tP@|bpcxr*SK&-UIpYWnnA4uY6DvZB^qbsRYTt57*%xr
zH9%f6gSi%{OJ`8)fVyl3wH~O;XHe$@b;S(o0-&yB8TmGeYti^>*^3NgAX$p9G8yFi
z3XZXmGUY9doqSh$E2AgNRksyKl?T0^n><`p!}WE0+I!tSo~U}j=iw0J>~I^&gwCcp
z3P=z}sGoee$xa-f){~bu=>x3PFN{x#q*Kny4$Ft7Qpu2%m9q*~c})5c17jHe_|LEm
z^M)8!H6-a`ybP<J!66@#-7jG^Lvn!H2k<g<Eu0RD)4p^FRRKjFoX|3A=2^nX^D?1t
zk4Td&1~L7`PLBN5OtzYG$PIrn1`9VaHY7+#mBH6mFqQx-PwpNxrf6|VFEN#um?bVI
zs`YvL-JILs$N4xTG<b<w?ox3k?2H*f27st?uiNKYv>=)>z;*lFou2l+ixzl#JNj5p
zRLOeyU(V;}y!|dIy^yGkbKm3xxdkMJg`5TJkhl9hU4yyp`)~5MclL4Zcq^)xb@z3+
zyL~IFF*6U?d|LpFNG=#NZ{L5^e!MMYYz!M4BgV$_#+8%Cl@qG4aec(N{)p^?$r>@0
z9+!npl@U|rdDHw!)BKa`!lq>r)3WoXRg<Pw6RX0e^?`_KeMr5Yv(YZ}_Vs$Ava5Es
zx};H=ySpnY^B?MuDzGa)AZ7M*o=y+PdD!;2c0~1@$KBo2?(XRD_<Wa`>OpO_&)e1O
z_789#myDBRy)w9Tt`snrf~$ZZt`b2bW(Ab{JZ={1#M|pr04T%{FA_tNFt}Bai`Lh7
z2Y?aDv{b6tz<h~)VE#9hN0&xyrPC55e0vrDn+B>S#>^wFN9P^4hB9m58#dIgj~Hr4
z)=mMPy;xj6l|N_n(CC3sUj4K}rqNDI0K6$vn3V5G0F11g)=Ny*kggoQcizPRB9xbN
zw(;jx{S5Ql@uiwiGYTJcu$(-p{Y`cUV8RFWM+SdyZ;}vqhBNp|Ib#U0Dpm~-87-@0
z^{jz49@DU<V~QaOYhDJdLlRKPjF#4@`he$9M|Yq5fY%JwM6IAq?%u9}Znxjt*9+R=
z^TF?+b)Vngzoe!n&Rk9PCu&II9yE)Rfxh0V0q>w@z+2_>bZ{R3V3sHsGTm&Cw|7ua
ze_|}r%p?}74AJCb?R>GkwEd}}nKdp=RJ}I<Bc~mP4QLrEQdHB??e+Bf+r4bm5JUNX
zMNPC+dm=w8i4fz`pk~s+6V>whsJ+pQ7;j&%4^1322)ft`0uDsg{aoKcFX&*@5EEm&
z-{0Nti|RW1`VM$`d&ms{Z&dCc@b7am9NynCCaUb{>+SS*`OqN6R94@PEbV*-cMD|f
zf<NCj05EC|j$5w3{rZu$7qjeBmVzlq{*--r^~LO(DeIgmN5xcr*_3m^R7u^GqiQOr
zW~ylAbe7f%T8KbrwkfA207ljxS@fxv>0*gKbL49BHQfnj4cVrDRlzkw8>GSDRO0a9
zK2NSQIGEeWLBmx{A30;#3v6?Y6}nq7^EL$ckTzq9;(kDT$3JbnjnQzmfV<S(eZ*q!
zV2+WS%}!<qIcly^JPa9!#{boP&cN&;4;Iu{ut13FdpvF*4D%kiUp}r2NWX<Y_*^rA
z3Ao}d6P%a)tsq;s7gF3l1pCK}ofc-!7Xgnd{O-MQZ{*!xpMOlw{RH!Wgc-8_L-pK`
zNn7D+vq0pY!R#~SJB1GBQSxkIg$`MHYA^Y)aHWp2{v3%vChLm|b$FLJygs-hU(xYJ
z*d`Z7@CyL0Y>vv}2;fm=C+E4b-5vYg%M0ijvi^p&7T?H($WMwZn3u_0#a~eT4alDw
z|7^)tP4@Qy<u6roZBy*xTPC=ZWV+JEoFb~K<z`VQu)1H7)~aIruK|S%7TS-sNA9Rv
ztI&WpJvu&BwNF}#)nlzU{Cf2Z%^U+6+(}4AWqaLhthK8rxKpI7cBfv7xpD+*hCE-p
zU10+J$K!MAtc+X>D5)N^jc=<zC||q>s^Gv0mn3TB#<5z(&aInU*6|gOK*e5UG$P|E
z#B}6Lcb4l3M1P220>K#sPa=34!C3^)B6u!%Ld!VGo(3m)^^nd7FeZ&kt82NJ$sG;X
zGp~?8HdF_Cfeeoc+NUn$!$w_3I>KW24ynIFfKuarg8=);{SLwJ5&Qwc8wmc0;NKDa
z9{^BKs)#X*R)NnO?#&W}Zy|Ua!8-`vMervCe@5^g+458#nQE+2*g+IO8`m$sRhzvQ
zbM6KZRrYxN`}$bkJ=sORv#Nas(zzUz8*Ky)0H;Nu#{$y61KeYnLWzJ8O64XSSAUNA
z4f*+MR>>jT9<qE*w(UMdzXBkt@w>S$4;o0Wl^j@;6Uf7s9>@H2_lA~{0&@wlMdjCQ
z-qs58c0i(q!>fqPnl?bi+>BMp5tJf8uaCPIKr{m$Gye9TzK#QE-~3=#@kVS(dna5v
zk?83_D!}&DoX6J>HrT_xiPff)d_F_Auic<11NPU(zqYp1SVhHvit=0MKfkf%bipT^
zxI)OKSHuZ|;fj&gN)~P3*Mt`xOCyGtPKD2*tk7_~`};k;tV=ngIL}UA+5QEojv;+J
zHtv{*g;Bg?%wXo+vi?K0E??pD<%NjOcln}9a9+?k6sbN|@(O};2+-JY)mY1U#HJ9u
zMBKX^#I<vwg?1IMuq8G`I4eWAo&C~chWu(Lmt@r3yROP_6<E3XP$&A3l9<25EhM39
zTcsroDY*8wQhL$l*enW*uYI;6a~LwOZ9@&URmqAFmGA9?`>eoDQ%y)H#=YdrZN-7a
zP)r_ssUwq0VG;Dim66a4)Q1j__aKOn>PQWCw+;avj-o+`?f(VAB?NSc{uMDDRiSqf
zttMCP-lJR&rRB`{w|76UoPQ&d+Yq4CxbGoIF?^ZWm|)|gHgfST8=2U9oLNY`9ZMFW
zRds1Z)(8gzuQYV5D6qH^feHb&P+)&w>S$4{0Yd3`CHsW5I!(ianJ|QUJss%16@pg{
zUJD!R2eEanX`&5l`G%FyW>md>>!vlRX{lB*eHVfmF2+H=*Hxxi5B*p^{#w^s`NA~)
z;8Fx&>KpL)5BS?zPdDC{LolGO>n;kU7<_8T)U4Ns&u=zid|=d59pWFlC@LzYk2c(6
z+JsVwAHG-xSc=S<rh*uIw&<>bYugBaKB<(vQgu`C$Lp9Za(uC2oat?q&cn-%%Dlau
zi3i=Fv1h>NFWl=X?DY0}{T@!rkWco{%cH6-NHVJ3;qD&r@Z!FY{IK7x*afZZ9xu7E
zQ?`Uku?W(%T6m@z(0Leu`QD-So_&Mdcd^skFuxT64p8np2p%U-`C9|n%9w)sIlS}o
z9Ok`-;B^3(Ol}{TM?bYMb#-81<o$>0>c;fE*6qY9u?lL#xW1cHpM@!-P<S+sY50j}
zxe}(csBF{#)6w)kG#k}5^&e{In{MPs--l#kV27d;+H#NQ9{j7UiC#FhDCmm7d{84?
zc-o8pHeS=?2(F{OCMUm>&Fm$8gIg6|AasrYWN?pq2YvJl;)GfiohZhroP#M1hjnzp
zpG4BMc>*%!o$Zh(WB2yJOqvC9RONH`^uzp=ihNAQKXbQ}L!WUvd8q?atOMAKJqWHx
z&`wT$rpuggBKiA3st*^{-T?V7Jzo`u8&ZVDu}GsP>O-vELjs2nDLx6rp79S3U(yD!
zVZPTB=nf*!I0Dp)L3OX^rYag)>Bnj~1XN0irv+_O^t8aTRF8N;VhPc8Kr-G~6Ni(L
z0Ov=Rg9vT{;4+AmhZ^E5wc2z@xUmY8NE-CY(^+GxQ}0XWLc3H%ymYV|HzPQNU=V;0
z<0rvu)-qO7bJr%tFpvV{BX@n#knnSo9^a(wD|<Gjd#K~{9NZbSN7Osw=3o=lvzqPM
zj`<7;e<e$aPn*H*<k1Hg66a_kb0=vU-Lw=R_k)HS^m1zAUd~*slzJglS?Lf!jfIwJ
zr)Z<_*nMWSJa9L51)aaBoOS!%Q57HG@Fo0@gt<)hqtTRcS0h*lwTv;`=iw)+>KK5K
z3;0`$u}LRyVei9csBvvZYzY>^hqP_RQyQ}$CZGLkWknFsr~+aLtdGk@@<Id&RS@~o
z<l<L1?@9R1iHGxXEHZ{*5CNTPmSW?)KaDi{M5Ze84kqzg9W}+S0X#_Vptr-r<-^0;
zNlrf4ptuW4-!}fo2Vd4QkCW%VeQn?(mijjYXb-6<xPQhbJ`2E=lY0FRBNNqA`W&VY
zOU?S$)@yk4{W&bjU->~a>QOm{<3v}TVlaOn!1@HU$=!<OZ$of9f;$j=9>Es?Buy}=
zkW%DxH*!)phDrr3E$_yBfEXPfcLIyg2+2bJLkdqUR2&83>G8G`x2Ts><+CCC2v+tf
z1fNELWxQCLS15uQZSNv7^8zG=r?UeuVEUH;(3xWoaThSnPtp)WU84e?MYdFeN3ix}
zDRW;!8j6;?2eE`o1u-e;RUl<nmg*TMOW2hq@&wX}l&T!P&ik>M%L^9`QU-6S|BM}d
z4}dR=I7@87_O*<XbUZd!aSW<?Zv2kNlxpjJSR)m<NY>=|nWbtp&@N`Ml5BY;mnfff
zZ2k#W_j3gJ+_+>EJ+&KLKKeY5s&Df4f@|BydDoNzV?xl58A?ogpUnM4Lef;KR0&a^
zW0FpiYFeSbL0))ruKO-5k|I^{OgN2HqxyXVU7q%S_aQV7{ID*<YN&WGAx0G#<;Q&h
zGvf7%G3d_4@h?C1PrAy4Pfabalv@RPQE7X7((Gh45C@xyDO^Kt`dOw_Atkr{%o(^5
zYrGZ#>NA)24nV;xFrQHs%<3R`$hLBVA&r`0!U+>*e>=KpUWi<;<&I!G@p}=FxNQ8*
zNb&5cSxFA_b1C=d7VK9->jj1X2n9Eb6?{E*CfR62wcsGcBZv){e<fCyOouirAB7%C
zq~mMCf6_5Gl4TcKnAPOA3s*B`<fRJ*&8XP)j(l=B#g_aYjqqj62-FJh)(B~QWqqI&
zSsz63H3Y9=2jkLAW1gw+PlcI~-sSB`vh_&S^Cr<#3Y(^n{uE`;6iXPH!~!NOU$w6I
zXuBLWVjvfW?jWpofbwwky6H%GFZiPdrjUI1)kfuGAc8s4@#$BUn#OSy2UX|qAx1Ts
z>NHij$FLu0MP@{4NcHb?0)obhWSKd`N?>s+Mrt1tsz>#ds^gU^p($BJOOj;-&CtuG
z7FLI?((8H?vDC*qVg9gA@dRA)>hY`pFr?B^&Nk$1C6PCGtfaFBbmJ4VFn&7peV}1?
z;j?*yM@Fuh;7&lAPc=d66!E^b(S~jw@6}18$^$n+0L+I@-1BdJmKh*h-k$4Ri454$
z6}Y~_wIjFzfg8c&<V$Y{0@Pxsy8D<tfQ1vzvY8kA{g{<v6i}I?a#&pPanEC+gtSw=
z2rMi(5!6j+0t(fH+c57rEKUva3y4v7i7FR$5vaFJJ!rvY29GJ@gq8g6ou!JOLW!N@
zW$%7p(JB%)*7_sJ=>i01OJ8Z?CWKV~H=DR8v7K}`<0;HQsq<mpm89;k|B`1#BAW3e
z6TT1#gYD!GA1omSA7ql&_p_M0$iDa8HhQU_Kz8_xt%Y!_$*b>g0fxE{79O|?=ya^Y
zeC>c2qHm(8L5dp;6E7e3X0{vf5h38sB>X|E;^)xbr^m}b?9<kL87td@U@L-k09?wb
zoX)^nk+L1Z4g@<9><T`wX7U!GXrsnhI0W5R4+QzB{1T5lI<pf+P=YxcW^myYv<>F6
z8Gc~C>h^YX&*0Tp^5ka`$8aDo*%7+b3E}eRG|X1!R4`A=EZ;%ZS&EE;++gmjf|<MD
z>+a^LPw)cv^`{7ah+qQ282}*QSZ9BRq%R@}Bbda9{0jXquv&aha~3A}7cH}$c_z47
z$5aOr#wmii=Mek?L2B$0XfEsQ_b6fARoE1L0Q?5)NsN{h8&3PUk9IO;9AWz|@dGnu
z@X&hS#L83664GA5_Wyzy9a?`ytePQjhHSw>JyWZA4f5|hbwbY^Q#$c>^RYr4MBEt!
zIDohxBX}~nKZ{u~4{ynslE3uCW$r+Z`>;HnkbN%rlPso1@hhOdaLQp}8nkvgx=>Fb
z@IzIO*8F6!tAHuwqx`+WI|>+kfa+H{*2f@dLr{d^2Uz{nh|%GC7O_)EL!*~|0R}T(
zM39IuyoyPBPcI^tm}KpS`nvA;_h5;W=_$f1gV1<7Q%PrJ?ZHQ#pf6NQp1^ui6wub`
z?S{}AJU3&Z8E|F>di`S=BArQyE1iC%XhDj)&<jumPy}x5s!jAPqxwPZDisX1tAD~i
z{uu#vU#X^0GfP$D1I+jk0o5a_DQJ45`b0#mu9ou%B-otM<M!7X79^I7d^VU;IOvoj
zs3~G<6mJ7}<ka#aW{;}zcYyQJgI;Wf#&O<2TDqGpGRDElGG>0#x*i5~n-%Xu*$+?c
zbTPZ7b-%%SehYxN`jQnBF{E{ZOKF#C!5hKXE0}V=($}%<=OjT#C3B7P&ydKHo$9M(
zZq?*-*iY<iRLaedRk)#vTZ825gSJIXai9ZndI2fckg7UfMXcQQ6D~Qo7rFN#*pJ{6
zw*0XaSAo^M9(-aE<Fvklc&Z)-rx!8v0`xgjg{{$t$;VYXm)Nnq0!?$xs%kG|pQ*mR
zgV?+1QT8c6gq{}4PR(y*y7bJM;Qgx^r;@*m!HLyO4qYte*9$wL6hwgOrW-DyOv(2G
z??99BXOA`WPj{+XAID~-MrNocKZ^ao4n<52Vscm#1ctW&*7N)NKmIKU@B<&)!f`()
zjub3I>J{9QS?@^l;HSggmj!(<OngXHi5kcFVuc(oeZ{E<AbzO}2!lnmD4A|xP#0Jj
z9lSyRICtYB3jW_DivUuq{Ly!Vn?@nQ_B(M1B>0)F%o2qXi2F}Hxs`Fq@7V~u1<lJe
z(wB{}NvV*u{ID#*GOU!9#rE^bSXGw<cI_#Kr0wW!(+}*{leWu+lonDrM(KzB1grPs
zJT3NN4M{1ZA7@Fi58Z037?ur5M%8heB>0CFjE-ooHdxI=vWK9}hlO?-i9d_nIp$Q!
zhZVz0jf9;151V#K2^$A99)O*=WaL|RdlqY9t*M&~M~!s<UpZ@g2&D2b{P7>w&Sra=
zM;s5q#XKxr(6GvHC3kJL5RJvGTqqe<`yJ%bEmlTNCVpolcUBt7M9?N>ZKNnC&p50Z
zQtwCIp`S0lXtS_6tTt(1qGVW0Mk{Tk_GoTJt|QJWVe=CBu#U|i)(`21^aGM%!;rz(
z?XMuCM=j-S!H}VoVV#)ODNXLDze1=>vfob3&pQmsl&@N|>)FC%(n0VchmC9zTRdd+
zGBjoK*Ch%kRpcPy)++Mt=hZR|n;ZP9gR$Fn>>R#x2T<=)IyjehaNd7?2UVGD>97vk
z)gI)#6pYKPjCRR|Ssy90Y%^Q#Uzm`^{@h?j4U?NB$vkq`OW9`5k|ZZP5*PI{Y&lyI
z6S0}CWUGeEF%f6XF5=*Y`An5eH*7!+Hc}0)1`Vzm(vId+O<lm&vUSNy#MUR&1$1_P
za_(?uOlOb(;3IWbI-C{LM@Ll_`#(q{7bf?1K|&zII<Qg;A7uU!)iiOB7k$ioY>C}t
zMcx(MV{7~#&$Y4*Vo9-$|A10bAF#5E6TM`Yi14Ked|2mSCK{{GI6iD+Wy5yZYi=8|
zC!6@;Y%l}aBEuDpTM6E9EyL_9u@cLZtps^(TdrMfZu8=O@h>CIo0IeGqCCct8(5xf
zN#eOfDUYXFxKgfg7Ow1MIj}2^DX8Uluq$iXrXfenO6AOMrG#$fz>}^dOLsFfY=A!-
z{MkXQ^3g)HRi#W3{>+srMvJNKf<pn1G?P~*?6S*q+;GMbSk=Ps(J4e{WgRp~x2bX4
z5W5~g*XaV>1@@zruy^ixNJnixPd99&f$65O9f9t{h+?La>w*2nJ#->G=%}x)UsP2)
zzp8FgYhC@4+FJNlP{{Adb3l_Bq78YwpoR`5Y1(edsRoY&&pr$*hnOK{Om|d6DqoP?
zIAkker9&!sCd)80RdZN58L6=a9W_iA!vvRCGjrtd++fI-Pg%%{PO}o87xGxr)sj)C
zh&?&ftP+k$sAKm;<2OKOVjsWYt$^32B1J2zvQ)!LRsx-q4JikhVNu7_v|}2~n9(t<
z&@qF!M)?;F*@-Ty4YZ5ekK08Rba6;Fs-_B2!0J+TQP0bis}^_ytRaQR7~`?BCf4j1
zJS+(~d#pbB;RokRGCO74BrJ9Q;whJ{g<sx#93;urqK4%lIE%?=5#VB8ES!Q1!4SWL
z**<?>p&Zldepu+csgGl$8ve{oUHyEzxihNgXJhUDz5||K?q;m#F$6!r2Ef~rL=E0v
zSc3Ml?OmL^*YDDb0%GX`9;<0k^$jd3gAJeb_yZKW8!M%~)*+??|BE|}ZJ@UDfn-s@
z1GY)o7jOlTKiJ}jrLcC~kl!9Z9?;(1*X8YPhi(6E$fW!D<3|a|qpOPo_kq^?-h{#<
zk}0(_6#q`f5ult?J0qf`zynA)p2hPBNpUHGDAXfRLh3-Gb`cfp6*t4T#8;Y9i@20f
zM0_OzkuRQdB>^E@sOUd?DgUV}3D67W+ZK8t^a+qDo#_jWw>I8+RaobY=$xaCle&tK
zuHvNpl={2s(>dYV)sfoO&*~;?w}ooAO=a1R7JNHD)Uff{U18Ubh-*hEduQm{-Jz`A
zA^q+tQ|6sJkM@Nu)hDGPQ+-HX&)IMUa89`Wmvl9_8dgKqg&#pU8aM+e-<Xsi9(q(n
zoXMrEEnd=Y^Z2V)(W4aHXCXgoz`9^Vi?;)`PP|&18b}Pt>DdiA9_dJ|oekQOPoKmN
zZ7k<rz{Y=xEx^GHJh_pw(*d^i(5r|Qh${I`U1FB<AyS;lz}3(Jh9fE(Fdy{#ys*U)
z1_j-z>2t}W>ONQrz_B0I#h*7`k1s0q_Q75sILOe)9U4^Cz_Rl|w_mhs{TZl`!$%Uo
zI5k_ugx`pv;5TRoT4H;&OXx|GM2tCVgmXVQnqv$0QR6^A>^6c&pxfU*;P2p0V?)gd
zjv}}h!NUkXhut`Wz=TONf(!&f1Su=p0cuywcw>Ky*}p@O5{yl@Tv3G&mf-z-EXa+`
z+=}2f1h)fl<%(jp$FMpyO-bvsAa@OKmbgHC*_B#4@a1ALGaAHs8%y)iGsOOk;5`6Q
zUHlXetlCCR@kCrwTK>-9l5W%(!{gf?E@2(-BftPK_n{V14E*|XA-<b?PZ48UaHaN>
zD}(Odf%fwi4Y}b&{{D+a^QMYRr*iT~R~_#NS?b|Cm1&#G&7amObKqzXfRR-Zxoz4g
z$yrFTDXV>C)!~+Dxk532S_0r3+vv~tOX$zJ8xPXoRA404>vG7Mr)+^zMbQOIal}$S
zm6aPZm+{}JEXRcm>)koWvrm6Al(!MS;fzg@j7{e=woPVi3$^YJXIvM_xNgc?5}Ml(
zvNTR>6jtq<5&&=r&Z<44c~>tn=0yx8qZ`78>WHBl4%%s!oh-Xx%ej01X!bYrAI$%%
z^Xty@MGd53(h{)dN33(tTV0b@*YV2J(y(=D#Jcpz+Gzz8q9rMK6YF>fL4uYJd+)vX
z(vhc?5=~=B-4IbX2oMnXf(geT@%LPuPfX<TFwGJe(k2DYl;Xe)6eyciJfLpiYf0he
zlT+&2kh(S^f{+xxlOp_FoK46TkTA^>7?P8LT0YHl11=O3Q=o84d2y+fB2((RP`d9q
zbzNiz9psPPVVWm!@JXQa6d@^4gd%AvK;*wrP{73$s5aJCAl|mP4WZ1hZF3^FN;*2q
zLuUL=S@Vw`{L0XML&sO0%m_Q@N1XFdHb<O`LY4+N5^9Hm0N@=2M|AJPc~UwMHo`$t
zI7d1yVKi4UC)ZynC_c9Tc=n0>Z{?2#oR2uqyH-xR@Mx}UeZ;jsT(BWhu;Iw&X&G|!
zWq9}|E&mRMV)|@29So_J@XQz0D?{p)5%o%tKmGum?R#!^hA_<%7}6&BY9TA7ex7nJ
zpkA3$p06c^n@>(l6?o_t0GOH?7|oa!yd{)Ku)Hf#1T@+|!r{qyZHc@T3=CYXRVW0Q
zR>JVbt{@{(6=hB&0fY7v=|nbdgo0S_63ryAM8R3Hca0KIVQU3d;W;5Qev?!<FhhrJ
zsKYkYVVm}dR?y+A!iJiNp$64w19P(RLVnS)w&Us(hHn|hOpln(m#vsATXFiPaM`*@
z*}8E4`bhrzBQ2=H8>kA$A*%2O230slS(=p1*Di)J9gde5XI&)CZ=48h3aK|m)T!`X
zoCvw%Z#bDgDaxI#2o&c_2@FCdKnXzGLK;|kCV&EQCPiSIt!loAkP8Tp^N0YUiO^Eo
zWJ&>{ZGkl{LflV`1pWzpm?!nkj_WEUPt9$%u2IUKUZRJ@S*3i9R&`b@L)^e1Zd}hm
z;-{u1Emql!8f1FWDsOS9UUVSSi+K#<`D+Rx@$=<Nw##IZ24p%XlW$k4&Z&^;9PB3n
zT(=gPUan}CNcU8bE&pzp{z(^KOp?RWj*JEYa79N4D@%tZ{F)9a=(Lgh#`4MS=W`S?
z2#m^uXPOwh1zsY-s#4Z($QSOhm$T}W00A7Mhd8({c}-+k>DQ6FELKw9Vv@t!jf&hn
zUaZB#_I${I-2UrE61oL~?r<2IHA1_lA@!(%cCnr{vl+>e1vWDgdxXZal5>YOB=nq(
z+>);+zl`e0<5mMM7inWXxVYa$TvK&5+WnbuTj&RuD-w%E!+O>Ni#_@wLoCE(95VWT
zNJj3rS6GLP5Mi=m-i$zw-Cq^24<bT#x?Dj__kuKEGT|bHOO)%tMT$%aI@wdmuvkQX
zdaoXijlm)j`PX|5fZez-JCDsiCg&H3SO=RkWQs+k%ozM6q5G{&E_v0KO=@ziI*bSE
z;m-)m7=lD|lO(#}@0MsrOnAR=n8@GGD;zj+iGB795!N9Uzf4k0E`Avn;?%ehCmqg=
z1-xNJCvP}wC~GJa)`cuX7Kqw`NOk!`77%Fx(#hwK=DUO&JCv28SkBo5JobY$0v`QA
zb|DDZDJ-;E=|Y<|COKPNa=P63g$&`!VM$iju!Sx8AJ9=5bTn~;=Oo?WzkkTsFEeD|
zJvF&gEC06+7?WtgK-|-bHfOF(mJ~&|$l1A%%!A;$gSlKjgw7SEEfB3CH}+)(a24e3
zN&pzMhBx%U95(*Jb^K(T1<_Fj#!6kv7XF;N5og*rLjjIPc`%F#hmls{51hcGyKkSx
zSuwCl;%ARn13?He2E;K&`a+HlcW*leP1<2MzJI{iz8B7z_V)St*M!72yC>duv#i_Q
zvzK+RIEV9Ryp|EkXx8XIeSbK#=GxHij&K7TX<$S1JfSXcsBr&?gucFp%fN2Wg??}W
zAv(puyTsClrMN82z)RzIYG-58fq-t50tBM00KEh&r14^k-HpkMnEP)CUI#E}Ogb(G
zN5TW%UN}VS6Gf!Vv9n~pc*rItHWgLzJ57C;lr<<YpJ*R=aZ2>(qr*9YSUe{YzbVEm
zqdRnzcmWuX=1-N}gUQQpxlf7sqy&jl0zCAs8qod`Y=K62jw3dPU=TqG_M{YB#ehy!
z3xa`nsL(C;RJJsDJ=->&s9umG?#Zvgy6Daw8VwR+K)NV>4U7+KCHW;K8<wSseP6L&
zatooE7f}^&RbeP6a8YhLFSk$1?HAOhDRthIdVfg0|4o%#0q+R{Fpc0{tz_=X)4uSW
zRgpQX!t$b#jd$9PW>3rKe*BnB;EIAW3<hOjE|5O_0-igBTH*lRb_l=3lZlKJjQ7?9
z;-Zw}UFAniL#|*JV!3_K0}GF>3>zvUh6=2;=J?GQ^f?iI@#vDUzB;0>4(Y3L#!<6@
z=2CziufdMfiOcLDHqA(77@xkVWCHfN5qlM#K~;pz_)VHY&FFeIPN1@J0+p>jq8BDm
zo5F^=h@lR<wUIfw>w>f7*x>Q96II`;8moDv=6re6WO>tsJzTyaQobSVyei_nDx}ZD
z>uK9a=SXpgm$Z>iq2d(2%GqG-($X<sB=`Qyv&<A3{f33y^NslnLh8zM>dJ_^GE5;P
z1qvVnk>`m~$ej;a$c~3h<n3>i2Y#K1CYFTE_`STSFmNctz##w#974Qg#$B!!?(*WW
zzAB=x3hAp*DiBtT1C&TL-sD9hVj??%#YB<H1$SA&5Z9xP<izXi0}p}`I%8>e>}Zrc
zS(UfSDtk(!2mC3ke3e7>ltYGi9)oy(vkekY&$q6z$j+*f>8wS*CR=qj8=21LGKlA`
zc0uBK#gdIW+4C!r=>?s9qe=CG37KBVWDw6<n+J(-jdiPeo@`Q%T$5(`R*P!Vf?Sh!
z2J!4wg^>6~W3yyuBb_uosQw>0Y5MzJe2r*+1TKE?6HSbbQIY=N&5@3p=|oI$>Erw6
z9Hm;;A~@_4)+)knBHT_MdA5itAt!%qDPXhdE-(k|@0huBu7ni*(n=i9n}HdzUp{P_
z$L0t-<#O3P(M~zhgvwt+e)f`;L|f;;4ms`IE9q1Ie{G*uT}ht`5;B9Ght8CphcWpT
zQu!7Af0W-9^|kmPqOWRj)NRybC;4ZZWF?Qx0Vh2`f6*DA`|+Idu_R~w5E!kfntz8K
z9AkY99jOX*ekuXX^ut$)-JJmc-oUu44UTvpy!;4UBi2oK&F~J`Oy^q-yI<c<cD~y}
z*L8*)x*`o-p?Uj4`@2JhJtH%m@5RuiSYL5-L}mc{nPy@5N<DDimBf`}`Vu~F7%}RQ
zKY>{C;S&zmtfLv?HwOm%_}(h<p<sKO7Y8Db$me$a-9C4Emm8dAaE5W7f0?%}U~Y;V
zEk5(~(OxuHk20pKq|_TuS|F9d`2si{T(F`}tQA+J6x<4^mjONSeMXVq^X&<#d#=#)
zwO`ir&6&sv<!yp*IOFO_#?|LDS|>AFL))(lXY7e&?1`;L{_pgB=^BzK{{9J!zt31r
zoh)iNO?H31H?T3J-WXA*hma+FCq?+Vco892K*BUjU`U(fnIQ`hSW!x}!IPkHN_oB(
zF{gk}skemGTOzYS$P&JjBK%yuNGKqp@~mN+Cvc=q3Y<diVhWT^Db81t!c3EaEmwX8
z;_^ZRVj_>H?Xkcw?h4=_|AdGD2NJ-)=L+Bgc81hDBeOurO8Y&>7YU@x4%56Chk9q)
zBws0HrPR(-plnKUzLFH?kXnxAacN`sF0h;E$zNkkc=CV?o;>1lPhJm+r(H|d)X2`3
zAbz$+zGlAa?0gyGix|WkHrOE%GB!)L7^(YRuSxHIJ49<1&;|No;7z@WWeq*~<Ck<r
z5NL}pZ6w$<68;}s#j41~FWF^kznUD_<Zx*HxZNc7=~TnJ>-l3a!di(bYv$P(gZS(V
zu9n0OzZf7SYa}-=x7%T-B%6`4cp@3qQK!0$%}j}N!){4f)3By2ps0fGg^WEoEM-iY
zc=!d5w+OpYW9MkJtc|tD)>F(!8);Yc^b|ujbj2~GAx%MhT@IU@9C{QVc!7rVlXHi)
z*zi35z)e=V12>s`oL?twY}c`3M^+DxZ0c%Cx4)E}{2ojO3h9DMQMv^cU_qZg^h=YJ
zqI2rm;@C{U#FnsgM2jGzg%^Km{Py7@Ongzq6k8Bs=N^^}>DYN>Y+-J$9(J&nc1i!+
zJGUm*IqX=%sTSWAwk$!1)hX9MYL~@lR+771{@>nZU0llY(QF)erR2kxt>okbSxgQc
zhjO;!kxJYiPo9E5^Qp2Kc{rh{{&*7#t`U92%S;*;U)DXucQn%t!oF&<>ivvB6?lc*
z60Fh&S|7FHD`|PRTD%Xs1LC~G2XWlA{WeCQabW_M9HcFSI$ErX-#48PSzHbPA9C|A
z)#m8hLUQ*U^j+wpIgQXi()@l_pay+b71S^y3AMUMVsjMS-;Wy^;bUpygVQ?!=XX=%
z)1(7?7XPRLq20X`kf3CUVHti=mdi?<hQznGA5+lxw=3uy+#%Hk|MQ3e7gV4~e9O8T
zihwEhGF^<2ml3Ou&&y2YB`w!v4Kepi9!U956h6(kEG@9^K$i+u_PB3eUSC_w??aak
z)NuivgSAGL+Yb5so}Q?p8Q<X!=OyNV0QlXyt#D27{zfnSuLLdhzkBF*$1v$YJze&R
z%C~ylY*fCvxBC#Ca1Q44&D9Ll)!@F|svdaXlDD_Z2b*2t&Fvh0u>?+32lE4Q&ib^R
zxU@8wvAx%Gb3Z+}QP}VH?^{v`FIN8p<iM*3=!_?EYj9!{)$I4di|*+Q%<xwE@KzPl
z5C5M9<h6IY4|w>k?E!dCeoQxD1z-Sn$_`$ArP`hNFBcN^&8V&p_3JeB0R9^SvqWzW
zWtB|oN<z94*kpY%rywv@SU%+}nJRKk6_&#O&Wudh-wD7h$#qT@!du=Ut8}Vxo+vBB
z<S<SbNX(hjPLl=LO@_?rLRxeEq^>@stH<rz^FqZ9AxC2<d-3V|P}cI0emU#_4`n5D
zEDAXS4WaDD)5W2zWg-2t3&y-qe#1!%0QmC%TSQ3R$d6ll;w%6^dSmhuEvBI^aZ3?g
z!CG1!@?|$5OtY9K+7F#}0x!HXJb-JL@wb$KsG&Y#rO^gTJh=4lzMad^LUi=?^siv?
z<`vSL7gFy?`9>%OoNUbCWu)L2<mj5B6?zg?P*HI<yvlXh(SL?6!D|lCzQC64RX~T0
z&bMIBeF%Pq;9dmH2#zAS{BG<(5P4FT?@|`t(2{ZKwq&P-5=8G?<_A^__WQD{a-4Gk
z^2`!Yz<9!44`v6iU(2W#lwRSD;I=`H^HB0{U3n;BS}ReQ`K7i8RFUk8P}Q2yIyZd7
z^1TuH-jIARaM<&v%oe(px?tLnuUI@S0dT=!i5Lo}Wq|(Lm@%z@Us$BduuQ8E(@QLM
zjs!C;!Gjf|217+lLd$lA<<~~!*M{WR(k<2h4}usUXZ0=++dchpmhaN7-dRiHyTmWQ
zu2U7;2s?9OCwWIWqk$ks+4!2T*E4~{2;;|ASiOTsQbrymCq={Y-0W<84FW^jBwsmX
zZBA(hNI-$YDdqWEQkePVlzL%Ey)eQ<@*i*5nMtDh<Cg+cYFJWR5SamiD10YH__;W<
zkSicznk6u#P4di;6)Uwgj`1WYoKl{zMQB5e(7l299DQ<Gvtx@*^0YN?^>W$Mb$Y~?
z%hxcfvy2SzvvLM;MKfmnBxA`syX+Yq;?LOS>vC1k<Ra5E1q|ZO^$m~++nOa?Z8CV6
zqrr4F!T<3x0Ph3x_WJ0n{GyKb{zGUps@=gq?_lPdsTre(QND%-ZGNzHCsP%m=Tzu^
z1!_Sxm_?1}D#S_=_z<9xjq0xM>xCn2*SP&1`}o(4P>V}V?B9?}1BRKy{}6+-BPc_#
z9Kjj{>k(XoU>AZ;00GX6D8AB}!?zQ2^aY9dR#xs9f-wY-B6tkJ6A19NY~0TgyoTUc
z2;N43FYMv)1v?zR;Dy7Nhj2;+ctnJ5E}(H%Y9aY&o-Mdw7n5b#4f#+);v0Z>X~3c=
z!%Rtn?p=%}*td(xRU1a=zp3CCcERj?bQjYGZ{mcda{x!-qzL>RhyM!+eop)7PYMXW
zw~HyAlf`7-$sV0Q8viepAU!Qf29>9r*D_DZ0&AHSOws9sk(FDfC4i-ZPe^N-qGvlJ
uEjLU{080g(Ofge5u_&@?`?LhGRB#ount|GFk;NOQC5X;|nMox2X#T$n!2k{b

delta 9951
zcmbtZ3wV=7y8b6k(o1^3L!m7SZ9}2lDp!G4xeBx(6{G?+ZPF5&Hg%GUt<`|X3sMzv
z)F1bFc9&fRyB_tpVJYA(kFW}e;BCG9>k&PRa9lku=y6xk<DT!GzfIDl!0uz7=IzWk
zGvCa-^UXKkOtw4_`_(>E@vfw#1cg4gcmCG7|5io$6EgiDb6?`?+-=1ZeFj%tOMGp7
zOG0fzi>21W6uV-NaV54S)h4wh*QUrkbEVd%lAO8HYSRqLe8q0OU9p>X8WiP8`s$zB
zbi3J+;K*=fHX4TX3zbHLJ@$5EZI(UGk-9#+Uu=)>ujva_wVUm%(QHqk>N$3cBW-<d
ze|1ulNYWt#m5?-vq(h^m$t2B-lBSS!Sd`S4O5)*B;xv-xM@iF3S`a18AZcNgG?Szw
zqNG_Qy~Lh<yHb0pJ%@0l&z?*FM%jlD7TJdq7DqM8qedlB(qSaEMoEX0baa$7pQNQx
z(gKqD#zct=Njx@6I)bESQPN9DIxb3jDM`miNk@`&f_)TCabl><hc%{^ETY0mA#tCy
zn55<Q5^8c;RGF2^CPzs}lXOayw3MV%?QFSX9rGDfS6O4Un99};&FKF$<|W1w#p9+O
zELF@mbCx0Yo9|}XVovN9W)a6@yA3?YU!B;-Sd%}HbQ?2WOA3aH`6;KwGwHu!rJ^?D
zgh`9>c)6IBSx~r|O8FWBEvB8jwB$Bhhs$lV*SUF}<E92)D{jfWiY*j}GV7^nX;!Ia
z6&ln68ig(EQd2V}7x?ea>SnR$*mP?gUoVE|G%%OglvBWFh#fiOOkGrEx&IG2e@J3i
zh$lx)%v?wUEwRO6^R#nEi=)-+;fuxDQQ0G_sNghx6=h>}ph+ewmIZoZ_<Tz9C4g#w
zX;CH{Sx;%r<h9ki9GcPP^mu!WTt)d-6vVW3Oyu{AhT=J+gF?O?#SajiOSXAD4(=@+
zRnpcm)#^d@sr)waW^t(n&GnkgMQq7zi){WFg!hYOC50BS$uVb|XIIG+(=ZPHE5I%S
zYc2;rnz_N<+URW3%#GY}L!GVff4$C|3$=Sit@Q@BLmai1vZuti)~%*DNqn9Ep3zsw
zvpd9zN!huZNT73|I4kr-fLHL%BB^|4YS=iS?suZL{F0nKlq4SH5(OZZ>*Nxme4go#
zl<)R`RKCtod<P{@)A#yM=e$<Q-$q6BrNz|S?2yxENr3uknX)qR9m?=`0h%J-m~xHj
z6G}hgA3ZgT89r3}mDBDs`mR9nM}VL%emi9~)5@!>tLEz}H<C&$FaH>@8DIh24cG$c
z2HXp{53mh@<>CVH5a40JBY>X~G%x~1Q9Jgr@-)~KA5PF?&<thc`BOs7TFdr|uV$6`
zmXp{T!{s;^qaFrgP3Dm#q6i%FUcg?!KEQs!bAaaoF92QyyhK2HA_+&4R3T@0U?lPf
z0lx>l0(cd02yhs1L=mZb^2A58$C*B(e2+i9VoO5q7!=tFG;@o?yUuObDVr&FUsX2?
za{dKC_A(PGoT5CDKr^_Tbyh)%)g-lq*A~kb-NgdpgGKi8m1qQR^o81fPsQoikJ6{G
zyMh|7N2!}Yi}%`ilfzr*wDW1=hQ&i2U!v%|t0vnRsPZ>xY+PEsyoT1`bIMe4Ost=O
z*}?Ci$_6k3iUI2YPH|>&PR;q2!fFZQ-i7*S2(&ov@U*#GX^$U(Y%uEoqKNC3EVP`X
zaxARp8>2YWGt&R|lFO6FN<v^Wrwi`*eA(Xon=ANN(1VGD_~8GG>@;!t>U9;EYhONC
z5zD|qQ4iD1wzf7$tKDjjYOYroCs%JZe5#1{HH#9yg$S%##gR4nWdlu~KZDYpfL#EE
zwg7(usUE;@ME2UMOgS1%qN;C0@Y9O8X>FU~2SxmOEg#_1n(D3^J}p?48%dwXK>5N#
zo(YX+ajdS!@PCRJd3|@WB;W^#!H2H>d`*5-#2DMca=FC@F0p2;ce`EO1U+(%Lrd-?
znKn$ExPF)~Z2Jw|Z;`uE@(@eowx)%Q0VdGkaNg+PT$%*~PX>V8g5evFWUpZ;M**(_
zUMEP@tw!!uMJ%mfV@{^lA1Qu+{SkB73RIg70CyY?HPQi|gzRI$X7Qx+080_>_0uQA
zom%6=91mu!8-?5g?;-m>-~)hkM&x);tgkX<Q~%6AvH5vJYGi-n$Ch04$7rxw3~QZR
zA$v*CdqMcD#a(mt;<=o=dEe26su${SM{A{J2=$jkU(ff7X!DNnC%X%bzQ~@TC~T(a
zE5+UJZEN?|*&QzM-ytcQN1MRl^z^XKbR4=9te!%rN1ngsR!^kA$Ij8>>`o6(cYDag
zSS`*l=0ZkwahKhb5HgMMLm0y!+(oEw7+H=O<DF(2K^%<oulJrc6k+ySjI*^dbkKDs
zx3qh_h4qfYMrW(j>)`JwV$+7A5z?@OtEnZdu({eD`VwH^TBbPLl_@^lu)t&`{g?Tz
zH#Npgm+XFxLA^~t2U!y0hjvG6Lq}c9x=#KtC>lxi`6vMPDMv)gyT##~Ylfk_9+QlK
z^biJzB>yd7x0u#7e1@c~1Wi#@dL{0@DQu_7gDzsb>F1u<)|GLIq)P6SV`y)wXzQrc
zL#e6yzIsEv(zU`gg?gCbA92g~F{|W^q{qOFtOhMUIHN&lLzln4BV}y=FnJkL;{f9U
z69AJ$`=+Z+(<xc$Ke}m6T!B2>gVa$+rbbYv8M(*f<hP0iTZZK=#Gqq6ww5-R!y|d5
z$kKuyi-d1WL4i&s@`H9RUf9x<x)sIS0Xn&&ynDoW49S|Pt18Fv1`@?DgY5Tc^afzE
zxTCwnw3vkR{W15POYouNCi*H$pei6^F&RI}A$G>KIyQ`LwY4~SCDdFA!0`}v3dlag
zP63ok;}~=vq@cgE3O<K&K0X&p=K~fHSd(;*BrQd{*S*lV4-jD-(qKZ7ku>;;P>~YG
zhMf5zK31pcn37L=B}F<r7{)@tRe(k8fwRNJW!o2<swlh4f9LiGlCq^CM;*GNZ0DNm
zqokw*r!d7H@GCNu;eSO+Mn>m5k*WMIRLKMPS%}X@{XAsi^PRP9y_mOa@r-Y&tTSm`
zi@TwD90mMdPN&-6pm`-gTBJ06m?d>DM<#pzMiH;?8Xap#wJ#L$<E|Xvg=48<U?Lwd
zmfG|%{l*sC(9SvCo_GS4SPOLD7;=j?sHYba<-A8N@1iPNGF|+{gHMbsgH>oIT>m^g
z4{5XA(crc_A{|7ZNBGkd)eWoAM*!dgF!a`eR40KJS8ww;>PS6b4cT`9x!(r&xzr-1
zZ%TC(yWQw)aL^)%W%c>u>7FSjJ1KYg|J?IoLLBU$&XV~ewKzw7x_gH2S*Z2{b_2i?
zUxC4_B(M&Rqz3brK2Sev<rx{jpr&T2?xC+mOP!4y;kPwo1Pzh9AO-qD+hDa=y(xF0
z4PA#{4kSfEc6hz)1t7zbgU|uLs)r-Tk&+vtLA?2WmMGgED@ym2Bs5cl2k7hBB6b`p
z_ix*?G;XFex@<I926a~hmIIPW=DZ&%=`k9SY667uCGua&^*xHl|4xA5%-+GDM*b0i
zbaO#I&qJjoY!wts4<G{=kjmG|9+7e)1*_uMA+;V5bSu7#_?6YDy#}zBz?u<unh!>*
zv^F`<R<yY=y|BeZ-8&z~@Q#Rzz&w+i8vfef9WcjbwLpiYIE-Df^Uw@whE~=&Mtrh6
zPZ$pmsaB!jF#u>A@Xj!W;v5{sTHFR_D}|+Q?wngp6+_exiLz4RI-GY!h+9~sZe<~E
z2l6;5jn9k2hez42N8<<{FJhcp;=1-GM_u2OkiLgUK#e5yC{ogBk05niR3BMj>LRZ8
z`yV}WtED*fARryBfoD>gW~i$haKFeBmG90ooM7VacME(gplB8VhRX*f9*dEP(k}th
ztnWqYK0xrzK#Qdtm&@s}*YKe4)KckMNOxFo9fB$+ci89YuB(3ue2O(&UxSFKT)GRn
z$5YWu8X#g>YB8>mc?T^!^0pGO0;%Daya0L!`Ufq6PXD^T*Q6M3+wc#0QuUL^SiVSn
ze}efAaL)W!zW-MXTOp>OtTJbjq;r9I_S9r?@MJnOi1$wBSHimGvfO-2gbQ(Q!^F<-
zJ*c78z?X^1pDyr8|K5)JHv(kf+0X4DPIwQdE2#}}d13c)VPp421S8T)BKS@Z=X(&k
zQ`=i@?ex;Zot+Ll>_m5$7xW-nvfe~=or<?e4&>H2BJMwRt@$2e;z#EH@{~D#>Rn((
z+W2Oqq<Kq24`3u)0E61I7;|Q*FKEVL9wR-<V?c*wQ~HXKJxb%1Hu{fRX39XOrbk+)
zews`FYC*4ZUW1<N;_qkXo3_%7^Zkp?cEws`P5tsL-uiaMY<WkJfj{mDdiX0t@jEGd
zn!fa@4(N%EO9Ol(<@H<z<u;3^?-pfCXQ2BT&D^|!9;!SD9S(hWC#x3K=SCHzf^iIV
zRty231DFe#2j~{!oX;n{_g3V$1LVmkjd&g!hr;7jo%Uu_itrSBNTwN^9UUJ2Z)g-^
zJ2GTI<6y)f!-Ptb1R$;jJc{Nnq<)T+jG?7n9fM59$1-NV3Z;txG~d)cnc~#<Gm?Kv
z`3ZCb@Ej)iRvm9*lhxUIti*rs4^^g`umylF>~NTiqE!5%f{S3TZC3?<2#N<=podYg
zk=p1_xvA<n1AC60R?nufOanKoEQZ-xv)UNLY}s;}8Pvc-U#0J1DNFs&7`BY6j5D&!
zn)9Fz8<y^8%}#nO3%mA5xOTc|U5kFtNB>10ZwuAqMpk3mNgb~4Eio~7!h}|+n*x{$
zfXlL)HKV+9O@m}QU<TlFz)bZ}3L91q8nxuU*AB$14(_?wQ;?dQ$~vb%Nu86|Os9XE
zvC-yq@t<M-KaxTc|0~i8fqqc-T|8h9olDe>8LU|SI+Yc%ZR*f8HgknE>~}D%Acu7O
zjcucI&S`UT87Vx9;-3TV1B9KD{loqx<n@4G0e-Ez_pt)?Xc{X>?7?ubwfHGT{aYHl
zhV4+7q_Z+#H)QhceH^KsfL#ELJ^WFUWY(<nFIvdwe}LB5LKj&>InX9K(ui$^{;lDM
zYQ$dZh4MkY6bhcjz+Xd3?zGpDQdC<8n{V1pMc&@0GT5W$g3$hvhvS22g>AzTm-C0z
zbwgQs36`YCtj{_$!(!A3UeV|x7f@dw%BoCzN&a|mRvw#@;M<69PolX=e_oWju@mVx
zGiPfZUNq|L^(~aM-4x8}m(JyAYaq}PovnC<YjnEkQA#(<A5bWLY$=BEHL`aBRAl9j
z-p-V&zAbG*i2ytVco^^qK>EdBAQgIx_zz^|;)mTVARD6&DPo=xV1Qn~2Xn5wQEj~X
zR1qu7l7=KrD$G#TGes=l725Mb`UW+X2!q%U?Lj}Q4^b}1M4B^&d#g|$07y%b4%eb?
zn#nS1WLPT$T<LP9T^vVEc`K7fB+UeFSW67Og-saGCkI81Zr)<^PAKpD)kpoLm@PNG
zO2tq2PAg$+Vy8Y&>4>%CFF_`~Zp4y>d0q9`I5uhE&vQFkhp0v4S&8K^wSS+iz%zlV
zZIf7DuXj9~ZkVtiYM&!$qFK;qR-i9Y6W|fUkSqI=dSW6Qt@p79ZF`xTHHj@Xzebt=
zG4wW1Vq4;euOv+zcBdKmq&|fUD|jiySE}hV*(E+1*vk2Q1gSK^O-OA7U{ZbU)&{J`
z@ZWk-d<;GRBx5u|&2Dw?OjeNf4AM~+_QgzA)FdtJ?<j8u{8TfuhR2$b##MG<<9Z4M
zkQVj|Qm;}dS*U8WShe{rV&j~lcie2&l*k@b)kUnptgoH={313~{?w`e*tdvU(i3k(
zgTvzqv#5b90NyK-kMFAtEk)RGv;X|=k9>%ME8@2S&i52aG=X^f4c^`M(}^$Lg}#Ct
zyeIsnAPI)_PcFp3UCt+~6-!u+<$cnW8$<hRg%SI!p!dZk>`a0$xD&#DE*#A2Z^all
z0_1+a3#rY3pJe6AMA9Ig>BULs2f@XAOjHI6Ro^N$-K3FVPVbAW*brl~bsD|gwbQ}j
zZ1wOLRKv?`l4UQ(mjdvrb6;j-ee#weiIy8B9z`}lF+eV<Wr@3$LgA%0Z^Jr$Y2|ND
zU8wLT;E#Y$0G|QQ0g^GYYyf_M;v)c70De{A(*bxn_wgzu@g~Td0eG<CT>#v9IqqE?
zmky3tm?PZdIKw$kS`G)y;Uzg-8ONsLSX2%g^k63&gUKW~7k7D!+urVS%;Nt=rSzwG
o9x<x-9bi+{w+^r&>VF?#E7g{RY*g=_gX}<z+H#0lOdRe19|%Pf3;+NC

diff --git a/__pycache__/test_service_integration.cpython-311.pyc b/__pycache__/test_service_integration.cpython-311.pyc
index 73ec649763202f593cb340fda969bb8a5742275f..cbe918bfff380488f07dde5ade19ee5f88c8d1ab 100644
GIT binary patch
delta 20201
zcmdsf33OD~k?4E9@2yrZ+7~2{Xn{5a2rwYYVv$$`7-29Nw_AEG(V&gnEf!h0Wq%Tr
zU^_V1iLnid^0R?)Vu+G4&LpuMo0yoye$wxRo|nNPKXIJRiHPm_8P8<qSKZgU1Y`f?
zpMTD8y{^8uZr!EoZgs2f(^r45_|2b{p|6_F1`a-%Z7=xW|1!t@5+kvXHX3;Mgp%W)
z-~>+Kd$^tQFTay#am7vr{3?2sy{et6UiD6OuV$x)M;c|1wpX`P*Q?)YU~#_3xYNk;
zn0A^J+*(dh9ewOzX2>io60|;xpo6d8XX(-ihNJ48RtT$o7GFk}A}7`!u1g^pkE(Xs
zZjxq#v`oS5Gw!v=vIv&xr3iX~hgz&a?GQ3TKGR-jj2tSk0os*X2w*b-n>7t<2W<8<
ztOKw))38p!=1#-9j)qh_^QNJ*fH;2|HXE=7)37;!Eu4nU1#FR!ca+;%EaU^6B@_TG
z5efm83Pk{C%Xvacyca{JIn#=o1=zA_*b=~&Ps5f1cJ4InY{0swVdnt0LI|bw7l^tH
z(DSAdmjibGH0)f!R!+mZ0b3<h0FTwv(&j;0O)?hvhf3!Ix>l%!EDMqoSy~mO)lI`z
z19sswYz<%+O~cj#cJVaq0>IV_wdwrV0eZ<a;)Q@+D)3u5_u{b%<prKM(|=Zdfw$57
z)r5D@8|qK+S@b^5CwUXqXpc8Zngf2{K_8Lyq`$}K>GSsbB;8=ZM=(UPpwBxMv5tpd
zHGE-?bMKx605hEr(%#lAMNmaowz@)sBA7(nr4p1!RYw#GZdf6x1ht?!rT7ZZap&MG
ze~u_IZI~Cd!(2D-=LOv~3e~XkX-?1&s{k5KtAH(I8!<w5xoz>H0HZPkzzO~CWdKjm
zH&^HC`DYbhfhL_(P=l(-rcA4zr(4#z=)Zq8gP#AaD?><2rlTJNmQ<;EpaJSOx8ehS
z{s;UrH!m3iz5y@s2Kz~XSfJVu_!Vv~u|kMsAg}?DG#%c6Z}CFOHb{B`-Y%b~WAQ>?
zUuVDIlQe=){w0AR@ejBaj5$e3yaxl&@DNvAOdME-$`kN)59N9G9t?WA`iTd-t7>^q
zf2X%6u(Aph^MNd|1;7Y*&64@>-ji8pc8ZoI6P6`m%aW^>hDl4qxOT$Q61KD)Q(m(=
z!`AXM$_eZIuyy`bYu%)^?)=&b>+-O5`BiK4q_ugxdBWNf3R_!5T?=usCiM09`6T7K
z?d@)br1bW5OUmHk0ZENb2>>c{fcUz6g!lwcYy?Rr;`8?Odc2*TzChpuzG}!&74UcW
zd4q$*=T;IGma7ETNjZevYBCRg$b1A#FiEf3<MRqorjdFx>>+as`=l92^57eI1i%P4
zrBJ9_`OgTa>%Ocxd0W_3KE)y8Yt8cS3{b~eGLN;NEIZ>AGppg5FxQ05H6v>xfEKQo
zR7479j~*V~C+07hQY-a_`BNOg8%niR^BxCaWbKrRvpPj%1w1DX%D)Iz6~r}0wF5l=
z_LxflAg>NU11sop!>_YDAr$}Mh+)%d14p+UDx&}KIde$R3Od+%41!TG31-1^N-tPX
zsfRfsV>wU{b1(vJZS9h7pYL#IPrrAcKLbjUoG^O4ecgjS-k`s~4~9b^0KY@dJ;C6>
zvg+y>aTOadk~xKXC?hEv>hG%@^bhF={gnY<C-DV`>`AGR=oNbXeM2Vp6D5%{Q%G3v
zOR3pBa<=>#+f&UFtKE7@*AarL;(>Vr!wN@^r0?wU`}%?&zaW{TLAhO$mF4mz((NgT
zD3u<EBAYFeK~BfvD%qm6{e1yk_n<-;eC;6Mkfa+R{RjLo=p=JgjGkby#}kl@o&Ej$
z{PH4627y*mc?W}g+&sbVJ<Cg)&i=kGe|G>^rRcOZd62{-Cy-A-!VdTbwgP}@YR>t@
zJrCbAvgW!yE8-}O<P=1*R#aWju8ufoM{?#x3g$+N7Dh^IBRQ3k-0H}zhAF$jX_(>=
z7&Ba&DGtEMnq!L}XqzhGOqnAaX^-(ael^WE{aj6&ppH+Qi;8h_kVgSXN|dW*z<U_R
zjo^Vr#CNEZ9H$NDb$mblq`3ofzGI$e{3K>Lj^MMj)KaQ`8iIXe>n+E5J*k1PTSuOv
z*Q}lVDcY1##NP>1vs!%)5)O}jCgYld-%SJd1@i<zNTyz&Hvm(;7rHP&x&iezeBrZs
z93vovE#t&bMSHff17c(kg1z)z`>L`F5QM(y5BPCJlRk+47Uzmv&%{lzRnU&z4tM>h
zkyO>=4+JG;kFU>dAdH1$h}Luw-+qrb`r9G%bqe#oM8_R_)wowYFjno%QD%P=f^w_4
zyBeeIY#S%%>Al%5{&{*ZdqoCzbhKs+y+~ilF3B2);8|6o&S)L<ui0yilaPj-1bCii
zEI&whFV&B|p7THXa;yyNxc9A9SDMIc5F+ORNXibc5UqRTIC-94&D(Cgf~h}7FhQ5*
z->Hs3@Wrvm^PN2ZKPZ1RXYA#Id-*lHk>Do?;-!%>h)U}1cWi1~D;GKfh5C`^DuU+`
z7!h1V@B#q(yGQfs$BK$<*ngw|z*&W)sH!2a(r*>r!@o%##q%~|XTa*sYV1ZjEb^=-
zxnmIfB7$)QF9C3Criq9p(T9s$)W3k>8)N@e>{Mp2LG0rIBu%d`xTjx`TeyR2W_wm5
zp8N^{Yc@_MVnAR5ASwFyF(z2MVM3=<(=X0`i2pU6H%AB&%!CZcayj{M<J&*}5qye|
zH$ujzF!l3Tq(0~+-9B7@*zzD*aXbye?(O#lJiU8{SjFVmae4(1zJnQ6n>TH32O<3u
zB5eejij7<>e5))RoTF?LWcwdEiP0wkNH$o)gPz|0&V9Ic1Yyle5g!}Czd=GB@dXB8
z74wm|skdyk`p<y;#n`#B|4>#k7O|_|F8bK-w_Gf|uaW!?Vyt-y4#^)7*G_+0v8Mq!
zj>hAJC|JfHE^yv~0bid0O^FLAnVcS(cS2$0sdfH(Seqc*_vpRz+w81VY)o5pJdro)
zOY`?DN_e`k^8SMMcnbM92%_2((|X8X=^K^pic+4=srq<1ij};F0NIcWyIGdmJe^y;
zs+!GL)>bwaQQVTMqrbn0pe8HJTZN%=1W(eZt4r!$Mj}vedO(r;B%;|m0&?#3`4509
z!esxiNTh)nDt>>VQ`K8FaGK>*{8(#Eow9B}=G%z?xg+01kTx}chPe1Flw9=uLoRx$
z?hL<(_AOkt2<Lokz_6tbhlMP5#>(p$eFK4rU>v~&y|!?Z+5+t;AFEyT9YscZz4Wj3
z*&4Y{nzv+i1FOU!Pg@O?AnCT<v0*hbmAuGd(KA<9b2^v4uw<^m234+rZ{Xjkb$Q8{
zdFfh(FTHLoC5>lm|6p)nFz69{Jt*13Ojv8=sjL(H0dGf-PaxMJ=UH{4D^iwl&<g2~
zZd<B$LGA0u49j2Q=U~N>(%;vWSO<qJy@P>Zafh$C%ire@`p6YJwW53$n{IK=B*UHF
zo<X0?K8_j5LC>#p&<!hF)P+#|uCXUqKFk{#U%!WB@*1sabe4SsgE^2+auML@C0_>s
zI|3Vc1&Do}?rYqkE`y+V>~f=(U(QN-kCg%dlxKZxT{%o<D)DPbT7pHv$hP0UPVI(p
z_gKg6WBhiu49hK&%TjmY$|R`>D1iiX;u_6yjhn`yB2||M(v(6+FB~@5Can#4dj~*;
zXIz|B$}4LgPkUAs+K`jqLRE>%pI)_ET?d%nvA0(JC%+X5<l@J1uS81RbXZwKx<22*
zN_LX0!KN=jfC7rGuuL{M-{kRCis`^#{n}mXMGy{+J+byVwUdc4eQBb*Hr{h@Iuc95
zr5Ki7wrsKVKOz=4vYRbin2x(Z0H;7Pen!}ti~K9iY1_%4pux5c{1knu&0h8=q-E<W
z6FTcalsr_JsOug2LEF60<4B4-m8259L9e8hPcng|4Pz~&p5<lTOxrmKCns3xIbhtK
zE6+*B`HNUk69OLPGvmUAspkMl7Etke{2d-bzqF~y`2?cWsO<$v9?~oVK!3Jr!>ahg
zmRQcn8KgLiU<kn@2yP%S0+6iH2ExWf4){B9zZuxP#n=jMIu74}R!J|E%^sWDT&f8n
zV+0ojvJ!whGo2f3YSNOzmL7ded;4a2@-<*ix$OsVN=hm`Ba_<^-Hc!rg4GDtAXp0k
zl+rj)#WGW={75>`c0I5x^ph6)jqNK9n;_Rk_y#^ln}mg9RXaYTa<cx#!!B8Z1usRg
zj7IJ*Nw9PiZdjWek^Xhe&Q@mRi>yZ+GD9|CDBcZZBSuqsf(1X$L@E#F<W6a$AK!hu
zdMo7r;n<INf1q-1!J=5(lbij|9qYXDo|w7Wl5=Cz4o~x@wl%G5J-2UKb(iP%yV_T8
zB?)d=H&~hi(Ces&%N>+pY$JWBb58SP$lix#Mdm~@?HTO$d7_6A@(BG?XN%ecd|V$}
zF1)9io7gSc)Kw4@q)7^oCq+Ln^K{3))e5zOetut3729?1!nRlt%qSI<l&sRwKkS<o
z!o8g&gk+OPYT91QhN~4RGZ5Giq)Lc1VY!LEO_PQ3X5CsC6@~#8%Ge>X9*dVJAAP20
zlcpPr<`iT9*)yu)_tVipn*z9=3T)u#(iOqNQtWmnllzV&4_e6d+s6RFBEN**A9USn
z0FPshjL8I7w;si8>@qQ?ahi1WN*%z}QBE@k`|w2EPy9n*CjwoXv_UH+OB(V9{qB9)
zbm!m_O+O^hR*an->{o~U5GJgb_hN{3Fzag8jV}NjlKmio4c_A&@Oy&&`+R5$3AQKo
zuzAL{i1E!PX`&BVhqHc-@mMdfJjv(FR3@X7^ajfF4s0Q=oMb=na=Vd0d=+edfv0(T
zda#mC?RJfA9R5e8k@2$=3EQcC<jw}B8nFHTHAJ#4_3Ie=7J#?m3!hEna$schIC&1@
za;y<z&(qK&IrOEG1<qdsUf%Z<l4jpQIK~8E&DK5e5I;yyJTNDui#2d19;=B5!MzB)
z0AM*yoORQt!#Jda(asl?RA5&MB&*4?ZWh9lQB9Ui0kqx3CONh;paoD2ANudrdb;Al
zh3fwX)Z51nJotceTaqY%iUc908v>xZe7=z!h{p!L+DHyz9W#mQFeac(<kPK=ryD;0
z?W{KuflElr^6^(%@Q}biMjw30o3#t`8Ic0MQS%LfnfAd$n}K5eu|>=5NP&Z1(gybV
z;Upvg>$j8=JNFVNPrrSv4Gixb_u!cM6E~E#pTpK{L2w6xwE)~2NyRj!cEoH$a3_N8
z2zJowNAee<bR<huXU1LF2WJl^g2ZCUM$6AI&s79C8ip1<3N^zz0PZzVM!LNI9&!X(
z`4^x7^!*tA3xs9SM0KAKt$OqhuzEc3=n4}XDOa#OJ5OJGbeHjA%!2DOxkhU~btnHS
zedtpaq3>XM(fRc>CZ>&>#F8Rn>NtXz5PTZJ_Yt5jn7osxjVGD>@pyxEK#pSxK8=Ld
zoTySi0clT-b)N7jixPt=h#3wdz%fJy5gekwpbN{8sk2eLMWT86NRZII9-=EAZ&N=7
z$SY$f9`9FXvC)M>hGPlqE>`Rz>N;6`FH;WtAdM-ylF8qPC!8*S51cyW&Uz0M+0-t^
zdVY`5e?TyVQ8s+<!_f1HV++VXVu&fvvv~U1lV$vO=yy*Ru1XBOL|ey^^d$tTYBgxw
z3C-d-rn6%#Gpo}DPgbkZ%@H2!da_-)<a1biDj(zvh+|_dt@%mQjsE#mU5c%$=Jf6A
zGm!B=#txp|rKmlHWt;{e&uMPucr?&HPSWaR%zl9?M=MO&MdV4$`VdE#j&9aG17W*z
z>{Fw~%7S<+B?YOAme$%xR%4!f=#Rcwvau6`tl?>sgmogeKAP>Gakq+eAoU&udl7sM
zt4-<xdfS(Z`0vqOUn-M@|G$uk4fUJ#K#J8SN$!~ORr*-5gZ|T(Hfb(EJ;lngsxSXc
z$seSKvqc(N9<=&wZio%0$1y_}0I<O@UrJJsq%wx=G+N$xp-El@S^vy5l<*uzE&zb-
z3`dfr9OxgIftkt~#}iDN#CTGnm}KU_n3qE>&(s;72OMrJfv4#3>HM+oXAUTn=Em=^
z@^=u-)HQ7Li}#N_Ic~`U`7*ZPALxp&x2a!%;NGzlU*FBscg~sV)GWQCN(<hVVtRke
z+>pQv3PBllM=AwvHwR8f^{~PNO_e|3Y*cvACd5910b+RMl4CW3DTq5j^dp#4VwRvK
zmI4l8yg8sgq8#Q%ahZ}o^gG9m^oZN+%otXF1*$w3ua@V6c6#AZ(Kgi)^%0Gp3p!(Y
zfE^ry>@%zZKd9|A+%pK~#Bh*qj)eug;1HbYUer+w{RMF@a^W0LcwdDqA=}SCoAVW5
z_FSCdBifXjt@NIC1zE{;p$g1C!#e5>xIUd}QH*9{`Mit1zOK+RtV`Ug7<FKRJy$Tu
zUf5XHBL>QEs}AXfyhO=Dep0w#5O$+=+=KjZDotS$P0>Ca!cjV*c-U|t8cty#RdlmJ
zbS1-vQ6^ma7O{m&h1scX6Xqo90P&QirXDe-lx~f2G;B;2?jr7pE~Sf-#5QV+<$}X_
zZ@`cy!UAy3qjXFkLOQ85<%yQVxSspp`D6*Dv^!NQ?qsRN+D6|Y`j0Ffb4o1<>6rhH
z(y^d)Hd%y<1h>MxWKM@I!u+JP%A{~rA{?xYaS9VCi=JCE8)n_GYBZZZu&tcW0XRpg
z9?iu8T%dfmI+X#usI-+Uy$QV%=;`O~&I#4F5w<w9<!&w1$NT_fD~9d?(0#EGE%V=N
zfbIF)5SLs5UyrXd2q&YsIgmLSzKe+((hI)PUV`etP|kvy1&b?d>MCm&x7RLMR#OAd
zJO*VC$S;9tb&>-FJtduZZjXI1Y=`f=sCzuY!7YrG;WDfoktd*%j(prjyVqox1f?ux
zQZ>ww(=JB{>L`Iz&<NUKd~M@kk%ik8FkR2FDT_^j+aCHZ<yN@WfsXE2%x!Ly?HKcc
zgj4_k7oax~IM`1FNiSbjsa;UVTt3oHle`tm2R(8Kv%G+y2X_PHPcr-az=Gr#Jl(|G
z7X<645_~!A-T-XOY)?fCoowJzfn}(dEXTY%U}v^3B)@^Qp|+qe5cHtm+7t7ldwTl2
z{e2$rj(Z`Ixw~T?cdDN=EA$j_9vFtqBV5GlJn5RW7KyPZVznp2M(d}Rd~(T&brZ&-
zu(4=#$)s_fXq<Om^}OyIx{J9JHLJokt1cTSYqp9tTO)SY$-=J{i1q6)@0f7k8Ft?(
zW^Who+9ld|iKbl<YvzgVC;LT5)p<oov@Q^J3)rO%@>^)e2gYhVURSeb%ko9hk{5y3
zvkLjT#rKeJ+`iI`2p<@>`hu0s%=1k?4(XB^%YtK_zZ19@+QH0>4s{j!*@s+s5g;_}
z9>R(tv)qEHLtWCy1%ANamM{uKOIVL!4@emY`~g3h|3R*uXm<*@Rg$hBPCPgUBx7uL
zfD=wq`1`@Q3eMkta(GBvO?;uiU{5f~%z7KLhBHV$<Dy*><{M6swzjBeE|0n96FR?S
zfr}K_@6n?x*i{F>iVO478}tkYJ7s@q6PC%G2v1_@90IT;ggDZORpRoOWHEXIqfMBQ
zhoMCX*l7Dc;3RcmpvNCfvV+Hr4pEzfHA&xMsyhzOG?T5QXFVKZW|bS5j_W*LOTc>z
zk}-Cj0jw^PH5Q3+XaGkd$PM#KmS{Md7C=tmjFtS6ZzWaEG&#y|Iy=bEfYnEEc6<{Q
z4*JICywLSoWs#EdNN&Ms^O;W3u>hV(rYn+HFlE%_f)^3MNOM@_nzC@Yi&!Y)%o=Gv
z+BT(9tLvsX0AJq9e!f-8etxq50Q*e`7EYaURh2cV$~vtTXDt%z+a^?-!fMqfQMCz;
zF}>yLS=SsTVMj&8o+oC^m7j<`=bFv=c<!0(i}#87>*1NOZ3x>oT(xbTv~3mJcTL#t
z4%_aII7`Jj^`c|RlwR#L+~5Gf4I!uDnErheXUPwnOGjHL%vE7?72HD7FF!w*{=By=
z<SYm~=UjEVC!Ovy^DinUoVSIYw;fwEr3Mm4$G{ED@g9N%Zl=&*{_>ZZ&{G;NBkRP0
zheIdfGFSEag`%}S`h=|Y5vz+O9SB>?&Xi4BYsA<Sf!kq=MQd&RdCN6B?3&MHQz2&H
z6LA)tJn;G9r-siopSMjE)rE`d&NqdN7K@I0xGt3iVgT?Sf@8+_;i?rA!+QCS)fC6;
zL+kkSE!PT5PVGID{anE_1!s$%ExPJ%m~`VkHFrzc-7-<w8ZK--wrNVq>(}v^CkAh@
z@Ow#^<kab5CY(feMi7dYc->lf5(O{{0;<0V0&0jqk!X@wzBFuI21BX=uHVGKpJ7B{
zG#R{a;XqE#c}z~T#SDCICZ~`rC>ILKg@SS!jv3;DS~p>?4x6j7rLFw=CD#gOo!WUu
z_ni3|^I7Y&)~j<@PR?C<@!-VVwc)vICkk4^1ue(gP)@Cks~AK%wel#Z7)CA-VQ4z4
zm5&N)rljlEf|Gmj*5JZPYqc1AB7p4*Tjz}K4O?r^mxis2zgza5%FD`$WgEiFHcVPK
zh)K_No&BmVe^Qq}p(_m2<Gw)X2rMn%H#OyKbZ{@vX>zXCC|_A-g2*L}YPCUo$)Lor
zna8lDX$eGL)huf<DKB$KblIe8$<SWTK%&cb9>b2Ng%Ej7w`{#dc}0OlS1hXanc6Fv
zNOZ-?W7xF<!asI2ac#K{Whbmj@sA!tsJFbkLlZkQs^A2tq>t4*@ZgpO=f|Vmw4<9I
zj&9}j4+FV1O3<ZM!MNrNx@G+IhgV<)ZQ9|CdRwz91YN3niTD5D>|snhnrVVYI(4su
z9^Rj!f&+$@mhCEW;4Q&a)#`{2G~_CJZGWED0<E#aL2a`?Yg>k3OQjPs6WTD;W=~B$
zq7R~lFZ$UV=O|bl!vSwLx_OUF18p(LO;Zf(>5cY=EW_T+7**mlC^+cE{&KA|(WbhO
z+9qSH8YA7Z-<}h16g0&Vt8iF5>V)npQH;9Su~Y}gQu$0(WfNS(rr0r2$bvBa>HZRJ
zcA`ZeSxV;rBPp3tO75FTDfuh|M-t^|7JZDA^Ra^o97vQo&*swnyK~?w_e?2x^vG*t
zs$XYJD)@^kaS?pqMeQ1IZ^MP{q`{ANk<>8&YPlMfbhoBWzGXEI<g%j86iC#z!GYb3
zKX9{vxft#Tl7J!vsOZ&YFrwc?jb>LfJH34#RO&o|AlwQLcsjsb+SebHFN{WgVu_2+
z%X_@N9fEh|Pf&?KUPic4`{@1OIwG#VOWf5tQ7?q+1+mN*61)9k@!k<m)`DNbcK->;
z*_nbVzT^_(X3%)a4={lpB$$KgHH=<Cz^szYZuTRH`YC`ROEq57s*YaL3P>7e@C}3{
zt!$_de4wdDJ_AWUsN6JdQ#O>x)W=(Bk8yR8gt0xZBSUW>z@C*o%^NUbBM<UV*EQ1=
zN=v#zc?Qc!xc`5G1u-S^rx211@)g#E$IcXEnQ4p}@tCYLhTyoy*v8ZVN;z41j9qG9
zK7;!Bp$7%|4YccZ90yIHOeWo?y=Jh5>6@EPq3bHEtnppbStGjqh;FZ_+j~Q+Qp5Fa
z08<FwH*j+rE(RuMH-~38PpD>%tUuv8nLVYN^S5h*p%0}F@~94iiZHV(2pc-6eKCN$
zIjDlMXd)pkByZxO<gAS1ea(m0PHv{0I3C`8deNzd3G=+Lc^;Npedf?LQ*PK)GP-QS
zR24Q=iKZ%4M5<d^Dg)T?YHT>uXKoIn+DAG8eQ}2?^j6lKa8@N#tmcUs_}omflAE55
zdR4Xo^r~#bF;iTx+Av|R4V!DRS?l@pJFXR#o*Ftc_qobvD$iCwTYa^nak8RuJZqw&
zHC)j;QM4{xv`#eT13w`kmov!_Sz6CDt5ke4O>#KO+DydPtyyB;JkgqXBGzm%f4*o<
zJa2^(XOmJf1D{*7kH-)t9zy`YF$DDQX+2jJ@42NDrpmCXQZ!X!&%q%j29V1t?6|5$
z3FJ(nD0@j+85Q*07JBcIme3bq33$oTl(XK=eZMll*{OV4Z-Vg4PE~V`_T?NUhVyw0
z7c{vb@=Bd^wL^JHheVegs@2)rOW8<tDUZi+ep4Ytez0s=3#WW_Arf8YR4pp)Wfc-#
z*76wEHI+c*hZW9s#+Aw+HXzk&M%6m2_BAU~y_U&i*zSbz6?YT2!F>~5@IBT4XS(1=
z*1PmEy-SaJS5~s#g=;(e3~Q+^Fq?{AmqL(rE@tH~Hwcb|o+&t!!mgxn7VX)Smvd7}
zTKjMoJ-8?178K8($!>|e4L)3@$?k{TSYA}Q(6d1sJM4TWvj*EykyPeCTYyRz?Fcw$
zOhdJ+@b9U1olQ}@4ug~>o&4U)pkG!{-o#D%=K!MD8bb2LMW%5z&#<{h-+BR+s~;|M
z!`>`-nYCHo+^4HqI@np?O;xjYig$NS)OUyLyT!6S;@%#yxOXJ3Wue-^)T}>1o1%?H
zd+pz<Yq2}n%>2k+ydijMBv2V#luvmnD8#P&NLf)n<yVK~H-RuENe6TMopi7!?18vJ
zuPOZ&+)ZzOMXw5_YFXr0JU!P_&{+GCyN=v|cJR<!fkM!TWXoE*_R}lsdOxK0lXXk&
zCwDwo%-;adgl%Kkw(+X1ebUx0Zo7NJwmWRw9kqr1zt(>I|5vmhX2VJ{&D;*A8CrD5
z@sKNQoqHxXY+ZQX6Sl6toH=P-FUB6UvK<Ori$~)`;-Yn7>-x)N(z->AJu^|YgsrWY
z+v6k<n2D+_Y;|oCw{91$DGwN1=mWkZA$0xV*4t8_*m@xx-+D0|+j>n9dBweKb+z(R
zDTXgqt5(-(FV!hAyqL#ueNzKOF4s44t@StAFpq-A{0T04wxo9-a-#1&#g39Qqa7v5
z(qf{wtuV~SBk6Q=i=LDJgt_2lQqbBJ4waw_>gdns=HwWH24FY(>C(af0g!$0F$<2>
zKHc$dM#sB5=6Fxu+~T$y=6E-QoxlQada%J{3swP)7iq>EZq$f7#iGnKa}Idr!NB57
zGv{bi%tR*ewCAJuJnqbw-S&2ukd=BWKcYwbPDx7c)P|x#BL_?|wg9}roGav|=1=yt
zL$eA}Q^AyzEP?oKhhal1Q_RDS4#enZ@5~-<+7mD)Ik+>KF~*24+)|@(3wQoeZrCWy
zqJJvP4S}djx)sS*5ll+b9g=SjlqTV4-y%=))}NebPI4aR5awYPZ7ZjP8_JYwuq>fJ
zxa`^TRAD6fgQrm|ftq=P-G5Krfczdep7i}cY5QNAzK4Xo`(j2F*#GfuN#?l>OyBh@
zVILvyVEHcST*-y+zsWmlvcomSZVJS*HyJGvXj%fJk)mzL$g)+ko46tQ#$YZGq+YQE
zE6TLSe(1JV<DRF5GDkSE-8&N1M1Bc~x8VyPN27ezZ9A$9@~eZ>eBn5Im@oVU1d@H>
z#Gbe=gfC{FQnOdH)$HYLh;=IjGaAUidv1{j4$(mlSR4F&Hy=;4VH)a2a$;s8F~$C7
zALgItPN)5oga>)IqYcbV%$m~B>piq$K~0V909Opw5>&L>CC%2ufuOHfQa9n-+2Gy$
zBQndJ=<N`Kw~PEF6bQDlfA7%ajfND13uGU=>JE6zUQ%u9>p9Hy%Ao?ey6VB&YV___
z_QH#Q{=V)2cvs=2Z1OOU4b(>ygbQXQM4$YSZCju3(133dYMR9Z-r$~P#qiEF-nRuO
zJo9C4$JYJ|0drXD_Xgk{_KtqxF!RJaLiwI9?>=9`|1J+kuq+LNk9KHd`bhsT2hXjF
ztHl9z5!wR(P#}XdWr+6D(4?_cG?sz~{(5d<q_`qdR2rG(jue-JkJ6S2K1u)?TwYP6
z7+%<hr1D5{SyGbCnq!$N<T5g+imVPGx0*Ajido4ECXEY3;{tT;mx(3yV$KpVd+Egm
zqJ4#ES`jf?MLVMi#Yq;6IrU=pl8YsxeYt2_e$A3E7Sx}20DwpSPY<GQi9BtyZXz#|
zFoxpbA%8@0O9j1BK5YCF32$Z%P59emZxDyr@IxO0xdtHR;`Pq~F?8EU?ziQ*YIXMa
z4y+Wgm-1OJiPq)vGunJYd1Bq;)+i!mT`mhkE!$t2#riVvAgS5-AwNWZ*sUCPB|sIu
z5<vb1@NU<P=YuBX<|Kmu+FBb*c=u&<ZR$}W{iI+@x5x6ZW~4dzN!oGYZR7x_OaQm(
zWD6^71WSR_@((FuqJhfFP^O>yD948>Ly}WHoIOvhTrIBk!ZV@j2&+0oRR>UH<wr6c
z%%@*CWiC)Jo#FsoGdsfO;wdEr-?G@I)bI<&Nt<Iziy;%|sLe?bvm7#5nN*=TYnixw
z$As#xu<9;Rbr(AELw|>Z%im(P4Mjcpe~a06rgMw4G<GlH*0#UOsPlcg@h|lb0<VXI
z%Un3PJk^Vn=S=<i`tZElASC|>nDN}pJH*C2C#`piu?No`2gBB)Q9f)f8C@K<R-Eac
zv@Q~3&kX5ZlU8u1C!XZ<$oH2w<+L_%uQ>Bptx&#FYr^mf)oNaQiC04Sl8VQ$x(O40
zU|Y5}OZlo1!>?wk*5+wn%|oJB3waC|H5EbRhYd~Kx&|d|EI7~I%jDZPU&N_e2SC!m
zzp8;9j3_y(I$somYdTT?3A?$CZeRHw%VrFfBM2b)1OUmnvA+-Qer@&!JNL*pq+i4|
zwgg<p&?JHgf?pu`GXf3PfbU`x8v+-CLIh<1Ld1>1Is}Ulv?9Pa63JEs9t8N}7s1z`
z2);W+@I4uVFOd*@$${Ye2n4lIf>-Pb-ijx9kDTDmYl63+*=-x<C1KV9HpgWh%te(K
z>_!93c_8BgyVP{ng+iTqg#ATm(}i5R<HGj&CLRp@08YXM8~8Z`|40XZE(X|78lYdh
zP(B;%WhaD_b)&I=zXS0pE)~ol3txCy8Ct`y<Y!$x5N_Bq#X%??+^(qMXI<_Jx7|C%
qK`0$`@g@AM@x|fhZBrbC(!n}@6%VDm!b{graTuHiGgDA(oA}=pfUoKR

delta 7003
zcma)A3v^V~xjtuR&g3x(3FMss2|*HvBp?K&1cC5=g#<_pI6lH8=L9C1%!GX=C=s2g
zARvgy7Oi-Zq|&C5_7;1VcZrWnC|zE!+}_^RuGQr_t<o-+#a^rTs?_DOExrG@&tztp
z39dUU^X1?F{`cPhYyW%i`S=U_@F%wLaAsz@M4x^AKlQ!-uq1tm#@NRhA-=qBlceV)
zRZ?ZY<gxzC9+}!UzpcmavG+JUjvmFM$mp~Cojoa@l%7;inrO@ZbWge%>+-m4(i%y1
z?2}aG2Q=r|FoE^)WT;Nfp=D|lI&DQ`OsUhRrtEWgveZ;9y(@c+t)?YQs!mnzbgJnj
zJyCUOuC7UA(lkc~adU2*gSeUd9AQsx5_<v(=OuBoh?}3p%_eR^5_ckT3zN8$h+CAv
z4cpWlVizZ{ZE7xYOOm*G#GS0>?~^=J)B?h(Y9V2%T0~f;786cO8dE}J%9FU0i920Q
z4ad8cTr!2&w<HNqCGLzQZYgmqlDK8WtxV!hBkrw9-12>4hsT}7o=(Culeo7Kw@RHs
zHdZI~RZw3|61S4Lv(#H@#O$O#H}&17rrwrd|4d@fNfNFi?p#%FmfY3GoAy^^IfDn3
zAvv38JDHrrA9Eg(^Lb{<6S9kcH|4O66&QsXy|TQ+IF$LQtZbu1Eaur+f8-BLdReaG
z({rvUrd<y)o|0SYyoY+(y}UZNNcQm6x$EV1{OR0w61$dL<+=-<9zZ9bnKxbOCUUK@
zCGW7D@{L^QPGw#EkNF+4pRX?{l^5}@g4xPm5@|MGEO_50FXwxU=Qge*hMCc$dG$V~
z^=N^R&KihymA>@ZG`d6lAJ{y~8i}&l15FWj{pQgTJ6l5?Y$KqF|E+js#iK-;sl7qn
z7xD!IteKjBvJ<$|7>s35lT_<0ao4pIX*&EqJ!IPbTELyoV3X<W2nITRJ4|OM({{Ca
zBmdhiTm2Y*oWEVtrJN-4Ze#xBBD=hwH<jiWK0*vjW64)<5u>c09pn#{F3yfy98(<Q
z@0OMqJWb??LoCZqfGzy#=k~JI${A`OHX6%z+A8-G3FEhawDR&Y_D>MRTBg0-tAbCT
zjia>A`{i3*r>MbB176}wr?)CE6ZyPxa(bRDf8RKF%N}{fa&!&@qBF65)HIc?Tbdfz
zSQ8G=gzz~V0UQLl0EYlia5=4rUq9jGhbu}aB8Y4X!HCVY&AN>}&)=xHPkxOTS5|F=
z``vaXmPBO5oFmToP=I?30B5k{1a4=NM?@F@{9F+~TRB@Xs5xR>sm!w%R-;EHFr7VG
zXlGEh)LhIns@j%-&;A7<bYBb#Cko3TFm1tZ_5@nc-K~gO;-&dW)d6{w&#6|!TOkG`
zEa!apNd47c{0Du?4%gGbF7yTo%(Re~?a)GPK9wy*I}0h)rv*BEn%>s4vtKOCUW>}x
zNbmv#9h;h(TgXwbQlpW<sIh#-<RzAayhJhwpc1eX;N!Dvib};^6ba-9^K}9<m1%l!
zFraJfJl|2XO8Gf4-!NXOxo)o!<{&gzOZR`W`L(GJ*0VP;4ywegVgHKeLhfzJ<DbuI
zUJ45%yr?i7DeM`MO{cfFR|}{Vy{JRt#rb1%kJ&zwcwX%W=g%<gDIS<t#KX1obHvP0
zsxgvB>>U5M+FiE4NxW{}!&Bf&tB3u9NZm$IR>pGaANwVLZ+?sI?-H+?|9GX)|81~g
z&bJS_F7a8nubeHmrO;R8AY5!Z+JiwqQ!tP4am?jDK6HC|?K2Rvd;NZQN-R;~?+(qk
zTVqVb;4*}q)Cw}4z01G4z1jI5u|ANDrUkY3S*@6TDFD_n?C``r`D5^`?Z?m6U6QkS
zXi?pK?C-JM5Vgz)v6uyeXbu6s2N0X;CH~=}Cgu0kmW>5>ylI;?&T{>esO$x_4phxD
zrgiq|nmV@nw56+-ignYijf=aNnR@4zhE*^xQc|&+@Zlh+Bn_(16!Qy9Z&h%KD=_}N
zG+@)l(SpSpO@d}turJix7iv>AKU}*<cx$z_e^XVT?rryznm;Ac5hWIj8%p(s<qgWm
zBrwCsUU5;*#-gU(7wC*sKmLc6x$-Ig)ym4rBG`k}FSIw)TfP21%`&lzFI?qS{+IgZ
z8>d$tkyi`d--0ZPC{@19v8}#GZ1l&_^$Fn50HiDn6Hv7mvHBk{2KlZv+mx?~Tx9&`
znk@MaF{?;m%<8t8Y0+8Pcr((aSYp=zUrD@Z-FoG(L@zUTt~2D)<zPoOq`8z%Xl6Q?
zuKU=-yl%tf4Jh4aitg>{^=rCNmrhhsD?dd~uJ%ALWrU`-jpa5fThx|6$yj1+`JoM~
z6uM+fYm84e{6lVru{-E1Nu!OU;<yrrj98>UHK5&J6Y%zE%tj-a1AuAAimC7pwiz1)
z`~^T3E^fSANg>(0j8lz2QS!zwGv1c_wvSh;P<5%oii#!rM=|RZaBotv(0`slN4}Tg
zGhh{+%e?eXkKD!k?`)|18TIvN&h80zbkC+86k=35E@EW#%wQs*hy*PkTlvEA)+(oU
zLh(7Rg)PvJ)ewxx>|Xk3rgZc%Mt36iD-12Rwq9(bdm;a8fC5OYRN(F9r&_BE5d~B6
z2feD!N<ceRts|&v{DanpbqOa2sutS==!ax#yI0rR`k0^H1KuS7(!<P(=+;KZ%Whu>
z&X~Z~%@d|ja5VbrDRxQvnh#zoF+Sevc7|aV%c2gJP2irCXv<#o4+4e&qQ0c9ZE4wL
z?Y@Z^X_>Jbd(w13f0hS!KA-?l2q*#+6VL@TYFn9AlB0I95)v>|wFf%ds1O9%WPa|x
zCF#?Nd7Qrbi~PUTc}8{H2}j;VsFM#!ryk}4Wbof~l*dfEi8Vs!Nsu4J@F4)~Vx{20
z7*+-f5n;KYrU7oWi3)wxh#PIlq>+#paVh8f)a6PgwO=wWtKT^CW}xdLW{y|e^sS#9
zjl?)=^ZKrmnK8YE!zV1$Da1GwtWd;En8x>a%~-J=i~N6;wsbZ#cJ}Si+Iqcvkdy2l
z{%P0R^jgyRb^7Y(h4c09H=H@cm>Y%A+NC!3fy9@w9NQI%x3X2XD>6UDO0AQ038W?f
z#x))8u&yfnzuB}3aZ`$UVxpCf2?yz3K1a_{Z*&LC!A!A`B^d6yS+pXCr&HN$i@YxE
z%zJ-iSMeX}P0l-LW>Yr)t`9opR{mmtBh37)zd^R~MGsC5UnJYa#pl6?;$upKd`}a&
zZGzkH+E%k{)4H0LV7C^quDUTZlXjiB8;GqJvvLqV90J55O^L8GlC2^~g(nkCx86?H
zBgT*637ajuFW~K?`#JOVi{oS$D<`$h2?@+gyngQ{=L+h&E*sD84JzR!L^JEQ1WJTg
z1X={~30lg`xu5w$TAR1m*A{}|RFpz3qLhl7<IWtn+z6YI<8krKLQ}+e%)A9waf!SQ
zZ)%@a8Y`foI6hm+jza$HM`yZL6K^V=ZTbr`e_?M8|4hv{Hazx*-4%BO<P#6H7K^iA
z9OxqDAAu@3MA_r~kpuZz14Le>uO!uP!dvg5XNvfR19S7lu^~<|o9XPnpWYuj6=UbY
z19B5TdT>VAq!B`=B~+3nwi2)ku$q91<TlXVfQ0-<cF<1&TF7*CYkTzgyRLP=YKFCl
zwV9#QF%{j==ZU4K5YT~H#^)YdtZXI8IY#KvBlbJvtR@MzmU<8avg&j_TOV!p4%f2=
z%s-x2HlkyI##rxCQ{wBNe7)ct7#|QMybnr_s&Y3UIO;8#jdAZof(R+{fVe_re*-T&
z+CWn4o|<3x5izU_W{TeJqbH3@rhluK#G{p6mH2B<H7fVg-1iu+W1rjS1TfPAz;^)H
ziEgLq5ci&i;M4&Y0qy`S<~7euo(B(^6C(Fs9IqNZAcPx+ArwoFAEP+}KsNNxZ>N>1
z4*U+|9i3jEpKXT0?@*iATR^`{wB?@2O{SSwpV%Tl&BG@aXNXKWh56`}_RfjBUE47P
zsl|T6XFc005Apra&I~_^`663tyu2C2fFZ#50MS=HYe$m<aI=d)pA+)Q^5@Q|!l@*V
zT%u1s<FlTdrF2tY$nZYbW-pB;6mp4e03eUpIzR)za&q3SFly{ahe4t(^*#d?y-(4t
z>jYo;LZcF-ao;zNyb!d92Ot4A)8j$}OiYZtq#vz(fi~Qv+tl_RYIz@swyc{Up4Z||
zYi9TYc*1o0{2`55k$fASB9dQ#dJAv>&<LePemBWdVf+s-N6;-U%3n(S_~{DyNq+wH
z)TOb+j9L=s@*A(vbi2L_vxv&+0p;iUgKLxrY0-Z++6P<g-@(pE(4XxFPb6T1+Hw1k
zfA&)C4L?0qpIPpDhz7og(l<xu$A(LcXU^2w=Ip|3jKJFV(vr~#(K5;sRu|Up=KuJ?
z%nXs1Js290`TXHc&M?uR+Kj`)W%eoJrVW3aHdY&%ZCyR9f`u#iJ1>`STnlo%Jv4w0
z*by0a->BOW|C1uRAH}jRP*x21g0rRaQ+(^$ij~6q|Bf!P6K)oQoBW_9=6s%CJlo-X
zoYwfpX3YH2Z|(91?mSoOw0yy<&J~A6Dv6iE23m@KXX)tBbUiLE!_XjF7+^~MgkPRt
zX4Oa$rGt=&vjHYiWXL!II^1B0Y3~j8j$=rT^{brNwbo@8?=jj>v1IxUrix_L=jR$+
zM`->+I&buoh<vHB;}vG#9t~66k4@vnM4W*Gm{F*H0MxhY&-!7`VZQLyM&&4xD~%(s
z-YciMYneFDL;S5TYQo~UAH-ZDN@<|HfJ%U{-?cFqprdY+H`KAy@`Lz2V=n|w0?q(l
z1{i>!1KtDt9`GUHV*q|9U|$3N3Q$O=Z43`rh6fVELxbVA&T0X;`7vC1814!Thb6-)
z!cgTH$`Qj3W!O#(dC!n73_fN@Wq#$$$u2xw=ugta4(_}*mEU%)h_Al3m0!L#!^r*1
OB|E?TwM!B2nEwOS9zG@j

diff --git a/config.template.json b/config.template.json
index 9c14179..9464d8e 100644
--- a/config.template.json
+++ b/config.template.json
@@ -28,6 +28,23 @@
       "ip": ""
     }
   },
+  "auth": {
+    "enabled": false,
+    "provider": "keycloak",
+    "session_ttl_s": 43200,
+    "cookie_name": "triangulation_session",
+    "keycloak": {
+      "base_url": "http://keycloak:8080",
+      "realm": "triangulation",
+      "client_id": "triangulation-ui",
+      "client_secret": "",
+      "admin_client_id": "triangulation-admin",
+      "admin_client_secret": "",
+      "user_role": "triangulation_user",
+      "admin_role": "triangulation_admin",
+      "admin_console_url": "http://127.0.0.1:38083/admin/"
+    }
+  },
   "input": {
     "mode": "http_sources",
     "aggregation": "median",
diff --git a/cookies-admin.txt b/cookies-admin.txt
new file mode 100644
index 0000000..c31d989
--- /dev/null
+++ b/cookies-admin.txt
@@ -0,0 +1,4 @@
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
diff --git a/cookies-user.txt b/cookies-user.txt
new file mode 100644
index 0000000..c31d989
--- /dev/null
+++ b/cookies-user.txt
@@ -0,0 +1,4 @@
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
diff --git a/docker-compose.yml b/docker-compose.yml
index 54bb61c..f72ec63 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,6 @@
 services:
   triangulation-test:
     build: .
-    container_name: triangulation-test
     command: ["python", "service.py", "--config", "docker/config.docker.test.json"]
     ports:
       - "127.0.0.1:38081:8081"
@@ -10,11 +9,26 @@ services:
       - receiver-r1
       - receiver-r2
       - output-sink
+      - keycloak
+    profiles: ["test"]
+
+  keycloak:
+    build:
+      context: .
+      dockerfile: docker/keycloak/Dockerfile
+    environment:
+      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-admin}
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
+      TRIANGULATION_ADMIN_USERNAME: ${TRIANGULATION_ADMIN_USERNAME:-admin_ui}
+      TRIANGULATION_ADMIN_PASSWORD: ${TRIANGULATION_ADMIN_PASSWORD:-admin123}
+      TRIANGULATION_VIEWER_USERNAME: ${TRIANGULATION_VIEWER_USERNAME:-viewer}
+      TRIANGULATION_VIEWER_PASSWORD: ${TRIANGULATION_VIEWER_PASSWORD:-viewer123}
+    ports:
+      - "127.0.0.1:38083:8080"
     profiles: ["test"]
 
   receiver-r0:
     build: .
-    container_name: receiver-r0
     command: ["python", "docker/mock_receiver.py", "--receiver-id", "r0", "--port", "9000", "--base-rssi", "-61.0"]
     expose:
       - "9000"
@@ -22,7 +36,6 @@ services:
 
   receiver-r1:
     build: .
-    container_name: receiver-r1
     command: ["python", "docker/mock_receiver.py", "--receiver-id", "r1", "--port", "9000", "--base-rssi", "-64.0"]
     expose:
       - "9000"
@@ -30,7 +43,6 @@ services:
 
   receiver-r2:
     build: .
-    container_name: receiver-r2
     command: ["python", "docker/mock_receiver.py", "--receiver-id", "r2", "--port", "9000", "--base-rssi", "-63.0"]
     expose:
       - "9000"
@@ -38,7 +50,6 @@ services:
 
   output-sink:
     build: .
-    container_name: output-sink
     command: ["python", "docker/mock_output_sink.py", "--port", "8080"]
     expose:
       - "8080"
@@ -46,7 +57,6 @@ services:
 
   triangulation-prod:
     build: .
-    container_name: triangulation-prod
     command: ["python", "service.py", "--config", "/app/config.json"]
     ports:
       - "127.0.0.1:38082:8081"
diff --git a/docker/config.docker.test.json b/docker/config.docker.test.json
index b636250..05b3045 100644
--- a/docker/config.docker.test.json
+++ b/docker/config.docker.test.json
@@ -19,8 +19,8 @@
     "write_api_token": "",
     "output_servers": [
       {
-        "name": "output_sink_main",
-        "ip": "output-sink"
+      "name": "output_sink_main",
+      "ip": "output-sink"
       }
     ],
     "output_server": {
@@ -28,6 +28,23 @@
       "ip": "output-sink"
     }
   },
+  "auth": {
+    "enabled": true,
+    "provider": "keycloak",
+    "session_ttl_s": 43200,
+    "cookie_name": "triangulation_session",
+    "keycloak": {
+      "base_url": "http://keycloak:8080",
+      "realm": "triangulation",
+      "client_id": "triangulation-ui",
+      "client_secret": "triangulation-ui-secret",
+      "admin_client_id": "triangulation-admin",
+      "admin_client_secret": "triangulation-admin-secret",
+      "user_role": "triangulation_user",
+      "admin_role": "triangulation_admin",
+      "admin_console_url": "http://127.0.0.1:38083/admin/"
+    }
+  },
   "input": {
     "mode": "http_sources",
     "aggregation": "median",
diff --git a/docker/keycloak/Dockerfile b/docker/keycloak/Dockerfile
new file mode 100644
index 0000000..d3232e9
--- /dev/null
+++ b/docker/keycloak/Dockerfile
@@ -0,0 +1,12 @@
+FROM keycloak/keycloak:22.0.1
+
+COPY docker/keycloak/triangulation-realm.template.json /opt/keycloak/templates/triangulation-realm.template.json
+COPY docker/keycloak/entrypoint.sh /opt/keycloak/bin/triangulation-entrypoint.sh
+
+USER root
+RUN chmod +x /opt/keycloak/bin/triangulation-entrypoint.sh \
+    && mkdir -p /opt/keycloak/templates /opt/keycloak/data/import \
+    && chown -R keycloak:root /opt/keycloak/templates /opt/keycloak/data/import
+USER keycloak
+
+ENTRYPOINT ["/opt/keycloak/bin/triangulation-entrypoint.sh"]
diff --git a/docker/keycloak/entrypoint.sh b/docker/keycloak/entrypoint.sh
new file mode 100644
index 0000000..cc6f9ca
--- /dev/null
+++ b/docker/keycloak/entrypoint.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+set -euo pipefail
+
+template="/opt/keycloak/templates/triangulation-realm.template.json"
+target="/opt/keycloak/data/import/triangulation-realm.json"
+
+escape_sed() {
+  printf '%s' "$1" | sed -e 's/[\/&|]/\\&/g'
+}
+
+admin_username_escaped="$(escape_sed "${TRIANGULATION_ADMIN_USERNAME:-admin_ui}")"
+admin_password_escaped="$(escape_sed "${TRIANGULATION_ADMIN_PASSWORD:-admin123}")"
+viewer_username_escaped="$(escape_sed "${TRIANGULATION_VIEWER_USERNAME:-viewer}")"
+viewer_password_escaped="$(escape_sed "${TRIANGULATION_VIEWER_PASSWORD:-viewer123}")"
+
+sed \
+  -e "s|__TRIANGULATION_ADMIN_USERNAME__|${admin_username_escaped}|g" \
+  -e "s|__TRIANGULATION_ADMIN_PASSWORD__|${admin_password_escaped}|g" \
+  -e "s|__TRIANGULATION_VIEWER_USERNAME__|${viewer_username_escaped}|g" \
+  -e "s|__TRIANGULATION_VIEWER_PASSWORD__|${viewer_password_escaped}|g" \
+  "$template" > "$target"
+
+exec /opt/keycloak/bin/kc.sh start-dev --import-realm
diff --git a/docker/keycloak/triangulation-realm.template.json b/docker/keycloak/triangulation-realm.template.json
new file mode 100644
index 0000000..b0dab06
--- /dev/null
+++ b/docker/keycloak/triangulation-realm.template.json
@@ -0,0 +1,95 @@
+{
+  "realm": "triangulation",
+  "enabled": true,
+  "displayName": "Triangulation",
+  "registrationAllowed": false,
+  "loginWithEmailAllowed": true,
+  "duplicateEmailsAllowed": false,
+  "resetPasswordAllowed": true,
+  "rememberMe": true,
+  "roles": {
+    "realm": [
+      {
+        "name": "triangulation_admin",
+        "description": "Administrator access to the triangulation console"
+      },
+      {
+        "name": "triangulation_user",
+        "description": "Read-only access to triangulation results"
+      }
+    ]
+  },
+  "clients": [
+    {
+      "clientId": "triangulation-ui",
+      "name": "Triangulation UI",
+      "enabled": true,
+      "publicClient": false,
+      "secret": "triangulation-ui-secret",
+      "directAccessGrantsEnabled": true,
+      "standardFlowEnabled": false,
+      "serviceAccountsEnabled": false,
+      "protocol": "openid-connect"
+    },
+    {
+      "clientId": "triangulation-admin",
+      "name": "Triangulation Admin Service",
+      "enabled": true,
+      "publicClient": false,
+      "secret": "triangulation-admin-secret",
+      "directAccessGrantsEnabled": false,
+      "standardFlowEnabled": false,
+      "serviceAccountsEnabled": true,
+      "protocol": "openid-connect"
+    }
+  ],
+  "users": [
+    {
+      "username": "__TRIANGULATION_ADMIN_USERNAME__",
+      "enabled": true,
+      "emailVerified": true,
+      "firstName": "System",
+      "lastName": "Admin",
+      "credentials": [
+        {
+          "type": "password",
+          "value": "__TRIANGULATION_ADMIN_PASSWORD__",
+          "temporary": false
+        }
+      ],
+      "realmRoles": [
+        "triangulation_admin"
+      ]
+    },
+    {
+      "username": "__TRIANGULATION_VIEWER_USERNAME__",
+      "enabled": true,
+      "emailVerified": true,
+      "firstName": "Read",
+      "lastName": "Only",
+      "credentials": [
+        {
+          "type": "password",
+          "value": "__TRIANGULATION_VIEWER_PASSWORD__",
+          "temporary": false
+        }
+      ],
+      "realmRoles": [
+        "triangulation_user"
+      ]
+    },
+    {
+      "username": "service-account-triangulation-admin",
+      "enabled": true,
+      "serviceAccountClientId": "triangulation-admin",
+      "clientRoles": {
+        "realm-management": [
+          "manage-users",
+          "query-users",
+          "view-users",
+          "view-realm"
+        ]
+      }
+    }
+  ]
+}
diff --git a/service.py b/service.py
index 3da9ed3..40115eb 100644
--- a/service.py
+++ b/service.py
@@ -1,13 +1,16 @@
 from __future__ import annotations
 
 import argparse
+import base64
 import hmac
 import itertools
 import json
 import math
 import mimetypes
+import secrets
 import statistics
 import threading
+import time
 from datetime import datetime, timezone
 from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
 from pathlib import Path
@@ -25,6 +28,9 @@ from triangulation import (
 Point3D = Tuple[float, float, float]
 MAX_CONFIG_BODY_BYTES = 1_000_000  # 1 MB guardrail for /config POST.
 HZ_IN_MHZ = 1_000_000.0
+DEFAULT_AUTH_SESSION_TTL_S = 43_200
+DEFAULT_AUTH_COOKIE_NAME = "triangulation_session"
+DEFAULT_AUTH_PROVIDER = "keycloak"
 
 
 def _utc_now_iso_seconds() -> str:
@@ -43,6 +49,167 @@ def _load_json(path: str) -> Dict[str, object]:
     return data
 
 
+def _base64url_json(segment: str) -> Dict[str, object]:
+    raw = str(segment or "").strip()
+    if not raw:
+        return {}
+    padding = "=" * (-len(raw) % 4)
+    try:
+        decoded = base64.urlsafe_b64decode(raw + padding).decode("utf-8")
+        payload = json.loads(decoded)
+    except Exception:
+        return {}
+    return payload if isinstance(payload, dict) else {}
+
+
+def _decode_jwt_payload_unverified(token: str) -> Dict[str, object]:
+    parts = str(token or "").split(".")
+    if len(parts) < 2:
+        return {}
+    return _base64url_json(parts[1])
+
+
+def _parse_auth_config(config: Dict[str, object]) -> Dict[str, object]:
+    auth_obj = config.get("auth", {})
+    if auth_obj is None:
+        auth_obj = {}
+    if not isinstance(auth_obj, dict):
+        raise ValueError("auth must be object.")
+
+    enabled = bool(auth_obj.get("enabled", False))
+    provider = str(auth_obj.get("provider", DEFAULT_AUTH_PROVIDER)).strip().lower()
+    if provider not in ("keycloak",):
+        raise ValueError("auth.provider must be 'keycloak'.")
+    session_ttl_s = int(auth_obj.get("session_ttl_s", DEFAULT_AUTH_SESSION_TTL_S))
+    if session_ttl_s <= 0:
+        raise ValueError("auth.session_ttl_s must be > 0.")
+
+    cookie_name = str(auth_obj.get("cookie_name", DEFAULT_AUTH_COOKIE_NAME)).strip()
+    if not cookie_name:
+        raise ValueError("auth.cookie_name must be non-empty.")
+
+    keycloak_obj = auth_obj.get("keycloak", {})
+    if keycloak_obj is None:
+        keycloak_obj = {}
+    if not isinstance(keycloak_obj, dict):
+        raise ValueError("auth.keycloak must be object.")
+
+    base_url = str(keycloak_obj.get("base_url", "")).strip().rstrip("/")
+    realm = str(keycloak_obj.get("realm", "")).strip()
+    client_id = str(keycloak_obj.get("client_id", "")).strip()
+    client_secret = str(keycloak_obj.get("client_secret", "")).strip()
+    admin_client_id = str(keycloak_obj.get("admin_client_id", "")).strip()
+    admin_client_secret = str(keycloak_obj.get("admin_client_secret", "")).strip()
+    user_role = str(keycloak_obj.get("user_role", "triangulation_user")).strip()
+    admin_role = str(keycloak_obj.get("admin_role", "triangulation_admin")).strip()
+    admin_console_url = str(keycloak_obj.get("admin_console_url", "")).strip()
+
+    if enabled:
+        if not base_url:
+            raise ValueError("auth.keycloak.base_url must be non-empty when auth.enabled=true.")
+        if not realm:
+            raise ValueError("auth.keycloak.realm must be non-empty when auth.enabled=true.")
+        if not client_id:
+            raise ValueError("auth.keycloak.client_id must be non-empty when auth.enabled=true.")
+        if not client_secret:
+            raise ValueError("auth.keycloak.client_secret must be non-empty when auth.enabled=true.")
+        if not admin_client_id:
+            raise ValueError(
+                "auth.keycloak.admin_client_id must be non-empty when auth.enabled=true."
+            )
+        if not admin_client_secret:
+            raise ValueError(
+                "auth.keycloak.admin_client_secret must be non-empty when auth.enabled=true."
+            )
+        if not user_role or not admin_role:
+            raise ValueError("auth.keycloak.user_role/admin_role must be non-empty.")
+
+    return {
+        "enabled": enabled,
+        "provider": provider,
+        "session_ttl_s": session_ttl_s,
+        "cookie_name": cookie_name,
+        "keycloak": {
+            "base_url": base_url,
+            "realm": realm,
+            "client_id": client_id,
+            "client_secret": client_secret,
+            "admin_client_id": admin_client_id,
+            "admin_client_secret": admin_client_secret,
+            "user_role": user_role,
+            "admin_role": admin_role,
+            "admin_console_url": admin_console_url,
+        },
+    }
+
+
+def _public_config_view(config: Dict[str, object], write_api_token_set: bool) -> Dict[str, object]:
+    public_config = json.loads(json.dumps(config))
+
+    runtime_obj = public_config.get("runtime")
+    if isinstance(runtime_obj, dict):
+        if "write_api_token" in runtime_obj:
+            runtime_obj["write_api_token"] = ""
+        runtime_obj["write_api_token_set"] = bool(write_api_token_set)
+
+    auth_obj = public_config.get("auth")
+    if isinstance(auth_obj, dict):
+        keycloak_obj = auth_obj.get("keycloak")
+        if isinstance(keycloak_obj, dict):
+            source_auth_obj = config.get("auth", {})
+            source_keycloak_obj = (
+                source_auth_obj.get("keycloak", {})
+                if isinstance(source_auth_obj, dict)
+                else {}
+            )
+            if "client_secret" in keycloak_obj:
+                keycloak_obj["client_secret"] = ""
+            keycloak_obj["client_secret_set"] = bool(
+                str(
+                    source_keycloak_obj.get("client_secret", "")
+                    if isinstance(source_keycloak_obj, dict)
+                    else ""
+                ).strip()
+            )
+            if "admin_client_secret" in keycloak_obj:
+                keycloak_obj["admin_client_secret"] = ""
+            keycloak_obj["admin_client_secret_set"] = bool(
+                str(
+                    source_keycloak_obj.get("admin_client_secret", "")
+                    if isinstance(source_keycloak_obj, dict)
+                    else ""
+                ).strip()
+            )
+
+    return public_config
+
+
+def _preserve_sensitive_config_values(
+    current_service: "AutoService",
+    new_config: Dict[str, object],
+) -> None:
+    runtime_obj = new_config.get("runtime")
+    if isinstance(runtime_obj, dict) and current_service.write_api_token:
+        incoming_token = str(runtime_obj.get("write_api_token", "")).strip()
+        if not incoming_token:
+            runtime_obj["write_api_token"] = current_service.write_api_token
+
+    auth_obj = new_config.get("auth")
+    if not isinstance(auth_obj, dict):
+        return
+    keycloak_obj = auth_obj.get("keycloak")
+    if not isinstance(keycloak_obj, dict):
+        return
+    if current_service.keycloak_client_secret and not str(
+        keycloak_obj.get("client_secret", "")
+    ).strip():
+        keycloak_obj["client_secret"] = current_service.keycloak_client_secret
+    if current_service.keycloak_admin_client_secret and not str(
+        keycloak_obj.get("admin_client_secret", "")
+    ).strip():
+        keycloak_obj["admin_client_secret"] = current_service.keycloak_admin_client_secret
+
+
 def _center_from_obj(obj: Dict[str, object]) -> Point3D:
     center = obj.get("center")
     if not isinstance(center, dict):
@@ -440,14 +607,24 @@ def _http_json_request(
     url: str,
     method: str = "GET",
     payload: Optional[Dict[str, object]] = None,
+    form: Optional[Dict[str, object]] = None,
+    headers: Optional[Dict[str, str]] = None,
     timeout_s: float = 2.0,
 ) -> Tuple[int, Dict[str, object], str]:
-    headers = {"Accept": "application/json"}
+    request_headers = {"Accept": "application/json"}
     body: Optional[bytes] = None
     if payload is not None:
-        headers["Content-Type"] = "application/json"
+        request_headers["Content-Type"] = "application/json"
         body = json.dumps(payload, ensure_ascii=False).encode("utf-8")
-    req = request.Request(url=url, method=method, headers=headers, data=body)
+    elif form is not None:
+        request_headers["Content-Type"] = "application/x-www-form-urlencoded"
+        body = parse.urlencode(
+            {str(key): str(value) for key, value in form.items()},
+            doseq=True,
+        ).encode("utf-8")
+    if isinstance(headers, dict):
+        request_headers.update({str(key): str(value) for key, value in headers.items()})
+    req = request.Request(url=url, method=method, headers=request_headers, data=body)
     try:
         with request.urlopen(req, timeout=timeout_s) as response:
             text = response.read().decode("utf-8", errors="replace")
@@ -477,6 +654,169 @@ def _output_control_urls(output_server: Dict[str, object]) -> Tuple[str, str]:
     return f"{base}/control", f"{base}/status"
 
 
+def _keycloak_admin_request(
+    service: "AutoService",
+    path: str,
+    method: str = "GET",
+    payload: Optional[Dict[str, object]] = None,
+    json_body: Optional[object] = None,
+    timeout_s: float = 5.0,
+) -> Tuple[int, object, str]:
+    access_token = service.get_admin_access_token()
+    url = f"{service.keycloak_admin_api_base()}{path}"
+    headers = {
+        "Accept": "application/json",
+        "Authorization": f"Bearer {access_token}",
+    }
+    body: Optional[bytes] = None
+    if json_body is not None:
+        headers["Content-Type"] = "application/json"
+        body = json.dumps(json_body, ensure_ascii=False).encode("utf-8")
+    elif payload is not None:
+        headers["Content-Type"] = "application/json"
+        body = json.dumps(payload, ensure_ascii=False).encode("utf-8")
+
+    req = request.Request(url=url, method=method, headers=headers, data=body)
+    try:
+        with request.urlopen(req, timeout=timeout_s) as response:
+            raw = response.read().decode("utf-8", errors="replace")
+            parsed = json.loads(raw) if raw.strip() else {}
+            return int(response.status), parsed, ""
+    except error.HTTPError as exc:
+        raw = exc.read().decode("utf-8", errors="replace")
+        try:
+            parsed = json.loads(raw) if raw.strip() else {}
+        except json.JSONDecodeError:
+            parsed = {"raw": raw}
+        return int(exc.code), parsed, ""
+    except Exception as exc:  # pragma: no cover - network/IO branches
+        return 0, {}, str(exc)
+
+
+def _keycloak_get_user_id_by_username(service: "AutoService", username: str) -> Optional[str]:
+    status_code, payload, request_error = _keycloak_admin_request(
+        service,
+        f"/users?username={parse.quote(str(username or '').strip())}&exact=true",
+    )
+    if request_error or status_code < 200 or status_code >= 300 or not isinstance(payload, list):
+        return None
+    for row in payload:
+        if not isinstance(row, dict):
+            continue
+        row_username = str(row.get("username", "")).strip()
+        if row_username.casefold() == str(username or "").strip().casefold():
+            user_id = str(row.get("id", "")).strip()
+            if user_id:
+                return user_id
+    return None
+
+
+def _keycloak_get_role_representation(
+    service: "AutoService",
+    role_name: str,
+) -> Dict[str, object]:
+    status_code, payload, request_error = _keycloak_admin_request(
+        service,
+        f"/roles/{parse.quote(role_name)}",
+    )
+    if request_error:
+        raise RuntimeError(f"Keycloak role request failed: {request_error}")
+    if status_code < 200 or status_code >= 300 or not isinstance(payload, dict):
+        raise RuntimeError(
+            f"Keycloak role request failed: {payload.get('errorMessage') if isinstance(payload, dict) else status_code}"
+        )
+    return payload
+
+
+def _keycloak_list_users(service: "AutoService") -> List[Dict[str, object]]:
+    status_code, payload, request_error = _keycloak_admin_request(service, "/users?max=200")
+    if request_error:
+        raise RuntimeError(f"Keycloak users request failed: {request_error}")
+    if status_code < 200 or status_code >= 300 or not isinstance(payload, list):
+        raise RuntimeError(
+            f"Keycloak users request failed: {payload.get('errorMessage') if isinstance(payload, dict) else status_code}"
+        )
+
+    rows: List[Dict[str, object]] = []
+    for row in payload:
+        if not isinstance(row, dict):
+            continue
+        username = str(row.get("username", "")).strip()
+        user_id = str(row.get("id", "")).strip()
+        if not username or not user_id or username.startswith("service-account-"):
+            continue
+
+        role_status, role_payload, role_error = _keycloak_admin_request(
+            service,
+            f"/users/{parse.quote(user_id)}/role-mappings/realm",
+        )
+        if role_error:
+            raise RuntimeError(f"Keycloak role mappings request failed: {role_error}")
+        if role_status < 200 or role_status >= 300 or not isinstance(role_payload, list):
+            raise RuntimeError("Keycloak role mappings request failed.")
+        role_names = {
+            str(role_row.get("name", "")).strip()
+            for role_row in role_payload
+            if isinstance(role_row, dict)
+        }
+        if service.keycloak_admin_role in role_names:
+            app_role = "admin"
+        elif service.keycloak_user_role in role_names:
+            app_role = "user"
+        else:
+            app_role = ""
+
+        rows.append(
+            {
+                "id": user_id,
+                "username": username,
+                "enabled": bool(row.get("enabled", True)),
+                "first_name": str(row.get("firstName", "")).strip(),
+                "last_name": str(row.get("lastName", "")).strip(),
+                "role": app_role or "user",
+            }
+        )
+    return sorted(rows, key=lambda item: str(item.get("username", "")).casefold())
+
+
+def _keycloak_apply_user_role(service: "AutoService", user_id: str, role: str) -> None:
+    target_role = service.keycloak_admin_role if role == "admin" else service.keycloak_user_role
+    other_role = service.keycloak_user_role if role == "admin" else service.keycloak_admin_role
+    target_repr = _keycloak_get_role_representation(service, target_role)
+    other_repr = _keycloak_get_role_representation(service, other_role)
+
+    status_code, _, request_error = _keycloak_admin_request(
+        service,
+        f"/users/{parse.quote(user_id)}/role-mappings/realm",
+        method="POST",
+        json_body=[target_repr],
+    )
+    if request_error or status_code < 200 or status_code >= 300:
+        raise RuntimeError("Failed to assign Keycloak role.")
+
+    _keycloak_admin_request(
+        service,
+        f"/users/{parse.quote(user_id)}/role-mappings/realm",
+        method="DELETE",
+        json_body=[other_repr],
+    )
+
+
+def _keycloak_reset_password(service: "AutoService", user_id: str, password: str) -> None:
+    status_code, _, request_error = _keycloak_admin_request(
+        service,
+        f"/users/{parse.quote(user_id)}/reset-password",
+        method="PUT",
+        json_body={
+            "type": "password",
+            "temporary": False,
+            "value": password,
+        },
+    )
+    if request_error or status_code < 200 or status_code >= 300:
+        raise RuntimeError("Failed to update Keycloak password.")
+
+
 def _receiver_configured_frequencies_mhz(receiver: Dict[str, object]) -> List[float]:
     configured_hz = receiver.get("configured_frequencies_hz")
     if not isinstance(configured_hz, list):
@@ -697,6 +1037,26 @@ class AutoService:
         self.config = config
         self.config_path = config_path
         self.model = _parse_model(config)
+        auth_config = _parse_auth_config(config)
+        self.auth_enabled = bool(auth_config["enabled"])
+        self.auth_provider = str(auth_config["provider"])
+        self.auth_session_ttl_s = int(auth_config["session_ttl_s"])
+        self.auth_cookie_name = str(auth_config["cookie_name"])
+        keycloak_config = auth_config["keycloak"]
+        self.keycloak_base_url = str(keycloak_config["base_url"])
+        self.keycloak_realm = str(keycloak_config["realm"])
+        self.keycloak_client_id = str(keycloak_config["client_id"])
+        self.keycloak_client_secret = str(keycloak_config["client_secret"])
+        self.keycloak_admin_client_id = str(keycloak_config["admin_client_id"])
+        self.keycloak_admin_client_secret = str(keycloak_config["admin_client_secret"])
+        self.keycloak_user_role = str(keycloak_config["user_role"])
+        self.keycloak_admin_role = str(keycloak_config["admin_role"])
+        self.keycloak_admin_console_url = str(keycloak_config["admin_console_url"])
+        self.keycloak_admin_token_cache: Dict[str, object] = {
+            "access_token": "",
+            "expires_at": 0.0,
+        }
+        self.keycloak_admin_token_lock = threading.Lock()
 
         solver_obj = config.get("solver", {})
         runtime_obj = config.get("runtime", {})
@@ -864,6 +1224,73 @@ class AutoService:
         if self.poll_thread.is_alive():
             self.poll_thread.join(timeout=2.0)
 
+    def keycloak_openid_base(self) -> str:
+        return (
+            f"{self.keycloak_base_url}/realms/{self.keycloak_realm}"
+            "/protocol/openid-connect"
+        )
+
+    def keycloak_token_url(self) -> str:
+        return f"{self.keycloak_openid_base()}/token"
+
+    def keycloak_userinfo_url(self) -> str:
+        return f"{self.keycloak_openid_base()}/userinfo"
+
+    def keycloak_admin_api_base(self) -> str:
+        return f"{self.keycloak_base_url}/admin/realms/{self.keycloak_realm}"
+
+    def role_from_token(self, access_token: str) -> Optional[str]:
+        payload = _decode_jwt_payload_unverified(access_token)
+        realm_access = payload.get("realm_access", {})
+        if not isinstance(realm_access, dict):
+            return None
+        roles = realm_access.get("roles", [])
+        if not isinstance(roles, list):
+            return None
+        normalized_roles = {str(role).strip() for role in roles if str(role).strip()}
+        if self.keycloak_admin_role in normalized_roles:
+            return "admin"
+        if self.keycloak_user_role in normalized_roles:
+            return "user"
+        return None
+
+    def get_admin_access_token(self) -> str:
+        if not self.auth_enabled:
+            raise RuntimeError("Authentication is disabled.")
+
+        with self.keycloak_admin_token_lock:
+            cached_token = str(self.keycloak_admin_token_cache.get("access_token", ""))
+            expires_at = float(self.keycloak_admin_token_cache.get("expires_at", 0.0) or 0.0)
+            if cached_token and expires_at > time.time() + 15.0:
+                return cached_token
+
+            status_code, payload, request_error = _http_json_request(
+                self.keycloak_token_url(),
+                method="POST",
+                form={
+                    "grant_type": "client_credentials",
+                    "client_id": self.keycloak_admin_client_id,
+                    "client_secret": self.keycloak_admin_client_secret,
+                },
+                timeout_s=5.0,
+            )
+            if request_error:
+                raise RuntimeError(f"Keycloak admin token request failed: {request_error}")
+            if status_code < 200 or status_code >= 300:
+                raise RuntimeError(
+                    f"Keycloak admin token request failed: {payload.get('error_description') or payload.get('error') or status_code}"
+                )
+
+            access_token = str(payload.get("access_token", "")).strip()
+            expires_in = float(payload.get("expires_in", 60.0) or 60.0)
+            if not access_token:
+                raise RuntimeError("Keycloak admin token response did not include access_token.")
+            self.keycloak_admin_token_cache = {
+                "access_token": access_token,
+                "expires_at": time.time() + max(30.0, expires_in),
+            }
+            return access_token
+
     def refresh_once(self) -> None:
         receiver_payloads: List[Dict[str, object]] = []
         grouped_by_receiver: List[Dict[float, List[Tuple[float, float]]]] = []
@@ -1237,17 +1664,19 @@ class AutoService:
 def _make_handler(service: AutoService):
     service_holder = {"current": service}
     service_swap_lock = threading.Lock()
+    auth_sessions: Dict[str, Dict[str, object]] = {}
+    auth_sessions_lock = threading.Lock()
 
     class ServiceHandler(BaseHTTPRequestHandler):
         @staticmethod
         def _current_service() -> AutoService:
             return service_holder["current"]
 
-        def _is_write_authorized(self) -> bool:
+        def _api_token_authorized(self) -> bool:
             service_obj = self._current_service()
             expected_token = service_obj.write_api_token
             if not expected_token:
-                return True
+                return False
 
             header_token = self.headers.get("X-API-Token", "")
             if hmac.compare_digest(header_token, expected_token):
@@ -1260,6 +1689,149 @@ def _make_handler(service: AutoService):
                     return True
             return False
 
+        def _parse_cookies(self) -> Dict[str, str]:
+            raw_cookie = str(self.headers.get("Cookie", "")).strip()
+            cookies: Dict[str, str] = {}
+            if not raw_cookie:
+                return cookies
+            for part in raw_cookie.split(";"):
+                if "=" not in part:
+                    continue
+                key, value = part.split("=", 1)
+                cookies[key.strip()] = value.strip()
+            return cookies
+
+        def _current_session(self) -> Optional[Dict[str, object]]:
+            service_obj = self._current_service()
+            if not service_obj.auth_enabled:
+                return {
+                    "username": "local-admin",
+                    "role": "admin",
+                    "expires_at": None,
+                }
+
+            session_id = self._parse_cookies().get(service_obj.auth_cookie_name, "")
+            if not session_id:
+                return None
+
+            with auth_sessions_lock:
+                session_row = auth_sessions.get(session_id)
+                if not isinstance(session_row, dict):
+                    return None
+                expires_at = float(session_row.get("expires_at", 0.0) or 0.0)
+                if expires_at <= time.time():
+                    auth_sessions.pop(session_id, None)
+                    return None
+                refreshed = dict(session_row)
+                refreshed["expires_at"] = time.time() + service_obj.auth_session_ttl_s
+                auth_sessions[session_id] = refreshed
+                return refreshed
+
+        def _auth_payload(self, session_row: Optional[Dict[str, object]]) -> Dict[str, object]:
+            service_obj = self._current_service()
+            authenticated = isinstance(session_row, dict)
+            role = str(session_row.get("role", "")) if authenticated else ""
+            is_admin = role == "admin"
+            if not authenticated and service_obj.auth_enabled:
+                visible_sections: List[str] = []
+            elif role == "user":
+                visible_sections = [
+                    "overview",
+                    "frequencies",
+                    "io",
+                    "history",
+                ]
+            else:
+                visible_sections = [
+                    "overview",
+                    "frequencies",
+                    "io",
+                    "history",
+                    "servers",
+                    "json",
+                ]
+            return {
+                "enabled": bool(service_obj.auth_enabled),
+                "provider": service_obj.auth_provider,
+                "authenticated": authenticated,
+                "username": "" if not authenticated else str(session_row.get("username", "")),
+                "role": role,
+                "capabilities": {
+                    "view_result": authenticated or not service_obj.auth_enabled,
+                    "view_frequencies": is_admin or role == "user" or not service_obj.auth_enabled,
+                    "admin": is_admin or not service_obj.auth_enabled,
+                    "manage_users": is_admin or not service_obj.auth_enabled,
+                    "manage_system": is_admin or not service_obj.auth_enabled,
+                },
+                "visible_sections": visible_sections,
+                "admin_console_url": service_obj.keycloak_admin_console_url,
+            }
+
+        def _require_authenticated(self) -> bool:
+            service_obj = self._current_service()
+            if not service_obj.auth_enabled:
+                return True
+            if self._current_session() is not None:
+                return True
+            self._write_json(401, {"status": "error", "error": "authentication required"})
+            return False
+
+        def _require_admin(self) -> bool:
+            service_obj = self._current_service()
+            token_matches = self._api_token_authorized()
+            if token_matches:
+                return True
+            if service_obj.write_api_token and not service_obj.auth_enabled:
+                self._write_json(
+                    401,
+                    {"status": "error", "error": "unauthorized: missing or invalid API token"},
+                )
+                return False
+            if not service_obj.auth_enabled:
+                return True
+            session_row = self._current_session()
+            if session_row is None:
+                self._write_json(401, {"status": "error", "error": "authentication required"})
+                return False
+            if str(session_row.get("role", "")) != "admin":
+                self._write_json(403, {"status": "error", "error": "admin role required"})
+                return False
+            return True
+
+        def _issue_session(self, username: str, role: str) -> str:
+            service_obj = self._current_service()
+            session_id = secrets.token_urlsafe(32)
+            with auth_sessions_lock:
+                auth_sessions[session_id] = {
+                    "username": str(username),
+                    "role": str(role),
+                    "expires_at": time.time() + service_obj.auth_session_ttl_s,
+                }
+            return session_id
+
+        def _drop_session(self) -> None:
+            service_obj = self._current_service()
+            session_id = self._parse_cookies().get(service_obj.auth_cookie_name, "")
+            if not session_id:
+                return
+            with auth_sessions_lock:
+                auth_sessions.pop(session_id, None)
+
+        def _session_cookie_headers(self, session_id: str = "", clear: bool = False) -> Dict[str, str]:
+            service_obj = self._current_service()
+            if clear:
+                return {
+                    "Set-Cookie": (
+                        f"{service_obj.auth_cookie_name}=; Path=/; HttpOnly; SameSite=Lax; Max-Age=0"
+                    )
+                }
+            return {
+                "Set-Cookie": (
+                    f"{service_obj.auth_cookie_name}={session_id}; Path=/; HttpOnly; SameSite=Lax; "
+                    f"Max-Age={service_obj.auth_session_ttl_s}"
+                )
+            }
+
         def _write_bytes(
             self,
             status_code: int,
@@ -1276,14 +1848,49 @@ def _make_handler(service: AutoService):
             self.end_headers()
             self.wfile.write(content)
 
-        def _write_json(self, status_code: int, payload: Dict[str, object]) -> None:
+        def _write_json(
+            self,
+            status_code: int,
+            payload: Dict[str, object],
+            extra_headers: Optional[Dict[str, str]] = None,
+        ) -> None:
             raw = json.dumps(payload, ensure_ascii=False).encode("utf-8")
             self._write_bytes(
                 status_code=status_code,
                 content=raw,
                 content_type="application/json; charset=utf-8",
+                extra_headers=extra_headers,
             )
 
+        def _read_json_body(
+            self,
+            *,
+            max_bytes: int = MAX_CONFIG_BODY_BYTES,
+            empty_body_is_object: bool = False,
+        ) -> Tuple[Optional[Dict[str, object]], Optional[str], int]:
+            try:
+                content_length = int(self.headers.get("Content-Length", "0"))
+            except ValueError:
+                return None, "Invalid Content-Length", 400
+            if content_length <= 0:
+                if empty_body_is_object:
+                    return {}, None, 200
+                return None, "Empty request body", 400
+            if content_length > max_bytes:
+                return (
+                    None,
+                    f"Config payload too large: {content_length} bytes, max is {max_bytes}",
+                    413,
+                )
+            body = self.rfile.read(content_length)
+            try:
+                parsed = json.loads(body.decode("utf-8"))
+            except json.JSONDecodeError as exc:
+                return None, f"Invalid JSON: {exc}", 400
+            if not isinstance(parsed, dict):
+                return None, "JSON body must be object", 400
+            return parsed, None, 200
+
         def _write_static(self, relative_path: str) -> None:
             web_root = Path(__file__).resolve().parent / "web"
             file_path = (web_root / relative_path).resolve()
@@ -1324,6 +1931,7 @@ def _make_handler(service: AutoService):
             path = parse.urlparse(self.path).path
             service_obj = self._current_service()
             snapshot = service_obj.snapshot()
+            session_row = self._current_session()
 
             if path == "/" or path == "/ui":
                 self._write_static("index.html")
@@ -1333,6 +1941,10 @@ def _make_handler(service: AutoService):
                 self._write_static(path.removeprefix("/static/"))
                 return
 
+            if path == "/auth/session":
+                self._write_json(200, {"status": "ok", "auth": self._auth_payload(session_row)})
+                return
+
             if path == "/health":
                 status = "ok" if snapshot["payload"] else "warming_up"
                 http_code = 200 if status == "ok" else 503
@@ -1347,6 +1959,8 @@ def _make_handler(service: AutoService):
                 return
 
             if path == "/result":
+                if not self._require_authenticated():
+                    return
                 payload = snapshot["payload"]
                 if payload is None:
                     self._write_json(
@@ -1370,6 +1984,8 @@ def _make_handler(service: AutoService):
                 return
 
             if path == "/frequencies":
+                if not self._require_authenticated():
+                    return
                 payload = snapshot["payload"]
                 if payload is None:
                     self._write_json(
@@ -1395,12 +2011,12 @@ def _make_handler(service: AutoService):
                 return
 
             if path == "/config":
-                public_config = json.loads(json.dumps(service_obj.config))
-                runtime_obj = public_config.get("runtime")
-                if isinstance(runtime_obj, dict):
-                    if "write_api_token" in runtime_obj:
-                        runtime_obj["write_api_token"] = ""
-                    runtime_obj["write_api_token_set"] = bool(service_obj.write_api_token)
+                if service_obj.auth_enabled and not self._require_admin():
+                    return
+                public_config = _public_config_view(
+                    config=service_obj.config,
+                    write_api_token_set=bool(service_obj.write_api_token),
+                )
                 self._write_json(
                     200,
                     {
@@ -1412,58 +2028,115 @@ def _make_handler(service: AutoService):
                 return
 
             if path == "/mock/controls":
+                if not self._require_authenticated():
+                    return
                 self._write_json(200, _collect_mock_controls(service_obj))
                 return
 
+            if path == "/users":
+                if not self._require_admin():
+                    return
+                try:
+                    users = _keycloak_list_users(service_obj)
+                except Exception as exc:
+                    self._write_json(500, {"status": "error", "error": str(exc)})
+                    return
+                self._write_json(200, {"status": "ok", "users": users})
+                return
+
             self._write_json(404, {"error": "not_found"})
 
         def do_POST(self) -> None:
             path = parse.urlparse(self.path).path
-            if not self._is_write_authorized():
-                self._write_json(
-                    401,
-                    {"status": "error", "error": "unauthorized: missing or invalid API token"},
-                )
-                return
 
-            if path == "/config":
+            if path == "/auth/login":
                 service_obj = self._current_service()
-                try:
-                    content_length = int(self.headers.get("Content-Length", "0"))
-                except ValueError:
-                    self._write_json(400, {"status": "error", "error": "Invalid Content-Length"})
+                if not service_obj.auth_enabled:
+                    self._write_json(400, {"status": "error", "error": "authentication disabled"})
                     return
-                if content_length <= 0:
-                    self._write_json(400, {"status": "error", "error": "Empty request body"})
+                payload, read_error, read_status = self._read_json_body()
+                if read_error:
+                    self._write_json(read_status, {"status": "error", "error": read_error})
                     return
-                if content_length > MAX_CONFIG_BODY_BYTES:
+                username = str(payload.get("username", "")).strip() if payload else ""
+                password = str(payload.get("password", "")).strip() if payload else ""
+                if not username or not password:
                     self._write_json(
-                        413,
+                        400,
+                        {"status": "error", "error": "username and password are required"},
+                    )
+                    return
+                status_code, token_payload, request_error = _http_json_request(
+                    service_obj.keycloak_token_url(),
+                    method="POST",
+                    form={
+                        "grant_type": "password",
+                        "client_id": service_obj.keycloak_client_id,
+                        "client_secret": service_obj.keycloak_client_secret,
+                        "username": username,
+                        "password": password,
+                        "scope": "openid profile email",
+                    },
+                    timeout_s=5.0,
+                )
+                if request_error:
+                    self._write_json(
+                        502,
+                        {"status": "error", "error": f"Keycloak login failed: {request_error}"},
+                    )
+                    return
+                if status_code < 200 or status_code >= 300:
+                    self._write_json(
+                        401,
                         {
                             "status": "error",
-                            "error": (
-                                f"Config payload too large: {content_length} bytes, "
-                                f"max is {MAX_CONFIG_BODY_BYTES}"
+                            "error": str(
+                                token_payload.get("error_description")
+                                or token_payload.get("error")
+                                or "login failed"
                             ),
                         },
                     )
                     return
-                body = self.rfile.read(content_length) if content_length > 0 else b""
-                try:
-                    new_config = json.loads(body.decode("utf-8"))
-                except json.JSONDecodeError as exc:
-                    self._write_json(400, {"status": "error", "error": f"Invalid JSON: {exc}"})
+                access_token = str(token_payload.get("access_token", "")).strip()
+                role = service_obj.role_from_token(access_token)
+                if not role:
+                    self._write_json(
+                        403,
+                        {
+                            "status": "error",
+                            "error": "user does not have required Keycloak role",
+                        },
+                    )
                     return
-                if not isinstance(new_config, dict):
-                    self._write_json(400, {"status": "error", "error": "Config must be JSON object"})
+                session_id = self._issue_session(username=username, role=role)
+                session_row = {"username": username, "role": role}
+                self._write_json(
+                    200,
+                    {"status": "ok", "auth": self._auth_payload(session_row)},
+                    extra_headers=self._session_cookie_headers(session_id=session_id),
+                )
+                return
+
+            if path == "/auth/logout":
+                self._drop_session()
+                self._write_json(
+                    200,
+                    {"status": "ok"},
+                    extra_headers=self._session_cookie_headers(clear=True),
+                )
+                return
+
+            if path == "/config":
+                if not self._require_admin():
+                    return
+                service_obj = self._current_service()
+                new_config, read_error, read_status = self._read_json_body()
+                if read_error:
+                    self._write_json(read_status, {"status": "error", "error": read_error})
                     return
 
-                # Avoid accidental token wipe when /config GET response is redacted in clients.
-                runtime_obj = new_config.get("runtime")
-                if isinstance(runtime_obj, dict) and service_obj.write_api_token:
-                    incoming_token = str(runtime_obj.get("write_api_token", "")).strip()
-                    if not incoming_token:
-                        runtime_obj["write_api_token"] = service_obj.write_api_token
+                _preserve_sensitive_config_values(service_obj, new_config)
 
                 try:
                     new_service = AutoService(new_config, config_path=service_obj.config_path)
@@ -1520,20 +2193,12 @@ def _make_handler(service: AutoService):
                 return
 
             if path == "/mock/control":
-                service_obj = self._current_service()
-                try:
-                    content_length = int(self.headers.get("Content-Length", "0"))
-                except ValueError:
-                    self._write_json(400, {"status": "error", "error": "Invalid Content-Length"})
-                    return
-                body = self.rfile.read(content_length) if content_length > 0 else b"{}"
-                try:
-                    payload = json.loads(body.decode("utf-8"))
-                except json.JSONDecodeError:
-                    self._write_json(400, {"status": "error", "error": "Invalid JSON"})
+                if not self._require_admin():
                     return
-                if not isinstance(payload, dict):
-                    self._write_json(400, {"status": "error", "error": "JSON body must be object"})
+                service_obj = self._current_service()
+                payload, read_error, read_status = self._read_json_body(empty_body_is_object=True)
+                if read_error:
+                    self._write_json(read_status, {"status": "error", "error": read_error})
                     return
                 target = str(payload.get("target", "")).strip().lower()
                 target_id = str(payload.get("id", "")).strip()
@@ -1606,10 +2271,115 @@ def _make_handler(service: AutoService):
                 self._write_json(200, response)
                 return
 
+            if path == "/users":
+                if not self._require_admin():
+                    return
+                service_obj = self._current_service()
+                payload, read_error, read_status = self._read_json_body()
+                if read_error:
+                    self._write_json(read_status, {"status": "error", "error": read_error})
+                    return
+
+                action = str(payload.get("action", "")).strip().lower()
+                username = str(payload.get("username", "")).strip()
+                role = str(payload.get("role", "user")).strip().lower()
+                enabled = bool(payload.get("enabled", True))
+                password = str(payload.get("password", "")).strip()
+                first_name = str(payload.get("first_name", "")).strip()
+                last_name = str(payload.get("last_name", "")).strip()
+                user_id = str(payload.get("user_id", "")).strip()
+
+                if action not in ("create", "update", "set_password", "delete"):
+                    self._write_json(400, {"status": "error", "error": "unsupported user action"})
+                    return
+                if not user_id and username:
+                    user_id = _keycloak_get_user_id_by_username(service_obj, username) or ""
+
+                try:
+                    if action == "create":
+                        if not username or not password:
+                            raise ValueError("username and password are required")
+                        if role not in ("admin", "user"):
+                            raise ValueError("role must be admin or user")
+                        status_code, _, request_error = _keycloak_admin_request(
+                            service_obj,
+                            "/users",
+                            method="POST",
+                            json_body={
+                                "username": username,
+                                "enabled": enabled,
+                                "firstName": first_name,
+                                "lastName": last_name,
+                            },
+                        )
+                        if request_error:
+                            raise RuntimeError(request_error)
+                        if status_code < 200 or status_code >= 300:
+                            raise RuntimeError("failed to create user in Keycloak")
+                        user_id = _keycloak_get_user_id_by_username(service_obj, username) or ""
+                        if not user_id:
+                            raise RuntimeError("created user not found in Keycloak")
+                        _keycloak_reset_password(service_obj, user_id, password)
+                        _keycloak_apply_user_role(service_obj, user_id, role)
+                    elif action == "update":
+                        if not user_id:
+                            raise ValueError("user_id or username is required")
+                        if role not in ("admin", "user"):
+                            raise ValueError("role must be admin or user")
+                        status_code, _, request_error = _keycloak_admin_request(
+                            service_obj,
+                            f"/users/{parse.quote(user_id)}",
+                            method="PUT",
+                            json_body={
+                                "enabled": enabled,
+                                "firstName": first_name,
+                                "lastName": last_name,
+                            },
+                        )
+                        if request_error or status_code < 200 or status_code >= 300:
+                            raise RuntimeError("failed to update user in Keycloak")
+                        _keycloak_apply_user_role(service_obj, user_id, role)
+                    elif action == "set_password":
+                        if not user_id:
+                            raise ValueError("user_id or username is required")
+                        if not password:
+                            raise ValueError("password is required")
+                        _keycloak_reset_password(service_obj, user_id, password)
+                    elif action == "delete":
+                        if not user_id:
+                            raise ValueError("user_id or username is required")
+                        status_code, _, request_error = _keycloak_admin_request(
+                            service_obj,
+                            f"/users/{parse.quote(user_id)}",
+                            method="DELETE",
+                        )
+                        if request_error or status_code < 200 or status_code >= 300:
+                            raise RuntimeError("failed to delete user in Keycloak")
+                except Exception as exc:
+                    self._write_json(400, {"status": "error", "error": str(exc)})
+                    return
+
+                try:
+                    users = _keycloak_list_users(service_obj)
+                except Exception as exc:
+                    self._write_json(
+                        200,
+                        {
+                            "status": "ok",
+                            "message": f"action completed, but refresh failed: {exc}",
+                            "users": [],
+                        },
+                    )
+                    return
+                self._write_json(200, {"status": "ok", "users": users})
+                return
+
             if path != "/refresh":
                 self._write_json(404, {"error": "not_found"})
                 return
 
+            if not self._require_admin():
+                return
             try:
                 self._current_service().refresh_once()
             except Exception as exc:
diff --git a/test_service_integration.py b/test_service_integration.py
index b625a36..2d4ab0a 100644
--- a/test_service_integration.py
+++ b/test_service_integration.py
@@ -1,5 +1,6 @@
 import json
 import threading
+import base64
 from typing import Any, Dict, List
 from urllib import error, request as urllib_request
 
@@ -23,6 +24,21 @@ class _FakeResponse:
         return None
 
 
+def _jwt_for_role(role_name: str, username: str = "viewer") -> str:
+    def _seg(payload: Dict[str, object]) -> str:
+        raw = json.dumps(payload, separators=(",", ":")).encode("utf-8")
+        return base64.urlsafe_b64encode(raw).decode("utf-8").rstrip("=")
+
+    header = _seg({"alg": "none", "typ": "JWT"})
+    payload = _seg(
+        {
+            "preferred_username": username,
+            "realm_access": {"roles": [role_name]},
+        }
+    )
+    return f"{header}.{payload}.signature"
+
+
 def _base_config() -> Dict[str, object]:
     return {
         "model": {
@@ -69,6 +85,28 @@ def _base_config() -> Dict[str, object]:
     }
 
 
+def _auth_config() -> Dict[str, object]:
+    config = _base_config()
+    config["auth"] = {
+        "enabled": True,
+        "provider": "keycloak",
+        "session_ttl_s": 3600,
+        "cookie_name": "triangulation_session",
+        "keycloak": {
+            "base_url": "http://keycloak.local",
+            "realm": "triangulation",
+            "client_id": "triangulation-ui",
+            "client_secret": "ui-secret",
+            "admin_client_id": "triangulation-admin",
+            "admin_client_secret": "admin-secret",
+            "user_role": "triangulation_user",
+            "admin_role": "triangulation_admin",
+            "admin_console_url": "http://keycloak.local/admin/",
+        },
+    }
+    return config
+
+
 def _install_urlopen(monkeypatch: pytest.MonkeyPatch, responses: Dict[str, object]) -> None:
     def _fake_urlopen(req: Any, timeout: float = 0.0):
         url = getattr(req, "full_url", str(req))
@@ -866,3 +904,227 @@ def test_receiver_configured_frequencies_limit_trilateration(monkeypatch: pytest
     assert payload is not None
     assert len(payload["frequency_table"]) == 1
     assert payload["frequency_table"][0]["frequency_hz"] == pytest.approx(915e6)
+
+
+def test_http_keycloak_login_creates_user_session(monkeypatch: pytest.MonkeyPatch):
+    config = _auth_config()
+    svc = service.AutoService(config)
+    svc.latest_payload = {
+        "selected_frequency_hz": 915e6,
+        "selected_frequency_mhz": 915.0,
+        "position": {"x": 1.0, "y": 2.0, "z": 3.0},
+        "rmse_m": 0.12,
+        "frequency_table": [],
+    }
+    svc.updated_at_utc = "2026-03-16T12:00:00+00:00"
+    svc.last_error = ""
+
+    def _fake_http_json_request(url: str, method: str = "GET", payload=None, form=None, headers=None, timeout_s: float = 2.0):
+        assert method == "POST"
+        assert form is not None
+        if form.get("username") == "viewer" and form.get("password") == "viewer123":
+            return 200, {"access_token": _jwt_for_role("triangulation_user", "viewer")}, ""
+        return 401, {"error": "invalid_grant"}, ""
+
+    monkeypatch.setattr(service, "_http_json_request", _fake_http_json_request)
+    http_server, thread, base_url = _start_api_server_for_test(svc)
+
+    try:
+        login_req = urllib_request.Request(
+            url=f"{base_url}/auth/login",
+            method="POST",
+            data=json.dumps({"username": "viewer", "password": "viewer123"}).encode("utf-8"),
+            headers={"Content-Type": "application/json"},
+        )
+        with urllib_request.urlopen(login_req) as response:
+            payload = json.loads(response.read().decode("utf-8"))
+            cookie = response.headers.get("Set-Cookie", "")
+        assert payload["auth"]["authenticated"] is True
+        assert payload["auth"]["role"] == "user"
+        assert "triangulation_session=" in cookie
+
+        session_req = urllib_request.Request(
+            url=f"{base_url}/auth/session",
+            headers={"Cookie": cookie.split(";", 1)[0]},
+        )
+        with urllib_request.urlopen(session_req) as response:
+            session_payload = json.loads(response.read().decode("utf-8"))
+        assert session_payload["auth"]["authenticated"] is True
+        assert session_payload["auth"]["visible_sections"] == [
+            "overview",
+            "frequencies",
+            "io",
+            "history",
+        ]
+
+        result_req = urllib_request.Request(
+            url=f"{base_url}/result",
+            headers={"Cookie": cookie.split(";", 1)[0]},
+        )
+        with urllib_request.urlopen(result_req) as response:
+            result_payload = json.loads(response.read().decode("utf-8"))
+        assert result_payload["status"] == "ok"
+        assert result_payload["data"]["position"]["x"] == pytest.approx(1.0)
+    finally:
+        http_server.shutdown()
+        http_server.server_close()
+        thread.join(timeout=1.0)
+
+
+def test_http_keycloak_user_can_view_status_but_not_admin_config(monkeypatch: pytest.MonkeyPatch):
+    config = _auth_config()
+    svc = service.AutoService(config)
+
+    monkeypatch.setattr(
+        service,
+        "_http_json_request",
+        lambda *args, **kwargs: (200, {"access_token": _jwt_for_role("triangulation_user", "viewer")}, ""),
+    )
+    http_server, thread, base_url = _start_api_server_for_test(svc)
+
+    try:
+        login_req = urllib_request.Request(
+            url=f"{base_url}/auth/login",
+            method="POST",
+            data=json.dumps({"username": "viewer", "password": "viewer123"}).encode("utf-8"),
+            headers={"Content-Type": "application/json"},
+        )
+        with urllib_request.urlopen(login_req) as response:
+            cookie = response.headers.get("Set-Cookie", "")
+
+        config_req = urllib_request.Request(
+            url=f"{base_url}/config",
+            headers={"Cookie": cookie.split(";", 1)[0]},
+        )
+        with pytest.raises(error.HTTPError) as exc_info:
+            urllib_request.urlopen(config_req)
+        assert exc_info.value.code == 403
+
+        controls_req = urllib_request.Request(
+            url=f"{base_url}/mock/controls",
+            headers={"Cookie": cookie.split(";", 1)[0]},
+        )
+        with urllib_request.urlopen(controls_req) as response:
+            controls_payload = json.loads(response.read().decode("utf-8"))
+        assert "inputs" in controls_payload
+        assert "outputs" in controls_payload
+
+        users_req = urllib_request.Request(
+            url=f"{base_url}/users",
+            headers={"Cookie": cookie.split(";", 1)[0]},
+        )
+        with pytest.raises(error.HTTPError) as exc_info:
+            urllib_request.urlopen(users_req)
+        assert exc_info.value.code == 403
+    finally:
+        http_server.shutdown()
+        http_server.server_close()
+        thread.join(timeout=1.0)
+
+
+def test_http_keycloak_admin_can_open_redacted_config(monkeypatch: pytest.MonkeyPatch):
+    config = _auth_config()
+    svc = service.AutoService(config)
+
+    monkeypatch.setattr(
+        service,
+        "_http_json_request",
+        lambda *args, **kwargs: (200, {"access_token": _jwt_for_role("triangulation_admin", "admin_ui")}, ""),
+    )
+    http_server, thread, base_url = _start_api_server_for_test(svc)
+
+    try:
+        login_req = urllib_request.Request(
+            url=f"{base_url}/auth/login",
+            method="POST",
+            data=json.dumps({"username": "admin_ui", "password": "admin123"}).encode("utf-8"),
+            headers={"Content-Type": "application/json"},
+        )
+        with urllib_request.urlopen(login_req) as response:
+            cookie = response.headers.get("Set-Cookie", "")
+
+        config_req = urllib_request.Request(
+            url=f"{base_url}/config",
+            headers={"Cookie": cookie.split(";", 1)[0]},
+        )
+        with urllib_request.urlopen(config_req) as response:
+            payload = json.loads(response.read().decode("utf-8"))
+        assert payload["config"]["auth"]["keycloak"]["client_secret"] == ""
+        assert payload["config"]["auth"]["keycloak"]["admin_client_secret"] == ""
+        assert payload["config"]["auth"]["keycloak"]["client_secret_set"] is True
+        assert payload["config"]["auth"]["keycloak"]["admin_client_secret_set"] is True
+    finally:
+        http_server.shutdown()
+        http_server.server_close()
+        thread.join(timeout=1.0)
+
+
+def test_http_keycloak_admin_can_list_users(monkeypatch: pytest.MonkeyPatch):
+    config = _auth_config()
+    svc = service.AutoService(config)
+
+    monkeypatch.setattr(
+        service,
+        "_http_json_request",
+        lambda *args, **kwargs: (200, {"access_token": _jwt_for_role("triangulation_admin", "admin_ui")}, ""),
+    )
+    monkeypatch.setattr(service.AutoService, "get_admin_access_token", lambda self: "admin-token")
+
+    def _fake_keycloak_admin_request(
+        svc: service.AutoService,
+        path: str,
+        method: str = "GET",
+        payload=None,
+        json_body=None,
+        timeout_s: float = 5.0,
+    ):
+        if path == "/users?max=200":
+            return 200, [
+                {
+                    "id": "u1",
+                    "username": "admin_ui",
+                    "enabled": True,
+                    "firstName": "System",
+                    "lastName": "Admin",
+                },
+                {
+                    "id": "u2",
+                    "username": "viewer",
+                    "enabled": True,
+                    "firstName": "Read",
+                    "lastName": "Only",
+                },
+            ], ""
+        if path == "/users/u1/role-mappings/realm":
+            return 200, [{"name": "triangulation_admin"}], ""
+        if path == "/users/u2/role-mappings/realm":
+            return 200, [{"name": "triangulation_user"}], ""
+        raise AssertionError(f"Unexpected path: {path}")
+
+    monkeypatch.setattr(service, "_keycloak_admin_request", _fake_keycloak_admin_request)
+    http_server, thread, base_url = _start_api_server_for_test(svc)
+
+    try:
+        login_req = urllib_request.Request(
+            url=f"{base_url}/auth/login",
+            method="POST",
+            data=json.dumps({"username": "admin_ui", "password": "admin123"}).encode("utf-8"),
+            headers={"Content-Type": "application/json"},
+        )
+        with urllib_request.urlopen(login_req) as response:
+            cookie = response.headers.get("Set-Cookie", "")
+
+        users_req = urllib_request.Request(
+            url=f"{base_url}/users",
+            headers={"Cookie": cookie.split(";", 1)[0]},
+        )
+        with urllib_request.urlopen(users_req) as response:
+            payload = json.loads(response.read().decode("utf-8"))
+        assert payload["status"] == "ok"
+        assert [row["username"] for row in payload["users"]] == ["admin_ui", "viewer"]
+        assert payload["users"][0]["role"] == "admin"
+        assert payload["users"][1]["role"] == "user"
+    finally:
+        http_server.shutdown()
+        http_server.server_close()
+        thread.join(timeout=1.0)
diff --git a/web/app.js b/web/app.js
index 430b4d0..8defcc7 100644
--- a/web/app.js
+++ b/web/app.js
@@ -3,6 +3,8 @@
   frequencies: null,
   health: null,
   config: null,
+  auth: null,
+  users: [],
   writeToken: "",
   activeSection: "overview",
   selectedReceiverIndex: 0,
@@ -39,6 +41,7 @@
   lastDeliveryStatus: "n/a",
   timezone: "local",
   uiDensity: "detailed",
+  uiTheme: "aurora",
 };
 
 const HZ_IN_MHZ = 1_000_000;
@@ -47,12 +50,14 @@ const MENU_GROUP_COLLAPSED_STORAGE_KEY = "triangulation.menu_group_collapsed";
 const DATE_TIME_COLLAPSED_STORAGE_KEY = "triangulation.date_time_collapsed";
 const TIMEZONE_STORAGE_KEY = "triangulation.timezone";
 const UI_DENSITY_STORAGE_KEY = "triangulation.ui_density";
+const UI_THEME_STORAGE_KEY = "triangulation.ui_theme";
 const AUTO_REFRESH_INTERVAL_STORAGE_KEY = "triangulation.auto_refresh_interval_ms";
 const AUTO_REFRESH_MIN_MS = 1_000;
 const AUTO_REFRESH_MAX_MS = 120_000;
 const AUTO_REFRESH_DEFAULT_MS = 2_000;
 const IO_HISTORY_LIMIT = 60;
 const MENU_GROUP_KEYS = ["monitoring", "io", "config"];
+const UI_THEME_OPTIONS = ["aurora", "signal", "slate"];
 const TIMEZONE_OPTIONS = [
   { value: "local", label: "Локальный (браузер)" },
   { value: "UTC", label: "UTC" },
@@ -108,6 +113,15 @@ function localizeStatus(value) {
   return mapping[status] || status;
 }
 
+function localizeThemeName(value) {
+  const mapping = {
+    aurora: "свет",
+    signal: "сигнал",
+    slate: "графит",
+  };
+  return mapping[String(value || "").toLowerCase()] || "свет";
+}
+
 function localizeErrorMessage(message) {
   const text = String(message || "неизвестная ошибка");
   const known = {
@@ -115,6 +129,10 @@ function localizeErrorMessage(message) {
     "at least 1 output server is required": "необходим минимум 1 выходной сервер",
     Unauthorized: "доступ запрещён (проверьте токен)",
     "unauthorized: missing or invalid API token": "доступ запрещён: отсутствует или неверный API-токен",
+    "authentication required": "требуется вход в систему",
+    "admin role required": "требуются права администратора",
+    "username and password are required": "нужны логин и пароль",
+    "user does not have required Keycloak role": "у пользователя нет нужной роли Keycloak",
     warming_up: "прогрев",
     not_found: "не найдено",
     "no data yet": "данные пока не получены",
@@ -198,6 +216,57 @@ function authHeaders() {
   };
 }
 
+function authEnabled() {
+  return Boolean(state.auth?.enabled);
+}
+
+function isAuthenticated() {
+  return Boolean(state.auth?.authenticated) || !authEnabled();
+}
+
+function isAdmin() {
+  return String(state.auth?.role || "") === "admin" || !authEnabled();
+}
+
+function visibleSections() {
+  if (!authEnabled()) {
+    return ["overview", "frequencies", "io", "history", "servers", "json"];
+  }
+  const sections = Array.isArray(state.auth?.visible_sections) ? state.auth.visible_sections : [];
+  return sections.length > 0 ? sections : [];
+}
+
+function applyServerReadOnlyMode() {
+  const readOnly = !isAdmin();
+  [
+    "rx-id",
+    "rx-url",
+    "rx-frequencies",
+    "rx-center-x",
+    "rx-center-y",
+    "rx-center-z",
+    "shared-filter-enabled",
+    "shared-min-freq",
+    "shared-max-freq",
+    "shared-min-rssi",
+    "shared-max-rssi",
+    "out-name",
+    "out-ip",
+    "write-token",
+  ].forEach((id) => {
+    const el = byId(id);
+    if (!el) return;
+    el.disabled = readOnly;
+    if ("readOnly" in el && el.tagName === "INPUT") {
+      el.readOnly = readOnly;
+    }
+  });
+  const stateBadge = byId("servers-state");
+  if (stateBadge && readOnly) {
+    stateBadge.textContent = "узлы: только просмотр";
+  }
+}
+
 function setActiveSection(section) {
   state.activeSection = section;
   document.querySelectorAll(".panel").forEach((panel) => {
@@ -212,6 +281,102 @@ function setActiveSection(section) {
   }
 }
 
+function ensureValidActiveSection() {
+  const allowed = visibleSections();
+  if (allowed.includes(state.activeSection)) return;
+  state.activeSection = allowed[0] || "overview";
+}
+
+function applySectionAccess() {
+  const allowed = new Set(visibleSections());
+  document.querySelectorAll(".menu-item").forEach((item) => {
+    const section = String(item.dataset.section || "");
+    item.hidden = !allowed.has(section);
+  });
+  document.querySelectorAll(".panel").forEach((panel) => {
+    const section = panel.id.replace("section-", "");
+    panel.hidden = !allowed.has(section);
+  });
+  const usersCard = byId("users-card");
+  if (usersCard) {
+    usersCard.hidden = !isAdmin();
+  }
+  document.querySelectorAll(".menu-group").forEach((group) => {
+    const hasVisibleItems = Array.from(group.querySelectorAll(".menu-item")).some((item) => !item.hidden);
+    group.hidden = !hasVisibleItems;
+  });
+  const configGroup = document.querySelector('.menu-group[data-menu-group="config"]');
+  if (configGroup && !isAdmin()) {
+    configGroup.hidden = true;
+  }
+  ensureValidActiveSection();
+  setActiveSection(state.activeSection);
+}
+
+function renderAuthUi() {
+  const overlay = byId("auth-overlay");
+  const userChip = byId("auth-user-chip");
+  const roleChip = byId("auth-role-chip");
+  const logoutButton = byId("logout-button");
+  const loginState = byId("login-state");
+  const shell = byId("app-shell");
+  const body = document.body;
+
+  if (body) {
+    body.classList.remove("role-admin", "role-user", "role-guest");
+    if (isAdmin()) {
+      body.classList.add("role-admin");
+    } else if (isAuthenticated()) {
+      body.classList.add("role-user");
+    } else {
+      body.classList.add("role-guest");
+    }
+  }
+
+  if (userChip) {
+    userChip.textContent = `пользователь: ${state.auth?.username || "гость"}`;
+  }
+  if (roleChip) {
+    roleChip.textContent = `роль: ${state.auth?.role || "-"}`;
+  }
+  if (logoutButton) {
+    logoutButton.hidden = !isAuthenticated() || !authEnabled();
+  }
+  if (overlay) {
+    const shouldShow = authEnabled() && !isAuthenticated();
+    overlay.classList.toggle("auth-overlay-hidden", !shouldShow);
+  }
+  if (shell) {
+    shell.classList.toggle("app-shell-locked", authEnabled() && !isAuthenticated());
+  }
+  [
+    "load-config",
+    "save-config",
+    "load-servers",
+    "save-servers",
+    "add-receiver",
+    "remove-receiver",
+    "add-output-server",
+    "remove-output-server",
+  ].forEach((id) => {
+    const el = byId(id);
+    if (el) el.hidden = !isAdmin();
+  });
+  const ioAdminControls = byId("io-admin-controls");
+  if (ioAdminControls) {
+    ioAdminControls.hidden = !isAdmin();
+  }
+  const historyAdminActions = byId("history-admin-actions");
+  if (historyAdminActions) {
+    historyAdminActions.hidden = !isAdmin();
+  }
+  if (loginState && authEnabled() && !isAuthenticated()) {
+    loginState.textContent = "авторизация: требуется вход";
+  }
+  applySectionAccess();
+  applyServerReadOnlyMode();
+}
+
 function setMenuCollapsed(isCollapsed) {
   state.menuCollapsed = Boolean(isCollapsed);
   const sideNav = byId("side-nav");
@@ -320,8 +485,8 @@ function setDateTimeCollapsed(isCollapsed) {
   }
   if (toggle) {
     toggle.textContent = state.dateTimeCollapsed
-      ? "Показать служебную панель"
-      : "Скрыть служебную панель";
+      ? "Показать панель"
+      : "Скрыть панель";
     toggle.setAttribute("aria-expanded", String(!state.dateTimeCollapsed));
   }
 
@@ -373,6 +538,27 @@ function normalizeUiDensity(value) {
   return String(value || "").toLowerCase() === "compact" ? "compact" : "detailed";
 }
 
+function normalizeUiTheme(value) {
+  const next = String(value || "").toLowerCase();
+  return UI_THEME_OPTIONS.includes(next) ? next : "aurora";
+}
+
+function saveUiThemePreference(value) {
+  try {
+    localStorage.setItem(UI_THEME_STORAGE_KEY, normalizeUiTheme(value));
+  } catch {
+    // Ignore localStorage errors in restricted environments.
+  }
+}
+
+function readUiThemePreference() {
+  try {
+    return normalizeUiTheme(localStorage.getItem(UI_THEME_STORAGE_KEY) || "aurora");
+  } catch {
+    return "aurora";
+  }
+}
+
 function saveUiDensityPreference(value) {
   try {
     localStorage.setItem(UI_DENSITY_STORAGE_KEY, normalizeUiDensity(value));
@@ -394,10 +580,20 @@ function applyUiDensity() {
   document.body.classList.toggle("ui-compact", compact);
   const toggle = byId("density-toggle");
   if (toggle) {
-    toggle.textContent = compact ? "Режим: компактный" : "Режим: детальный";
+    toggle.textContent = compact ? "Вид: компактный" : "Вид: детальный";
   }
 }
 
+function applyUiTheme() {
+  const nextTheme = normalizeUiTheme(state.uiTheme);
+  document.body.dataset.theme = nextTheme;
+  document.querySelectorAll(".theme-chip").forEach((button) => {
+    const isActive = normalizeUiTheme(button.dataset.themeValue) === nextTheme;
+    button.classList.toggle("theme-chip-active", isActive);
+    button.setAttribute("aria-pressed", String(isActive));
+  });
+}
+
 function setUiDensity(value, options = {}) {
   const { persist = true } = options;
   state.uiDensity = normalizeUiDensity(value);
@@ -407,6 +603,15 @@ function setUiDensity(value, options = {}) {
   }
 }
 
+function setUiTheme(value, options = {}) {
+  const { persist = true } = options;
+  state.uiTheme = normalizeUiTheme(value);
+  applyUiTheme();
+  if (persist) {
+    saveUiThemePreference(state.uiTheme);
+  }
+}
+
 function normalizePollIntervalMs(valueMs) {
   const numeric = Number(valueMs);
   if (!Number.isFinite(numeric)) return AUTO_REFRESH_DEFAULT_MS;
@@ -631,13 +836,13 @@ function renderInputFlow(data) {
   if (!root) return;
   const receivers = Array.isArray(data?.receivers) ? data.receivers : [];
   if (receivers.length === 0) {
-    root.innerHTML = '<div class="io-empty">Ожидание входных измерений от ресиверов.</div>';
+    root.innerHTML = '<div class="io-empty">Ожидание данных от приемников.</div>';
     return;
   }
 
   root.innerHTML = receivers
     .map((receiver) => {
-      const receiverId = escapeHtml(receiver?.receiver_id || "n/a");
+      const receiverId = escapeHtml(receiver?.receiver_id || "н/д");
       const sourceUrl = escapeHtml(receiver?.source_url || "-");
       const center = receiver?.center || {};
       const samples = Array.isArray(receiver?.samples) ? receiver.samples : [];
@@ -741,7 +946,7 @@ function renderOutputFlow(data, delivery) {
       return `
         <article class="io-card">
           <header class="io-card-head">
-            <h4>${escapeHtml(server?.name || "output")}</h4>
+            <h4>${escapeHtml(server?.name || "выход")}</h4>
             <span class="io-chip ${statusCls}">${escapeHtml(status)}</span>
           </header>
           <div class="io-meta-grid">
@@ -768,7 +973,7 @@ function buildIoHistoryRow(data, delivery) {
   const rssiValues = [];
 
   const inputItems = receivers.map((receiver) => {
-    const receiverId = String(receiver?.receiver_id || "n/a");
+    const receiverId = String(receiver?.receiver_id || "н/д");
     const sample = findByFrequency(receiver?.samples, selectedHz) || receiver?.samples?.[0] || null;
     const perFrequency =
       findByFrequency(receiver?.per_frequency, selectedHz) || receiver?.per_frequency?.[0] || null;
@@ -790,7 +995,7 @@ function buildIoHistoryRow(data, delivery) {
       return [`X=${fmt(pos?.x, 3)} Y=${fmt(pos?.y, 3)} Z=${fmt(pos?.z, 3)}`];
     }
     return servers.map((server) => {
-      const name = String(server?.name || "output");
+      const name = String(server?.name || "выход");
       const status = localizeStatus(server?.status);
       const code = server?.http_status ?? "-";
       return `${name}: ${status} (${code})`;
@@ -1108,13 +1313,13 @@ function renderOverviewSignalGrid(receivers, selectedHz) {
   const root = byId("ov-signal-grid");
   if (!root) return;
   if (!Array.isArray(receivers) || receivers.length === 0) {
-    root.innerHTML = '<div class="io-empty">Сигналы ресиверов пока не получены.</div>';
+    root.innerHTML = '<div class="io-empty">Сигналы от приемников еще не получены.</div>';
     return;
   }
 
   root.innerHTML = receivers
     .map((receiver) => {
-      const receiverId = String(receiver?.receiver_id || "n/a");
+      const receiverId = String(receiver?.receiver_id || "н/д");
       const sample = findByFrequency(receiver?.samples, selectedHz) || receiver?.samples?.[0] || null;
       const row = findByFrequency(receiver?.per_frequency, selectedHz) || receiver?.per_frequency?.[0] || null;
 
@@ -1188,28 +1393,28 @@ function renderOverviewPipeline(summary) {
 
   const stages = [
     {
-      name: "Сбор входов",
+      name: "Прием",
       status: inputStatus,
       value: `${summary.inputOnline}/${summary.inputTotal}`,
-      note: "доступность входных серверов",
+      note: "доступность приемников",
     },
     {
       name: "Решение",
       status: solveStatus,
       value: hasData ? `RMSE ${fmt(summary.data?.rmse_m, 2)} м` : "ожидание данных",
-      note: "оценка точности пересечения сфер",
+      note: "расчет координат",
     },
     {
-      name: "Доставка",
+      name: "Отправка",
       status: summary.delivery?.status || "warming_up",
       value: `${summary.outputOnline}/${summary.outputTotal}`,
-      note: "доступность выходных серверов",
+      note: "доступность серверов отправки",
     },
     {
-      name: "История",
+      name: "Журнал",
       status: summary.total > 0 ? (summary.success >= 80 ? "ok" : "partial") : "warming_up",
       value: `${summary.success}%`,
-      note: "успешность доставки по накопленной ленте",
+      note: "успех по накопленным событиям",
     },
   ];
 
@@ -1225,7 +1430,7 @@ function renderOverviewPipeline(summary) {
           <span class="io-chip ${statusClass(stage.status)}">${escapeHtml(localizeStatus(stage.status))}</span>
         </div>
         <div class="monitor-progress monitor-progress-accent">
-          <span style="width:${clamp(stage.name === "История" ? summary.success : stage.name === "Сбор входов" ? summary.inputOnlinePercent : stage.name === "Доставка" ? summary.outputOnlinePercent : summary.success, 0, 100)}%"></span>
+          <span style="width:${clamp(stage.name === "Журнал" ? summary.success : stage.name === "Прием" ? summary.inputOnlinePercent : stage.name === "Отправка" ? summary.outputOnlinePercent : summary.success, 0, 100)}%"></span>
         </div>
         <div class="pipeline-stage-note">${escapeHtml(stage.value)} • ${escapeHtml(stage.note)}</div>
       </article>
@@ -1343,9 +1548,9 @@ function renderHistoryInsights() {
 
     monitorRoot.innerHTML = `
       <div class="monitor-row"><span>Сервис</span><b>${escapeHtml(healthStatus)}</b></div>
-      <div class="monitor-row"><span>Доставка</span><b>${escapeHtml(deliveryStatus)}</b></div>
-      <div class="monitor-row"><span>Входы online</span><b>${summary.inputOnline}/${summary.inputTotal}</b></div>
-      <div class="monitor-row"><span>Выходы online</span><b>${summary.outputOnline}/${summary.outputTotal}</b></div>
+      <div class="monitor-row"><span>Отправка</span><b>${escapeHtml(deliveryStatus)}</b></div>
+      <div class="monitor-row"><span>Входы онлайн</span><b>${summary.inputOnline}/${summary.inputTotal}</b></div>
+      <div class="monitor-row"><span>Выходы онлайн</span><b>${summary.outputOnline}/${summary.outputTotal}</b></div>
       <div class="monitor-row"><span>Проблемных событий</span><b>${problemCount}</b></div>
       <div class="monitor-row"><span>Успех доставки</span><b>${summary.success}%</b></div>
       <div class="metric-track"><span style="width:${summary.success}%"></span></div>
@@ -1470,7 +1675,7 @@ function renderIoHistory() {
   }
 
   if (filtered.length === 0) {
-    let text = "История пока пуста.";
+    let text = "Журнал пока пуст.";
     if (state.ioHistory.length > 0) {
       if (hasDateFilter && state.historyFilter !== "all") {
         text = "По статусу и диапазону времени записей нет.";
@@ -1532,7 +1737,7 @@ function boolStateLabel(value, trueLabel, falseLabel) {
 
 function buildControlCardHtml(item, target) {
   const id = String(item?.id || "");
-  const name = escapeHtml(item?.name || id || "n/a");
+  const name = escapeHtml(item?.name || id || "н/д");
   const reachable = Boolean(item?.reachable);
   const errorText = item?.error ? escapeHtml(item.error) : "";
   const stateValue = target === "input" ? item?.enabled : item?.accept_writes;
@@ -1554,7 +1759,7 @@ function buildControlCardHtml(item, target) {
   const statusKind =
     !reachable && stateValue === null ? "io-status-error" : isActive ? "io-status-ok" : "io-status-skipped";
   const reachabilityKind = reachable ? "io-status-ok" : "io-status-error";
-  const reachabilityText = reachable ? "online" : "offline";
+  const reachabilityText = reachable ? "онлайн" : "офлайн";
   const disabledAttr = !id ? "disabled" : "";
   const liveFrequencies = Array.isArray(item?.frequencies_mhz)
     ? item.frequencies_mhz.map((value) => fmt(Number(value), 3)).join(", ")
@@ -1634,26 +1839,26 @@ function renderErrorControls() {
 
   const inputHtml =
     inputs.length === 0
-      ? '<div class="io-empty">Входные источники не обнаружены.</div>'
+      ? '<div class="io-empty">Приемники не найдены.</div>'
       : inputs.map((item) => buildControlCardHtml(item, "input")).join("");
 
   const outputHtml =
     outputs.length === 0
-      ? '<div class="io-empty">Выходные серверы не обнаружены.</div>'
+      ? '<div class="io-empty">Серверы отправки не найдены.</div>'
       : outputs.map((item) => buildControlCardHtml(item, "output")).join("");
 
   root.innerHTML = `
     <div class="io-control-grid io-control-grid-compact">
       <section class="io-block io-control-panel">
         <div class="io-control-panel-head">
-          <h4>Входные Потоки</h4>
+          <h4>Прием</h4>
           <span class="io-chip io-chip-neutral">${inputActiveCount}/${inputs.length} активны</span>
         </div>
         <div class="io-control-list">${inputHtml}</div>
       </section>
       <section class="io-block io-control-panel">
         <div class="io-control-panel-head">
-          <h4>Выходные Потоки</h4>
+          <h4>Отправка</h4>
           <span class="io-chip io-chip-neutral">${outputActiveCount}/${outputs.length} активны</span>
         </div>
         <div class="io-control-list">${outputHtml}</div>
@@ -1761,7 +1966,7 @@ function addReceiverDraft() {
 
 function removeReceiverDraft() {
   if (state.receiverDrafts.length <= 3) {
-    byId("servers-state").textContent = "серверы: необходимо минимум 3 входа";
+    byId("servers-state").textContent = "узлы: нужно минимум 3 приемника";
     return;
   }
   state.receiverDrafts.splice(state.selectedReceiverIndex, 1);
@@ -1833,7 +2038,7 @@ function addOutputDraft() {
 
 function removeOutputDraft() {
   if (state.outputDrafts.length <= 1) {
-    byId("servers-state").textContent = "серверы: необходим минимум 1 выход";
+    byId("servers-state").textContent = "узлы: нужен минимум 1 сервер отправки";
     return;
   }
   state.outputDrafts.splice(state.selectedOutputIndex, 1);
@@ -1846,6 +2051,10 @@ async function getJson(url) {
   const res = await fetch(url);
   const data = await res.json().catch(() => ({}));
   if (!res.ok) {
+    if (res.status === 401 && authEnabled() && url !== "/auth/session") {
+      state.auth = { ...(state.auth || {}), authenticated: false, username: "", role: "", visible_sections: [] };
+      renderAuthUi();
+    }
     throw new Error(data.error || data.status || `HTTP ${res.status}`);
   }
   return data;
@@ -1859,11 +2068,141 @@ async function postJson(url, payload) {
   });
   const data = await res.json().catch(() => ({}));
   if (!res.ok) {
+    if (res.status === 401 && authEnabled() && url !== "/auth/login") {
+      state.auth = { ...(state.auth || {}), authenticated: false, username: "", role: "", visible_sections: [] };
+      renderAuthUi();
+    }
     throw new Error(data.error || data.status || `HTTP ${res.status}`);
   }
   return data;
 }
 
+function clearUserForm() {
+  const ids = [
+    "user-id",
+    "user-username",
+    "user-first-name",
+    "user-last-name",
+    "user-password",
+  ];
+  ids.forEach((id) => {
+    const input = byId(id);
+    if (input) input.value = "";
+  });
+  const userRole = byId("user-role");
+  if (userRole) userRole.value = "user";
+  const userEnabled = byId("user-enabled");
+  if (userEnabled) userEnabled.value = "true";
+}
+
+function fillUserForm(user) {
+  byId("user-id").value = user?.id || "";
+  byId("user-username").value = user?.username || "";
+  byId("user-first-name").value = user?.first_name || "";
+  byId("user-last-name").value = user?.last_name || "";
+  byId("user-role").value = user?.role || "user";
+  byId("user-enabled").value = String(Boolean(user?.enabled));
+  byId("user-password").value = "";
+}
+
+function renderUsers() {
+  const tbody = byId("users-table")?.querySelector("tbody");
+  if (!tbody) return;
+  tbody.innerHTML = (state.users || [])
+    .map(
+      (user) => `
+        <tr class="user-row" data-user-id="${escapeHtml(user.id || "")}">
+          <td>${escapeHtml(user.username || "")}</td>
+          <td>${escapeHtml(user.role || "user")}</td>
+          <td>${user.enabled ? "включён" : "отключён"}</td>
+          <td>${escapeHtml([user.first_name, user.last_name].filter(Boolean).join(" ") || "-")}</td>
+        </tr>`
+    )
+    .join("");
+  tbody.querySelectorAll("tr").forEach((row) => {
+    row.addEventListener("click", () => {
+      const userId = row.dataset.userId;
+      const user = state.users.find((item) => String(item.id) === String(userId));
+      if (user) fillUserForm(user);
+    });
+  });
+}
+
+async function loadUsers() {
+  if (!isAdmin()) return;
+  try {
+    const payload = await getJson("/users");
+    state.users = Array.isArray(payload.users) ? payload.users : [];
+    renderUsers();
+    byId("users-state").textContent = `пользователи: ${state.users.length}`;
+  } catch (err) {
+    byId("users-state").textContent = `пользователи: ${localizeErrorMessage(err.message)}`;
+  }
+}
+
+async function submitUserAction(action) {
+  if (!isAdmin()) return;
+  const payload = {
+    action,
+    user_id: byId("user-id").value.trim(),
+    username: byId("user-username").value.trim(),
+    first_name: byId("user-first-name").value.trim(),
+    last_name: byId("user-last-name").value.trim(),
+    role: byId("user-role").value,
+    enabled: byId("user-enabled").value === "true",
+    password: byId("user-password").value,
+  };
+  try {
+    const response = await postJson("/users", payload);
+    state.users = Array.isArray(response.users) ? response.users : state.users;
+    renderUsers();
+    byId("users-state").textContent = "пользователи: сохранено";
+    if (action !== "update") clearUserForm();
+  } catch (err) {
+    byId("users-state").textContent = `пользователи: ${localizeErrorMessage(err.message)}`;
+  }
+}
+
+async function loadAuthSession() {
+  const payload = await getJson("/auth/session");
+  state.auth = payload.auth || null;
+  renderAuthUi();
+}
+
+async function login() {
+  const username = byId("login-username").value.trim();
+  const password = byId("login-password").value;
+  try {
+    const payload = await postJson("/auth/login", { username, password });
+    state.auth = payload.auth || null;
+    byId("login-password").value = "";
+    byId("login-state").textContent = "авторизация: выполнена";
+    renderAuthUi();
+    await loadAll();
+    if (isAdmin()) {
+      await loadConfig();
+      await loadUsers();
+    }
+  } catch (err) {
+    byId("login-state").textContent = `авторизация: ${localizeErrorMessage(err.message)}`;
+  }
+}
+
+async function logout() {
+  try {
+    await postJson("/auth/logout", {});
+  } catch {
+    // Ignore local logout errors and still reset the client state.
+  }
+  state.auth = authEnabled()
+    ? { ...(state.auth || {}), authenticated: false, username: "", role: "", visible_sections: [] }
+    : null;
+  state.config = null;
+  state.users = [];
+  renderUsers();
+  renderAuthUi();
+}
+
 function render() {
   const data = state.result?.data;
   const delivery = state.result?.output_delivery || state.frequencies?.output_delivery;
@@ -1920,39 +2259,47 @@ function render() {
 }
 
 async function loadAll() {
-  const [healthRes, resultRes, freqRes, controlsRes] = await Promise.allSettled([
-    getJson("/health"),
-    getJson("/result"),
-    getJson("/frequencies"),
-    getJson("/mock/controls"),
-  ]);
-  state.health = healthRes.status === "fulfilled" ? healthRes.value : { status: "error" };
-  state.result = resultRes.status === "fulfilled" ? resultRes.value : null;
-  state.frequencies = freqRes.status === "fulfilled" ? freqRes.value : null;
-  state.mockControls = controlsRes.status === "fulfilled" ? controlsRes.value : null;
+  const requests = [getJson("/health")];
+  if (isAuthenticated()) {
+    requests.push(getJson("/result"));
+    requests.push(getJson("/frequencies"));
+    requests.push(getJson("/mock/controls"));
+  }
+  const results = await Promise.allSettled(requests);
+  state.health = results[0]?.status === "fulfilled" ? results[0].value : { status: "error" };
+  state.result = results[1]?.status === "fulfilled" ? results[1].value : null;
+  state.frequencies = results[2]?.status === "fulfilled" ? results[2].value : null;
+  state.mockControls = results[3]?.status === "fulfilled" ? results[3].value : null;
   render();
 }
 
 async function refreshNow() {
+  if (!isAdmin()) {
+    await loadAll();
+    return;
+  }
   await postJson("/refresh", {});
   await loadAll();
 }
 
 async function loadConfig() {
+  if (!isAdmin()) return;
   try {
     const config = await getJson("/config");
     state.config = config.config || null;
     byId("config-editor").value = JSON.stringify(config.config, null, 2);
     fillServerForm();
     byId("config-state").textContent = "конфиг: загружен";
-    byId("servers-state").textContent = "серверы: загружены";
+    byId("servers-state").textContent = "узлы: загружены";
+    applyServerReadOnlyMode();
   } catch (err) {
     byId("config-state").textContent = `конфиг: ${localizeErrorMessage(err.message)}`;
-    byId("servers-state").textContent = `серверы: ${localizeErrorMessage(err.message)}`;
+    byId("servers-state").textContent = `узлы: ${localizeErrorMessage(err.message)}`;
   }
 }
 
 async function saveConfig() {
+  if (!isAdmin()) return;
   const raw = byId("config-editor").value.trim();
   try {
     const parsed = JSON.parse(raw);
@@ -2005,6 +2352,7 @@ function fillServerForm() {
 }
 
 async function saveServers() {
+  if (!isAdmin()) return;
   try {
     if (!state.config) {
       await loadConfig();
@@ -2064,19 +2412,36 @@ async function saveServers() {
       ? result.mock_input_frequency_sync_errors.filter((item) => String(item || "").trim() !== "")
       : [];
     byId("servers-state").textContent = result.restart_required
-      ? `серверы: сохранены, требуется перезапуск${saveSuffix}`
-      : `серверы: сохранены${saveSuffix}`;
+      ? `узлы: сохранены, требуется перезапуск${saveSuffix}`
+      : `узлы: сохранены${saveSuffix}`;
     if (syncErrors.length > 0) {
       showToast(`Частоты тестовых входов синхронизированы не полностью: ${syncErrors.join("; ")}`, "error");
     } else if (result.mock_input_frequency_sync_enabled) {
       showToast("Частоты тестовых входов обновлены и сохранены.", "success");
     }
   } catch (err) {
-    byId("servers-state").textContent = `серверы: ${localizeErrorMessage(err.message)}`;
+    byId("servers-state").textContent = `узлы: ${localizeErrorMessage(err.message)}`;
   }
 }
 
 function bindUi() {
+  const loginSubmit = byId("login-submit");
+  if (loginSubmit) {
+    loginSubmit.addEventListener("click", login);
+  }
+  const loginPassword = byId("login-password");
+  if (loginPassword) {
+    loginPassword.addEventListener("keydown", (event) => {
+      if (event.key === "Enter") {
+        event.preventDefault();
+        login();
+      }
+    });
+  }
+  const logoutButton = byId("logout-button");
+  if (logoutButton) {
+    logoutButton.addEventListener("click", logout);
+  }
   byId("refresh-now").addEventListener("click", refreshNow);
   const timezoneSelect = byId("timezone-select");
   if (timezoneSelect) {
@@ -2103,6 +2468,20 @@ function bindUi() {
   byId("save-config").addEventListener("click", saveConfig);
   byId("load-servers").addEventListener("click", loadConfig);
   byId("save-servers").addEventListener("click", saveServers);
+  const loadUsersButton = byId("load-users");
+  if (loadUsersButton) loadUsersButton.addEventListener("click", loadUsers);
+  const createUserButton = byId("create-user");
+  if (createUserButton) createUserButton.addEventListener("click", () => submitUserAction("create"));
+  const updateUserButton = byId("update-user");
+  if (updateUserButton) updateUserButton.addEventListener("click", () => submitUserAction("update"));
+  const resetPasswordButton = byId("reset-user-password");
+  if (resetPasswordButton) {
+    resetPasswordButton.addEventListener("click", () => submitUserAction("set_password"));
+  }
+  const deleteUserButton = byId("delete-user");
+  if (deleteUserButton) deleteUserButton.addEventListener("click", () => submitUserAction("delete"));
+  const clearUserFormButton = byId("clear-user-form");
+  if (clearUserFormButton) clearUserFormButton.addEventListener("click", clearUserForm);
 
   byId("add-receiver").addEventListener("click", addReceiverDraft);
   byId("remove-receiver").addEventListener("click", removeReceiverDraft);
@@ -2124,9 +2503,12 @@ function bindUi() {
     state.writeToken = event.target.value;
   });
 
-  byId("menu-toggle").addEventListener("click", () => {
-    setMenuCollapsed(!state.menuCollapsed);
-  });
+  const menuToggle = byId("menu-toggle");
+  if (menuToggle) {
+    menuToggle.addEventListener("click", () => {
+      setMenuCollapsed(!state.menuCollapsed);
+    });
+  }
 
   document.querySelectorAll(".menu-group-toggle").forEach((toggle) => {
     toggle.addEventListener("click", () => {
@@ -2158,6 +2540,15 @@ function bindUi() {
     });
   }
 
+  document.querySelectorAll(".theme-chip").forEach((button) => {
+    button.addEventListener("click", () => {
+      const nextTheme = normalizeUiTheme(button.dataset.themeValue);
+      if (nextTheme === state.uiTheme) return;
+      setUiTheme(nextTheme, { persist: true });
+      showToast(`Тема интерфейса: ${localizeThemeName(nextTheme)}.`, "info");
+    });
+  });
+
   const historyFilter = byId("history-filter");
   if (historyFilter) {
     historyFilter.addEventListener("change", (event) => {
@@ -2263,13 +2654,20 @@ async function boot() {
   state.menuGroupCollapsed = readMenuGroupCollapsed();
   applyAllMenuGroupsCollapsed();
   setUiDensity(readUiDensityPreference(), { persist: false });
+  setUiTheme(readUiThemePreference(), { persist: false });
   setPollIntervalMs(readPollIntervalPreference(), { persist: false, restartPolling: false });
   updateHistoryRecordingUi();
   setMenuCollapsed(readMenuCollapsed());
   setDateTimeCollapsed(readDateTimeCollapsed());
   updateRefreshUi();
+  await loadAuthSession();
   setActiveSection(state.activeSection);
-  await loadConfig();
+  if (isAdmin()) {
+    await loadConfig();
+  }
+  if (isAdmin()) {
+    await loadUsers();
+  }
   await loadAll();
   startPolling();
 }
diff --git a/web/index.html b/web/index.html
index 5b4a831..32528fd 100644
--- a/web/index.html
+++ b/web/index.html
@@ -3,18 +3,42 @@
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Панель Триангуляции</title>
+    <title>Радиотрекинг</title>
     <link rel="icon" type="image/svg+xml" href="/static/favicon.svg" />
-    <link rel="stylesheet" href="/static/styles.css?v=20260312r5" />
+    <link rel="stylesheet" href="/static/styles.css?v=20260319r2" />
   </head>
   <body>
     <div class="bg-glow bg-glow-a"></div>
     <div class="bg-glow bg-glow-b"></div>
 
+    <div id="auth-overlay" class="auth-overlay auth-overlay-hidden">
+      <div class="auth-dialog card">
+        <h2>Вход в систему</h2>
+        <p class="muted">Авторизация выполняется через Keycloak.</p>
+        <label class="field-control">
+          <span class="field-label">Логин</span>
+          <input id="login-username" type="text" autocomplete="username" />
+        </label>
+        <label class="field-control">
+          <span class="field-label">Пароль</span>
+          <input id="login-password" type="password" autocomplete="current-password" />
+        </label>
+        <div class="editor-actions">
+          <button id="login-submit" class="btn btn-primary" type="button">Войти</button>
+          <span id="login-state" class="badge">авторизация: ожидание</span>
+        </div>
+      </div>
+    </div>
+
     <main id="app-shell" class="app-shell">
       <aside id="side-nav" class="side-nav card">
         <div class="nav-head">
           <button id="menu-toggle" class="btn menu-toggle" type="button" aria-controls="menu-list" aria-expanded="true">Свернуть меню</button>
+          <div class="auth-summary">
+            <span id="auth-user-chip" class="badge badge-meta">пользователь: гость</span>
+            <span id="auth-role-chip" class="badge badge-meta">роль: -</span>
+            <button id="logout-button" class="btn btn-compact" type="button">Выйти</button>
+          </div>
         </div>
 
         <div class="menu-wrap">
@@ -27,14 +51,14 @@
                 aria-controls="menu-group-monitoring"
                 aria-expanded="true"
               >
-                <span class="menu-group-title">Мониторинг</span>
+                <span class="menu-group-title">Система</span>
                 <span id="menu-badge-monitoring" class="menu-group-badge">н/д</span>
               </button>
               <div id="menu-group-monitoring" class="menu-group-body">
                 <button class="menu-item menu-item-active" data-section="overview" type="button">
                   <span class="menu-item-icon" aria-hidden="true">O</span>
                   <span class="menu-item-text">Обзор</span>
-                  <span class="menu-item-note">Сводка</span>
+                  <span class="menu-item-note">Статус</span>
                 </button>
                 <button class="menu-item" data-section="frequencies" type="button">
                   <span class="menu-item-icon" aria-hidden="true">F</span>
@@ -52,19 +76,19 @@
                 aria-controls="menu-group-io"
                 aria-expanded="true"
               >
-                <span class="menu-group-title">Потоки</span>
+                <span class="menu-group-title">Сигнал</span>
                 <span id="menu-badge-io" class="menu-group-badge">н/д</span>
               </button>
               <div id="menu-group-io" class="menu-group-body">
                 <button class="menu-item" data-section="io" type="button">
                   <span class="menu-item-icon" aria-hidden="true">I</span>
-                  <span class="menu-item-text">Вход/Выход</span>
-                  <span class="menu-item-note">Потоки</span>
+                  <span class="menu-item-text">Сигнал</span>
+                  <span class="menu-item-note">Обмен</span>
                 </button>
                 <button class="menu-item" data-section="history" type="button">
                   <span class="menu-item-icon" aria-hidden="true">H</span>
                   <span class="menu-item-text">История</span>
-                  <span class="menu-item-note">Лента</span>
+                  <span class="menu-item-note">Журнал</span>
                 </button>
               </div>
             </section>
@@ -77,19 +101,19 @@
                 aria-controls="menu-group-config"
                 aria-expanded="true"
               >
-                <span class="menu-group-title">Конфигурация</span>
+                <span class="menu-group-title">Настройки</span>
                 <span id="menu-badge-config" class="menu-group-badge">н/д</span>
               </button>
               <div id="menu-group-config" class="menu-group-body">
                 <button class="menu-item" data-section="servers" type="button">
                   <span class="menu-item-icon" aria-hidden="true">S</span>
                   <span class="menu-item-text">Серверы</span>
-                  <span class="menu-item-note">Настройка</span>
+                  <span class="menu-item-note">Узлы</span>
                 </button>
                 <button class="menu-item" data-section="json" type="button">
                   <span class="menu-item-icon" aria-hidden="true">{}</span>
-                  <span class="menu-item-text">Конфигурация</span>
-                  <span class="menu-item-note">JSON</span>
+                  <span class="menu-item-text">Конфиг</span>
+                  <span class="menu-item-note">Файл</span>
                 </button>
               </div>
             </section>
@@ -105,9 +129,9 @@
               aria-controls="meta-panel"
               aria-expanded="true"
             >
-              Скрыть служебную панель
+              Скрыть панель
             </button>
-            <button id="density-toggle" class="btn btn-compact" type="button">Режим: детальный</button>
+            <button id="density-toggle" class="btn btn-compact" type="button">Вид: детальный</button>
           </div>
           <div id="meta-panel" class="meta-panel">
             <div id="date-time-panel" class="date-time-panel">
@@ -129,8 +153,8 @@
       <section class="content-area">
         <section id="section-overview" class="panel panel-active">
           <header class="hero card overview-hero">
-            <h2>Панель Радиопозиционирования</h2>
-            <p class="muted">Мониторинг и управление расчётом 3D триангуляции.</p>
+            <h2>Радиотрекинг</h2>
+            <p class="muted">Координаты по RSSI и частотам.</p>
             <div class="hero-actions">
               <button id="refresh-now" class="btn btn-primary">Обновить</button>
               <button id="toggle-auto-refresh" class="btn" type="button">Пауза автообновления</button>
@@ -144,18 +168,18 @@
 
           <div class="overview-layout">
             <article class="card overview-position-card">
-              <h2>Итоговая Позиция</h2>
+              <h2>Координаты</h2>
               <div class="result-box">
-                <div><span class="muted">Выбранная частота:</span> <b id="selected-freq">-</b></div>
+                <div><span class="muted">Частота:</span> <b id="selected-freq">-</b></div>
                 <div><span class="muted">X:</span> <b id="pos-x">-</b></div>
                 <div><span class="muted">Y:</span> <b id="pos-y">-</b></div>
                 <div><span class="muted">Z:</span> <b id="pos-z">-</b></div>
-                <div><span class="muted">СКО (RMSE):</span> <b id="rmse">-</b></div>
+                <div><span class="muted">Ошибка:</span> <b id="rmse">-</b></div>
               </div>
             </article>
 
             <article class="card monitor-board overview-monitor-card">
-              <h2>Оперативный Мониторинг</h2>
+              <h2>Статус</h2>
               <div class="monitor-headline">
                 <span class="io-chip io-chip-neutral">Сервис: <b id="ov-health-chip">н/д</b></span>
                 <span class="io-chip io-chip-neutral">Доставка: <b id="ov-delivery-chip">н/д</b></span>
@@ -166,26 +190,26 @@
                 <section class="monitor-panel monitor-kpi-panel">
                   <div class="overview-metrics">
                     <div class="metric-tile">
-                      <span class="metric-title">Входы online</span>
+                    <span class="metric-title">Входы онлайн</span>
                       <b id="ov-input-online" class="metric-value">0/0</b>
                     </div>
                     <div class="metric-tile">
-                      <span class="metric-title">Выходы online</span>
+                    <span class="metric-title">Выходы онлайн</span>
                       <b id="ov-output-online" class="metric-value">0/0</b>
                     </div>
                     <div class="metric-tile">
-                      <span class="metric-title">События в истории</span>
+                    <span class="metric-title">События</span>
                       <b id="ov-history-total" class="metric-value">0</b>
                     </div>
                     <div class="metric-tile">
-                      <span class="metric-title">Успех доставки</span>
+                    <span class="metric-title">Успех отправки</span>
                       <b id="ov-success-rate" class="metric-value">0%</b>
                     </div>
                   </div>
                 </section>
 
                 <section class="monitor-panel monitor-flow-panel">
-                  <h3>Состояние Потоков</h3>
+                  <h3>Потоки</h3>
                   <div class="monitor-flow-row">
                     <span>Входные потоки</span>
                     <b id="ov-input-online-bar-text">0/0</b>
@@ -201,7 +225,7 @@
                     <span id="ov-output-online-bar" style="width:0%"></span>
                   </div>
                   <div class="monitor-flow-row">
-                    <span>Успешная доставка</span>
+                    <span>Успех отправки</span>
                     <b id="ov-delivery-bar-text">0%</b>
                   </div>
                   <div class="monitor-progress monitor-progress-accent">
@@ -215,7 +239,7 @@
         
         <section id="section-frequencies" class="panel">
           <article class="card">
-            <h2>Таблица По Частотам</h2>
+            <h2>Решения по частотам</h2>
             <div class="table-wrap">
               <table id="freq-table">
                 <thead>
@@ -234,18 +258,18 @@
           </article>
 
           <article class="card monitor-board">
-            <h2>Аналитика Частот</h2>
+            <h2>Аналитика</h2>
             <div class="monitor-grid">
               <section class="monitor-panel monitor-frequency-panel">
-                <h3>Профиль Частот</h3>
+                <h3>Диапазон</h3>
                 <div id="ov-frequency-health" class="frequency-health-list"></div>
               </section>
               <section class="monitor-panel monitor-topfreq-panel">
-                <h3>Лидеры Частот</h3>
+                <h3>Лучшие частоты</h3>
                 <div id="ov-top-frequencies" class="top-frequencies"></div>
               </section>
               <section class="monitor-panel monitor-trends-panel">
-                <h3>Тренд Точности</h3>
+                <h3>Точность</h3>
                 <div class="trend-stack">
                   <article class="trend-card">
                     <div class="trend-head">
@@ -262,36 +286,38 @@
 
         <section id="section-io" class="panel">
           <article class="card">
-            <h2>Входные И Выходные Данные</h2>
-            <p class="muted">Оперативный мониторинг входящих измерений и фактической отправки на выходные серверы.</p>
+            <h2>Сигнал и отправка</h2>
+            <p class="muted">Приём данных и отправка координат.</p>
             <div class="io-grid">
               <section class="io-block">
-                <h3>Входные Данные (Ресиверы)</h3>
+                <h3>Приёмники</h3>
                 <div id="input-flow" class="io-list"></div>
               </section>
               <section class="io-block">
-                <h3>Выходные Данные (Отправка)</h3>
+                <h3>Отправка</h3>
                 <div id="output-flow" class="io-list"></div>
               </section>
             </div>
 
-            <h3 class="io-history-title">Управление Тестовыми Сбоями</h3>
-            <div id="error-controls" class="io-list"></div>
+            <div id="io-admin-controls">
+              <h3 class="io-history-title">Тестовые сбои</h3>
+              <div id="error-controls" class="io-list"></div>
+            </div>
           </article>
 
           <article class="card monitor-board">
-            <h2>Контур Входа/Выхода</h2>
+            <h2>Обработка</h2>
             <div class="monitor-grid">
               <section class="monitor-panel monitor-signal-panel">
-                <h3>Сигналы Ресиверов</h3>
+                <h3>Сигналы</h3>
                 <div id="ov-signal-grid" class="signal-grid"></div>
               </section>
               <section class="monitor-panel monitor-stage-panel">
-                <h3>Контур Обработки</h3>
+                <h3>Этапы</h3>
                 <div id="ov-pipeline-stages" class="pipeline-stages"></div>
               </section>
               <section class="monitor-panel monitor-trends-panel">
-                <h3>Тренды Потоков</h3>
+                <h3>Тренды</h3>
                 <div class="trend-stack">
                   <article class="trend-card">
                     <div class="trend-head">
@@ -302,7 +328,7 @@
                   </article>
                   <article class="trend-card">
                     <div class="trend-head">
-                      <span>Успех доставки, %</span>
+                      <span>Успех отправки, %</span>
                       <b id="ov-trend-delivery-meta">н/д</b>
                     </div>
                     <div id="ov-trend-delivery-chart" class="sparkline-wrap"></div>
@@ -315,13 +341,13 @@
 
         <section id="section-history" class="panel">
           <article class="card history-dashboard history-head-card">
-            <h2>История Входов И Выходов</h2>
-            <p class="muted">Связка входных измерений и отправки результата для отладки, SLA и диагностики ошибок.</p>
+            <h2>Журнал обмена</h2>
+            <p class="muted">Приём, расчёт и отправка результатов.</p>
           </article>
 
           <div class="history-layout">
             <article class="card history-data-card">
-              <h2>История И Фильтры</h2>
+              <h2>Журнал</h2>
               <div class="history-toolbar">
                 <label>
                   Статус
@@ -337,11 +363,11 @@
                 </label>
                 <div class="history-toolbar-right">
                   <label>
-                    От (дата и время)
+                    От
                     <input id="history-date-from" type="datetime-local" />
                   </label>
                   <label>
-                    До (дата и время)
+                    До
                     <input id="history-date-to" type="datetime-local" />
                   </label>
                   <label>
@@ -358,9 +384,11 @@
                     <button id="history-next" class="btn" type="button">Вперёд</button>
                   </div>
                   <button id="history-date-reset" class="btn" type="button">Сброс времени</button>
-                  <button id="history-record-toggle" class="btn" type="button">Пауза записи</button>
-                  <span id="history-record-state" class="badge badge-meta">запись: вкл</span>
-                  <button id="clear-history" class="btn" type="button">Очистить историю</button>
+                  <div id="history-admin-actions" class="history-admin-actions">
+                    <button id="history-record-toggle" class="btn" type="button">Пауза записи</button>
+                    <span id="history-record-state" class="badge badge-meta">запись: вкл</span>
+                    <button id="clear-history" class="btn" type="button">Очистить историю</button>
+                  </div>
                 </div>
               </div>
             <div class="table-wrap history-table-wrap">
@@ -369,8 +397,8 @@
                   <tr>
                     <th>Время</th>
                     <th>Частота (МГц)</th>
-                    <th>Вход (RSSI/Радиусы)</th>
-                    <th>Передано На Выход</th>
+                    <th>Вход</th>
+                    <th>Выход</th>
                     <th>Статус</th>
                   </tr>
                 </thead>
@@ -380,7 +408,7 @@
             </article>
 
             <article class="card history-monitor-card">
-              <h2>Мониторинг Истории</h2>
+              <h2>Сводка</h2>
               <div class="history-kpis">
                 <div class="kpi-card">
                   <span class="kpi-title">Событий</span>
@@ -399,18 +427,18 @@
                   <b id="hist-freqs" class="kpi-value">0</b>
                 </div>
                 <div class="kpi-card">
-                  <span class="kpi-title">Последнее событие</span>
+                  <span class="kpi-title">Последнее</span>
                   <b id="hist-last" class="kpi-value">н/д</b>
                 </div>
               </div>
 
               <div class="history-insights">
                 <section class="insight-panel">
-                  <h3>Диагностика Мониторинга</h3>
+                  <h3>Диагностика</h3>
                   <div id="history-monitor" class="history-monitor"></div>
                 </section>
                 <section class="insight-panel">
-                  <h3>Тренды Метрик</h3>
+                  <h3>Тренды</h3>
                   <div id="history-trends" class="history-trends"></div>
                 </section>
               </div>
@@ -420,15 +448,15 @@
 
         <section id="section-servers" class="panel">
           <article class="card servers-head-card">
-            <h2>Настройка Серверов</h2>
-            <p class="muted">Доступы входа и выхода задаются отдельно. Общий фильтр входа автоматически применяется ко всем входным серверам.</p>
+            <h2>Узлы системы</h2>
+            <p class="muted">Приёмники, фильтр и адреса отправки.</p>
           </article>
 
           <div class="servers-layout servers-layout-modern">
             <article class="card servers-card servers-card-modern">
               <div class="server-card-head">
-                <h3 class="servers-title">Входные Серверы</h3>
-                <p class="muted">Управление ресиверами и их геометрией.</p>
+                <h3 class="servers-title">Приёмники</h3>
+                <p class="muted">Адреса, частоты и координаты.</p>
               </div>
               <div class="server-card-body">
                 <div class="selector-row">
@@ -444,30 +472,30 @@
                 </div>
                 <div class="field-grid field-grid-2">
                   <label class="field-control">
-                    <span class="field-label">Имя ресивера</span>
+                    <span class="field-label">Имя</span>
                     <input id="rx-id" type="text" placeholder="rx_north" />
                   </label>
                   <label class="field-control">
-                    <span class="field-label">Адрес сервера (URL)</span>
+                    <span class="field-label">URL</span>
                     <input id="rx-url" type="text" placeholder="http://receiver-r0:9000/data" />
                   </label>
                 </div>
                 <label class="field-control">
-                  <span class="field-label">Частоты ресивера, МГц</span>
+                  <span class="field-label">Частоты, МГц</span>
                   <input id="rx-frequencies" type="text" placeholder="433.92, 868.1, 915.0" />
                   <span class="field-hint">Укажите через запятую только рабочие частоты этого входа.</span>
                 </label>
                 <div class="field-grid field-grid-3">
                   <label class="field-control">
-                    <span class="field-label">Координата X</span>
+                    <span class="field-label">X</span>
                     <input id="rx-center-x" type="number" step="0.001" />
                   </label>
                   <label class="field-control">
-                    <span class="field-label">Координата Y</span>
+                    <span class="field-label">Y</span>
                     <input id="rx-center-y" type="number" step="0.001" />
                   </label>
                   <label class="field-control">
-                    <span class="field-label">Координата Z</span>
+                    <span class="field-label">Z</span>
                     <input id="rx-center-z" type="number" step="0.001" />
                   </label>
                 </div>
@@ -476,7 +504,7 @@
 
             <article class="card servers-card servers-card-modern">
               <div class="server-card-head">
-                <h3 class="servers-title">Общий Фильтр Входа</h3>
+                <h3 class="servers-title">Общий фильтр</h3>
                 <p class="muted">Применяется автоматически ко всем входным серверам.</p>
               </div>
               <div class="server-card-body">
@@ -512,8 +540,8 @@
 
             <article class="card servers-card servers-card-modern">
               <div class="server-card-head">
-                <h3 class="servers-title">Выходные Серверы</h3>
-                <p class="muted">Минимальные параметры для доставки результата.</p>
+                <h3 class="servers-title">Серверы отправки</h3>
+                <p class="muted">Адреса для передачи координат.</p>
               </div>
               <div class="server-card-body">
                 <div class="selector-row">
@@ -529,16 +557,16 @@
                 </div>
                 <div class="field-grid field-grid-2">
                   <label class="field-control">
-                    <span class="field-label">Имя выхода</span>
+                    <span class="field-label">Имя</span>
                     <input id="out-name" type="text" placeholder="sink_main" />
                   </label>
                   <label class="field-control">
-                    <span class="field-label">IP/хост выхода</span>
+                    <span class="field-label">Адрес</span>
                     <input id="out-ip" type="text" placeholder="output-sink:8080" />
                   </label>
                 </div>
                 <label class="field-control">
-                  <span class="field-label">Токен записи (API, только сессия)</span>
+                  <span class="field-label">API-токен</span>
                   <input id="write-token" type="password" placeholder="необязательно" />
                 </label>
               </div>
@@ -548,18 +576,89 @@
           <article class="card servers-actions-card">
             <div class="editor-actions">
               <button id="load-servers" class="btn">Загрузить</button>
-              <button id="save-servers" class="btn btn-primary">Сохранить серверы</button>
-              <span id="servers-state" class="badge">серверы: н/д</span>
+              <button id="save-servers" class="btn btn-primary">Сохранить узлы</button>
+              <span id="servers-state" class="badge">узлы: н/д</span>
+            </div>
+          </article>
+
+          <article id="users-card" class="card servers-actions-card">
+            <div class="server-card-head">
+              <h3 class="servers-title">Пользователи</h3>
+              <p class="muted">Управление учётными записями и ролями Keycloak.</p>
+            </div>
+            <div class="users-layout">
+              <div class="table-wrap users-table-wrap">
+                <table id="users-table">
+                  <thead>
+                    <tr>
+                      <th>Логин</th>
+                      <th>Роль</th>
+                      <th>Состояние</th>
+                      <th>Имя</th>
+                    </tr>
+                  </thead>
+                  <tbody></tbody>
+                </table>
+              </div>
+              <div class="users-form">
+                <label class="field-control">
+                  <span class="field-label">ID пользователя</span>
+                  <input id="user-id" type="text" placeholder="заполняется автоматически" />
+                </label>
+                <label class="field-control">
+                  <span class="field-label">Логин</span>
+                  <input id="user-username" type="text" placeholder="operator_1" />
+                </label>
+                <div class="field-grid field-grid-2">
+                  <label class="field-control">
+                    <span class="field-label">Имя</span>
+                    <input id="user-first-name" type="text" />
+                  </label>
+                  <label class="field-control">
+                    <span class="field-label">Фамилия</span>
+                    <input id="user-last-name" type="text" />
+                  </label>
+                </div>
+                <div class="field-grid field-grid-2">
+                  <label class="field-control">
+                    <span class="field-label">Роль</span>
+                    <select id="user-role">
+                      <option value="user">Пользователь</option>
+                      <option value="admin">Администратор</option>
+                    </select>
+                  </label>
+                  <label class="field-control">
+                    <span class="field-label">Включён</span>
+                    <select id="user-enabled">
+                      <option value="true">Да</option>
+                      <option value="false">Нет</option>
+                    </select>
+                  </label>
+                </div>
+                <label class="field-control">
+                  <span class="field-label">Пароль</span>
+                  <input id="user-password" type="password" placeholder="для создания или смены" />
+                </label>
+                <div class="editor-actions">
+                  <button id="load-users" class="btn" type="button">Обновить список</button>
+                  <button id="create-user" class="btn btn-primary" type="button">Создать</button>
+                  <button id="update-user" class="btn" type="button">Сохранить</button>
+                  <button id="reset-user-password" class="btn" type="button">Сменить пароль</button>
+                  <button id="delete-user" class="btn" type="button">Удалить</button>
+                  <button id="clear-user-form" class="btn" type="button">Очистить</button>
+                </div>
+                <span id="users-state" class="badge">пользователи: н/д</span>
+              </div>
             </div>
           </article>
         </section>
 
         <section id="section-json" class="panel">
           <article class="card config-head-card">
-            <h2>Конфигурация</h2>
+            <h2>Конфиг</h2>
             <div class="editor-actions">
               <button id="load-config" class="btn">Загрузить</button>
-              <button id="save-config" class="btn btn-primary">Сохранить конфиг</button>
+              <button id="save-config" class="btn btn-primary">Сохранить файл</button>
               <span id="config-state" class="badge">конфиг: н/д</span>
             </div>
           </article>
@@ -567,8 +666,8 @@
           <div class="config-layout config-layout-modern">
             <article class="card config-editor-card config-editor-modern">
               <div class="config-section-head">
-                <h3>Редактор JSON</h3>
-                <p class="muted">Точный режим настройки для прод-конфигурации.</p>
+                <h3>JSON</h3>
+                <p class="muted">Полный файл настроек.</p>
               </div>
               <div class="config-editor-shell">
                 <div class="editor-toolbar">
@@ -581,16 +680,16 @@
             </article>
             <article class="card config-help-card config-help-modern">
               <div class="config-section-head">
-                <h3>Памятка По Полям</h3>
-                <p class="muted">Краткая структура и контрольные точки перед сохранением.</p>
+                <h3>Структура</h3>
+                <p class="muted">Основные разделы конфигурации.</p>
               </div>
               <div class="config-hints config-hints-grid">
-                <p><b>input.receivers[]</b><br />входные ресиверы: координаты, URL, частоты.</p>
-                <p><b>runtime.output_servers[]</b><br />список серверов, получающих координаты.</p>
+                <p><b>input.receivers[]</b><br />приемники: координаты, URL и частоты.</p>
+                <p><b>runtime.output_servers[]</b><br />серверы отправки координат.</p>
                 <p><b>input.default_input_filter</b><br />общий фильтр частот и RSSI.</p>
                 <p><b>system</b><br />системные таймеры, лимиты и автообновление.</p>
               </div>
-              <h3>Советы</h3>
+              <h3>Подсказки</h3>
               <ul class="config-tips">
                 <li>Поддерживайте уникальные `receiver_id` для каждого входа.</li>
                 <li>Согласуйте диапазоны частот между входными серверами.</li>
@@ -602,7 +701,7 @@
       </section>
     </main>
 
-    <script src="/static/app.js?v=20260312r5"></script>
+    <script src="/static/app.js?v=20260319r2"></script>
     <div id="toast-container" class="toast-container" aria-live="polite" aria-atomic="true"></div>
   </body>
 </html>
diff --git a/web/styles.css b/web/styles.css
index f929208..2c72778 100644
--- a/web/styles.css
+++ b/web/styles.css
@@ -1,4 +1,4 @@
-@import url("https://fonts.googleapis.com/css2?family=Manrope:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;600&display=swap");
+@import url("https://fonts.googleapis.com/css2?family=Manrope:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;600&display=swap");
 
 :root {
   --bg-main: #f5f7fb;
@@ -48,6 +48,87 @@ body {
   overflow-x: hidden;
 }
 
+body.role-user .menu-group[data-menu-group="config"],
+body.role-guest .menu-group[data-menu-group="config"] {
+  display: none !important;
+}
+
+.auth-overlay {
+  position: fixed;
+  inset: 0;
+  z-index: 30;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 24px;
+  background: rgba(18, 28, 45, 0.34);
+  backdrop-filter: blur(10px);
+}
+
+.auth-overlay-hidden {
+  display: none;
+}
+
+.auth-dialog {
+  width: min(460px, 100%);
+  display: grid;
+  gap: 12px;
+}
+
+.auth-summary {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 8px;
+  align-items: center;
+  justify-content: flex-end;
+  margin-left: auto;
+}
+
+.app-shell-locked {
+  pointer-events: none;
+  user-select: none;
+}
+
+.users-layout {
+  display: grid;
+  grid-template-columns: minmax(280px, 1.2fr) minmax(320px, 1fr);
+  gap: 14px;
+  align-items: start;
+}
+
+.users-form {
+  display: grid;
+  gap: 12px;
+}
+
+.users-table-wrap {
+  max-height: 420px;
+}
+
+#users-table tbody tr {
+  cursor: pointer;
+}
+
+#users-table tbody tr:hover {
+  background: rgba(36, 107, 255, 0.08);
+}
+
+#user-id {
+  background: rgba(36, 107, 255, 0.04);
+}
+
+@media (max-width: 1100px) {
+  .auth-summary {
+    width: 100%;
+    justify-content: flex-start;
+    margin-left: 0;
+  }
+
+  .users-layout {
+    grid-template-columns: 1fr;
+  }
+}
+
 .app-shell {
   width: 100%;
   margin: 0;
@@ -112,14 +193,14 @@ body {
   z-index: 5;
   display: grid;
   gap: 10px;
-  text-align: center;
-  justify-items: center;
+  text-align: left;
+  justify-items: stretch;
 }
 
 .nav-head {
   display: flex;
   align-items: center;
-  justify-content: center;
+  justify-content: flex-start;
   gap: 10px;
   width: 100%;
 }
@@ -127,7 +208,7 @@ body {
 .brand-block {
   display: grid;
   gap: 2px;
-  justify-items: center;
+  justify-items: start;
 }
 
 .kicker {
@@ -172,8 +253,8 @@ body {
 }
 
 .hero {
-  text-align: center;
-  justify-items: center;
+  text-align: left;
+  justify-items: stretch;
 }
 
 .hero h2 {
@@ -212,7 +293,7 @@ body {
 }
 
 .hero-actions {
-  justify-content: center;
+  justify-content: flex-start;
 }
 
 .btn {
@@ -521,14 +602,14 @@ body {
   width: 100%;
   display: grid;
   gap: 8px;
-  justify-items: center;
+  justify-items: stretch;
   min-width: 0;
 }
 
 .datetime-panel-controls {
   width: 100%;
   display: flex;
-  justify-content: center;
+  justify-content: flex-start;
   flex-wrap: wrap;
   gap: 8px;
 }
@@ -537,7 +618,7 @@ body {
   width: 100%;
   display: grid;
   gap: 8px;
-  justify-items: center;
+  justify-items: stretch;
   max-height: 240px;
   opacity: 1;
   transform: translateY(0);
@@ -564,7 +645,7 @@ body {
   flex-wrap: wrap;
   gap: 8px;
   align-items: center;
-  justify-content: center;
+  justify-content: flex-start;
 }
 
 .meta-pill {
@@ -576,14 +657,14 @@ body {
   line-height: 1.2;
   color: #30486f;
   white-space: normal;
-  text-align: center;
+  text-align: left;
   overflow-wrap: anywhere;
 }
 
 .timezone-picker {
   display: grid;
   gap: 4px;
-  text-align: center;
+  text-align: left;
   font-size: 0.78rem;
   color: #3d4f70;
   min-width: 220px;
@@ -663,15 +744,15 @@ body {
   display: grid;
   grid-template-columns: repeat(auto-fit, minmax(160px, 1fr));
   gap: 10px;
-  text-align: center;
-  width: min(960px, 100%);
-  margin: 0 auto;
+  text-align: left;
+  width: 100%;
+  margin: 0;
 }
 
 /* Overview panel: force vertical flow for key info blocks. */
 #section-overview .result-box {
   grid-template-columns: 1fr;
-  width: min(560px, 100%);
+  width: 100%;
   gap: 8px;
 }
 
@@ -718,7 +799,7 @@ body {
   display: flex;
   flex-wrap: wrap;
   gap: 8px;
-  justify-content: center;
+  justify-content: flex-start;
 }
 
 .monitor-headline .io-chip b {
@@ -743,7 +824,7 @@ body {
 
 .monitor-panel h3 {
   margin: 0;
-  text-align: center;
+  text-align: left;
   font-size: 0.92rem;
 }
 
@@ -1294,7 +1375,7 @@ body {
 }
 
 .history-head-card {
-  text-align: center;
+  text-align: left;
 }
 
 .history-layout {
@@ -1312,7 +1393,7 @@ body {
 .history-data-card > h2,
 .history-monitor-card > h2 {
   margin: 0 0 10px;
-  text-align: center;
+  text-align: left;
 }
 
 .history-data-card .history-toolbar {
@@ -1402,6 +1483,13 @@ body {
   flex: 999 1 700px;
 }
 
+.history-admin-actions {
+  display: flex;
+  align-items: center;
+  gap: 10px;
+  flex-wrap: wrap;
+}
+
 .history-pager {
   display: flex;
   align-items: center;
@@ -1431,7 +1519,7 @@ body {
 .insight-panel h3 {
   margin: 0 0 8px;
   font-size: 0.94rem;
-  text-align: center;
+  text-align: left;
 }
 
 .history-monitor {
@@ -1569,12 +1657,12 @@ body {
 .server-grid label,
 .server-actions-row,
 .editor-actions {
-  text-align: center;
+  text-align: left;
 }
 
 .server-actions-row,
 .editor-actions {
-  justify-content: center;
+  justify-content: flex-start;
 }
 
 .muted {
@@ -1656,7 +1744,7 @@ tbody tr:hover {
 }
 
 .servers-head-card {
-  text-align: center;
+  text-align: left;
 }
 
 .servers-layout {
@@ -1692,7 +1780,7 @@ tbody tr:hover {
 
 .server-grid label {
   display: grid;
-  justify-items: center;
+  justify-items: stretch;
   gap: 6px;
   font-size: 0.88rem;
   color: #34425c;
@@ -1707,7 +1795,7 @@ tbody tr:hover {
   font-size: 0.9rem;
   background: #fff;
   color: var(--text);
-  text-align: center;
+  text-align: left;
   font-family: inherit;
   transition: border-color var(--anim-fast) ease, box-shadow var(--anim-fast) ease;
   width: 100%;
@@ -1723,7 +1811,7 @@ tbody tr:hover {
 }
 
 .config-head-card {
-  text-align: center;
+  text-align: left;
 }
 
 .config-layout {
@@ -1740,7 +1828,7 @@ tbody tr:hover {
 
 .config-editor-card h3 {
   margin: 0 0 8px;
-  text-align: center;
+  text-align: left;
 }
 
 .config-help-card {
@@ -1752,7 +1840,7 @@ tbody tr:hover {
 
 .config-help-card h3 {
   margin: 0 0 8px;
-  text-align: center;
+  text-align: left;
 }
 
 .config-hints {
@@ -1808,6 +1896,7 @@ tbody tr:hover {
 .server-card-head .muted {
   margin: 0;
   font-size: 0.8rem;
+  text-align: left;
 }
 
 .server-card-body {
@@ -1922,12 +2011,12 @@ tbody tr:hover {
 
 .config-section-head h3 {
   margin: 0;
-  text-align: center;
+  text-align: left;
 }
 
 .config-section-head .muted {
   margin: 4px 0 0;
-  text-align: center;
+  text-align: left;
   font-size: 0.8rem;
 }
 
@@ -2148,9 +2237,9 @@ body.ui-compact td {
   }
 
   .nav-head {
-    align-items: center;
+    align-items: stretch;
     flex-direction: column;
-    text-align: center;
+    text-align: left;
   }
 
   .menu-toggle {
@@ -2169,7 +2258,7 @@ body.ui-compact td {
   }
 
   .side-meta {
-    justify-items: center;
+    justify-items: stretch;
   }
 
   .timezone-picker {
@@ -2356,7 +2445,7 @@ body.ui-compact td {
   }
 
   .monitor-headline {
-    justify-content: stretch;
+    justify-content: flex-start;
   }
 
   .monitor-headline .io-chip {