From bb680b06d571e0da04075cfc6b8e34b4ff2a7530 Mon Sep 17 00:00:00 2001
From: roost-io <sudhir@roost.ai>
Date: Tue, 6 Jan 2026 09:15:16 +0530
Subject: [PATCH] Functional test generated by RoostGPT

Using AI Model gpt-4o
---
 functional_tests/README.md                    |  22 ++++
 .../.roost/roost_metadata.json                |  34 +++++
 .../roost_test_1767670834.csv                 |  10 ++
 .../roost_test_1767670834.feature             | 116 ++++++++++++++++++
 .../roost_test_1767670834.json                |   1 +
 .../roost_test_1767670834.xlsx                | Bin 0 -> 15340 bytes
 6 files changed, 183 insertions(+)
 create mode 100644 functional_tests/README.md
 create mode 100644 functional_tests/roost_test_1767670834/.roost/roost_metadata.json
 create mode 100644 functional_tests/roost_test_1767670834/roost_test_1767670834.csv
 create mode 100644 functional_tests/roost_test_1767670834/roost_test_1767670834.feature
 create mode 100644 functional_tests/roost_test_1767670834/roost_test_1767670834.json
 create mode 100644 functional_tests/roost_test_1767670834/roost_test_1767670834.xlsx

diff --git a/functional_tests/README.md b/functional_tests/README.md
new file mode 100644
index 00000000..39bbc28b
--- /dev/null
+++ b/functional_tests/README.md
@@ -0,0 +1,22 @@
+# Roost Generated Functional Test
+
+**Execution Date:** 6/1/2026, 9:15:13 am
+
+**Test Unique Identifier:** "roost_test_1767670834"
+
+**Input(s):**
+   1. bankspromot.txt
+      Path: C:\Users\manda\Downloads\bankspromot.txt
+   2. TCSBaNCS_ST_BSSB_FSD_CallCenterOperator_v14.2.docx
+      Path: C:\Users\manda\Downloads\TCSBaNCS_ST_BSSB_FSD_CallCenterOperator_v14.2.docx
+   3. TCS BaNCS-Functional Specifications-Securities Back Office Processing-v1.8.1.docx
+      Path: C:\Users\manda\Downloads\TCS BaNCS-Functional Specifications-Securities Back Office Processing-v1.8.1.docx
+
+**Test Output Folder:**
+   1. [roost_test_1767670834.json](roost_test_1767670834\roost_test_1767670834.json)
+   2. [roost_test_1767670834.feature](roost_test_1767670834\roost_test_1767670834.feature)
+   3. [roost_test_1767670834.csv](roost_test_1767670834\roost_test_1767670834.csv)
+   4. [roost_test_1767670834.xlsx](roost_test_1767670834\roost_test_1767670834.xlsx)
+
+---
+
diff --git a/functional_tests/roost_test_1767670834/.roost/roost_metadata.json b/functional_tests/roost_test_1767670834/.roost/roost_metadata.json
new file mode 100644
index 00000000..b73b5db0
--- /dev/null
+++ b/functional_tests/roost_test_1767670834/.roost/roost_metadata.json
@@ -0,0 +1,34 @@
+{
+  "project": {
+    "name": "roost_test_1767670834",
+    "created_at": "2026-01-06T03:45:13.331Z",
+    "updated_at": "2026-01-06T03:45:13.331Z"
+  },
+  "files": {
+    "input_files": [
+      {
+        "fileName": "roost_test_1767670834.txt",
+        "fileURI": "C:\\var\\tmp\\Roost\\RoostGPT\\TCSBaNCS_functional-after-fix\\1767670834\\functional_tests\\roost_test_1767670834\\roost_test_1767670834.txt",
+        "fileSha": "20ce6ae448"
+      },
+      {
+        "fileName": "bankspromot.txt",
+        "fileURI": "C:\\var\\tmp\\Roost\\RoostGPT\\TCSBaNCS_functional-after-fix\\1767670834\\functional_tests\\roost_test_1767670834\\bankspromot.txt",
+        "fileSha": "0664b099ba"
+      },
+      {
+        "fileName": "TCSBaNCS_ST_BSSB_FSD_CallCenterOperator_v14.2.docx",
+        "fileURI": "C:\\var\\tmp\\Roost\\RoostGPT\\TCSBaNCS_functional-after-fix\\1767670834\\functional_tests\\roost_test_1767670834\\TCSBaNCS_ST_BSSB_FSD_CallCenterOperator_v14.2.docx",
+        "fileSha": "55a242034e"
+      },
+      {
+        "fileName": "TCS BaNCS-Functional Specifications-Securities Back Office Processing-v1.8.1.docx",
+        "fileURI": "C:\\var\\tmp\\Roost\\RoostGPT\\TCSBaNCS_functional-after-fix\\1767670834\\functional_tests\\roost_test_1767670834\\TCS BaNCS-Functional Specifications-Securities Back Office Processing-v1.8.1.docx",
+        "fileSha": "2cd5271236"
+      }
+    ]
+  },
+  "api_files": {
+    "input_files": []
+  }
+}
\ No newline at end of file
diff --git a/functional_tests/roost_test_1767670834/roost_test_1767670834.csv b/functional_tests/roost_test_1767670834/roost_test_1767670834.csv
new file mode 100644
index 00000000..6338d8a0
--- /dev/null
+++ b/functional_tests/roost_test_1767670834/roost_test_1767670834.csv
@@ -0,0 +1,10 @@
+"Scenario Outline: User Login with MFA Process"
+"Scenario: Role-Based Access for Supervisors"
+"Scenario Outline: Account Lockout after Multiple Failed Login Attempts"
+"Scenario Outline: Customer OTP Verification"
+"Scenario: Update Sensitive Profile Information with Required Authorization"
+"Scenario Outline: PII Masking in Error Messages"
+"Scenario: Ensure Session Timeout After Inactivity"
+"Scenario Outline: Unauthorized API Access Attempt"
+"Scenario: Secure User Session Termination after Logout"
+"Scenario: Audit Log Integrity Check"
diff --git a/functional_tests/roost_test_1767670834/roost_test_1767670834.feature b/functional_tests/roost_test_1767670834/roost_test_1767670834.feature
new file mode 100644
index 00000000..0cf9be82
--- /dev/null
+++ b/functional_tests/roost_test_1767670834/roost_test_1767670834.feature
@@ -0,0 +1,116 @@
+Feature: Security-Sensitive User Journeys and System Interactions in TCS BaNCS
+
+  # UI Test Scenarios for Call Center System
+  @ui @authentication @MFA
+  Scenario Outline: User Login with MFA Process
+    Given I am on the "Login" page of the Call Center
+    When I enter "<username>" and "<password>"
+    Then I should see an MFA prompt
+    When I enter the MFA code "<mfa_code>"
+    Then I should be logged into the dashboard
+    And the successful login and MFA verification should be recorded
+
+    Examples:
+      | username   | password   | mfa_code   |
+      | user1      | pass123    | 123456     |
+      | user2      | pass456    | 654321     |
+
+  @ui @authorization @RBAC
+  Scenario: Role-Based Access for Supervisors
+    Given I am logged in as a supervisor
+    When I attempt to access management and report tools
+    Then I should be granted access
+    When I try to initiate high-privilege transactions
+    Then access should be restricted
+    
+  # API Test Scenarios for Backend Core System
+  @api @authentication @lockout
+  Scenario Outline: Account Lockout after Multiple Failed Login Attempts
+    Given the API base URL is '/api/auth'
+    And the authorization token is set
+    When I send a POST request to '/api/auth/login' with payload """
+    { "username": "<username>", "password": "<wrong_password>" }
+    """
+    Then the response status should be 401
+    And the response should contain 'account locked' after 3 attempts
+
+    Examples:
+      | username   | wrong_password |
+      | user1      | wrongpass     |
+
+  @api @customer_verification @OTP
+  Scenario Outline: Customer OTP Verification
+    Given the API base URL is '/api/verification'
+    And the authorization token is set
+    When I send a POST request to '/api/verification/otp' with payload """
+    { "customerId": "<customer_id>", "otp": "<otp_code>" }
+    """
+    Then the response status should be <status>
+    And the response should contain '<verification_message>'
+
+    Examples:
+      | customer_id | otp_code | status | verification_message           |
+      | CUST001     | 111111   | 200    | otp verified successfully      |
+      | CUST001     | 999999   | 403    | invalid otp, attempts exceeded |
+
+  @api @profile_update @authorization
+  Scenario: Update Sensitive Profile Information with Required Authorization
+    Given the API base URL is '/api/customers'
+    And the authorization token is auth_admin
+    When I send a PUT request to '/api/customers/profile' with payload """
+    { "customerId": "CUST001", "contactInfo": { "phone": "+972*****1234" } }
+    """
+    Then the response status should be 403
+    And the request should be pending supervisor approval in logs
+
+  # API Test for Security and Error Handling
+  @api @secure_error_handling @PII_masking
+  Scenario Outline: PII Masking in Error Messages
+    Given the API base URL is '/api/errors'
+    When I trigger an error with invalid data """
+    { "cardNumber": "<invalid_card>" }
+    """
+    Then the error message should not contain "<sensitive_data>"
+    And only a generic error code should be presented
+
+    Examples:
+      | invalid_card     | sensitive_data |
+      | 1234-5678-8765   | 1234           |
+      | 0000-0000-0000   | 0000           |
+
+  # UI Test Scenarios for Session Management
+  @ui @session_security @timeout
+  Scenario: Ensure Session Timeout After Inactivity
+    Given I am logged into the Call Center
+    When I remain idle for the timeout period
+    Then I should be prompted to re-login
+    And the session timeout event should be logged
+
+  # API Test for Unauthorized Access
+  @api @access_control @audit_trail
+  Scenario Outline: Unauthorized API Access Attempt
+    Given the API base URL is '/api/admin'
+    When I attempt a GET request without authorization
+    Then the response status should be 401
+    And the attempt should be recorded in the audit logs
+
+    Examples:
+      | endpoint         | method |
+      | /api/admin/logs  | GET    |
+      | /api/admin/users | GET    |
+
+  # UI Test for Secure Logout and Session Termination
+  @ui @session_management
+  Scenario: Secure User Session Termination after Logout
+    Given I am logged into the Call Center
+    When I log out explicitly
+    Then attempting to access the system with previous session data should fail
+    And the session termination should be logged
+
+  # API Test for Audit Log Integrity
+  @api @audit_integrity @tamper_proof
+  Scenario: Audit Log Integrity Check
+    Given the API base URL is '/api/audit'
+    When I attempt unauthorized modifications to audit logs
+    Then modifications should be rejected
+    And log integrity should remain intact, reflecting original activities
diff --git a/functional_tests/roost_test_1767670834/roost_test_1767670834.json b/functional_tests/roost_test_1767670834/roost_test_1767670834.json
new file mode 100644
index 00000000..caaa87a7
--- /dev/null
+++ b/functional_tests/roost_test_1767670834/roost_test_1767670834.json
@@ -0,0 +1 @@
+[{"type":"functional","title":"User Login with MFA","description":"Test the login process with Multi-Factor Authentication.","testId":"TC-001","testDescription":"Ensure user can log in with correct credentials followed by successful MFA.","prerequisites":"User account must exist and be registered for MFA.","stepsToPerform":"1. Navigate to login page on Call Center.\n2. Enter valid username and password.\n3. Submit and wait for MFA prompt.\n4. Enter correct MFA code received.\n5. Verify login success.","expectedResult":"User is logged in to the dashboard, and MFA code is verified correctly.","expectedResultTechnical":"Check audit log for successful login and MFA verification event.","negativeScenarios":["Submit invalid MFA code.","Submit expired MFA code."],"auditLogsToVerify":"Login attempt and MFA challenge logs.","securityAssertions":"MFA code must not be stored. Ensure no excessive retries.","priority":"P0","automationFeasibility":"High - Use Selenium for UI automation and database checks for logs.","coverageTags":["authentication","MFA"]},{"type":"functional","title":"Role-Based Access for Supervisors","description":"Verify that supervisors have access rights as per their roles.","testId":"TC-002","testDescription":"A supervisor tries accessing features exclusive to their role.","prerequisites":"User should be a supervisor.","stepsToPerform":"1. Log in as a supervisor.\n2. Attempt to access management and report tools.\n3. Attempt to initiate high-privilege transactions.","expectedResult":"Access is granted to management tools. Restriction on actions beyond role privilege.","expectedResultTechnical":"Verify role-based access entries in the logs.","negativeScenarios":["Try accessing auditor-exclusive tools.","Attempt unauthorized data access."],"auditLogsToVerify":"Access attempt logs with timestamp and result.","securityAssertions":"Access control definitions must hold per role.","priority":"P1","automationFeasibility":"Medium - Role testing and log verification using automation tools.","coverageTags":["RBAC","authorization"]},{"type":"functional","title":"Sensitive Profile Information Update","description":"Test updates to sensitive customer profile information require appropriate authorization.","testId":"TC-003","testDescription":"Updates to phone number or email in the Call Center system should trigger backend authorization.","prerequisites":"User logged in, customer account selected.","stepsToPerform":"1. Navigate to customer details section.\n2. Edit phone number field.\n3. Submit change request.\n4. Wait for supervisor approval notification.","expectedResult":"Profile changes require supervisor approval to be saved.","expectedResultTechnical":"Check audit logs for change request and authorization status.","negativeScenarios":["Submit change without approval.","Attempt multiple unauthorized changes."],"auditLogsToVerify":"Authorization request logs with change details.","securityAssertions":"Sensitive data changes must be logged and authorized.","priority":"P0","automationFeasibility":"Medium - Automate UI interactions and backend validations.","coverageTags":["PII","profile update"]},{"type":"functional","title":"Session Security - Idle Timeout","description":"Ensure sessions are invalidated after a period of inactivity.","testId":"TC-004","testDescription":"User session should expire after a specified period of inactivity.","prerequisites":"User logged in to the Call Center platform.","stepsToPerform":"1. Log in to the system.\n2. Remain idle for specified timeout period.\n3. Try performing an action post timeout.","expectedResult":"User is logged out automatically, and prompted for re-login.","expectedResultTechnical":"Session timeout events must be recorded in the log.","negativeScenarios":["Attempt accessing system post timeout without reauthentication."],"auditLogsToVerify":"Check logs for idle timeout event capturing.","securityAssertions":"Sessions must expire securely, preventing unauthorized access.","priority":"P1","automationFeasibility":"High - Automate with headless browser and monitor session status.","coverageTags":["session security","timeout"]},{"type":"functional","title":"Customer Identification and OTP Verification","description":"Verify that OTP is required and correctly processed for customer identification.","testId":"TC-005","testDescription":"A customer attempts to perform critical actions requiring OTP verification for security.","prerequisites":"Customer account must be active with a registered mobile number.","stepsToPerform":"1. Initiate a transaction requiring identification.\n2. Receive OTP on registered mobile.\n3. Enter OTP in the verification screen.\n4. Submit the transaction request.","expectedResult":"Customer identification is successfully verified with OTP, allowing transaction processing.","expectedResultTechnical":"OTP entry and verification status must be logged.","negativeScenarios":["Enter incorrect OTP multiple times.","Attempt transaction with expired OTP."],"auditLogsToVerify":"Audit logs should capture OTP generation, sent status, and verification outcome.","securityAssertions":"OTP must be unique per transaction and not reused.","priority":"P0","automationFeasibility":"Medium - Automation with test harness simulating OTP requests and validation.","coverageTags":["OTP","customer verification"]},{"type":"functional","title":"PII Masking in Error Messages","description":"Ensure no sensitive PII or PCI data is revealed in error messages.","testId":"TC-006","testDescription":"Test system error messages for leaks of sensitive information.","prerequisites":"Access to error-generating scenarios in the system.","stepsToPerform":"1. Trigger an error by entering incorrect details, e.g., invalid card number.\n2. Observe error message displayed.\n3. Repeat for multiple error scenarios.","expectedResult":"Error messages must not contain sensitive information such as full PAN or personal details.","expectedResultTechnical":"System logs should not store sensitive data in plaintext. Error handling should record error IDs.","negativeScenarios":["Message reveals partial card number.","Error exposes user email address."],"auditLogsToVerify":"Logs must capture error codes without sensitive details.","securityAssertions":"Error handling must obfuscate sensitive information.","priority":"P0","automationFeasibility":"High - Use scripts to trigger errors and parse message outputs.","coverageTags":["secure error handling","PII masking"]},{"type":"functional","title":"Privilege Escalation Attempt","description":"Check system's resilience against unauthorized privilege escalation attempts.","testId":"TC-007","testDescription":"Simulate scenarios where a lower-privilege user attempts actions restricted to higher roles.","prerequisites":"User with lower privilege level account.","stepsToPerform":"1. Log in as a low-level user.\n2. Attempt actions restricted to supervisors, e.g., approving transactions.\n3. Monitor system response.","expectedResult":"User is prevented from performing unauthorized actions, with appropriate alerts generated.","expectedResultTechnical":"Unauthorized access attempts must be logged with user ID and action details.","negativeScenarios":["Bypass RBAC controls using direct URL/Elevated API access."],"auditLogsToVerify":"Verify logs for attempted privilege escalation events and system response.","securityAssertions":"RBAC enforcement must prevent unauthorized access.","priority":"P0","automationFeasibility":"Medium - Automated tests simulating user actions using role-specific credentials.","coverageTags":["RBAC","privilege escalation"]},{"type":"functional","title":"Simultaneous Login Attempt","description":"Verify that multiple simultaneous logins across devices are correctly handled.","testId":"TC-008","testDescription":"Attempt to log in to multiple instances at the same time and test session handling.","prerequisites":"User account with known credentials.","stepsToPerform":"1. Log in to the Call Center portal on Device A.\n2. Simultaneously attempt login on Device B with same credentials.\n3. Analyze session handling.","expectedResult":"System manages simultaneous logins based on defined policies, such as logging out older sessions or blocking concurrent access.","expectedResultTechnical":"Concurrent session attempts and outcomes logged with details.","negativeScenarios":["Device A session terminated without notification.","Unrestricted concurrent access."],"auditLogsToVerify":"Login events should record device instances and outcomes.","securityAssertions":"Must ensure session integrity and control.","priority":"P1","automationFeasibility":"Medium - Use automation scripts for concurrent session attempts.","coverageTags":["authentication","session management"]},{"type":"functional","title":"Card Block/Unblock Process","description":"Ensure that card block and unblock workflows are secure and require proper authorization.","testId":"TC-009","testDescription":"Test the block/unblock functionality for a credit/debit card, ensuring authorized access and logging.","prerequisites":"Account with active card linked to customer profile.","stepsToPerform":"1. Log in to the account.\n2. Navigate to card settings.\n3. Initiate card block request.\n4. Check for authorization requirement.\n5. Repeat for unblock request.","expectedResult":"Blocking/unblocking cards requires authorization and is logged with detail.","expectedResultTechnical":"Verify that block/unblock actions are logged with authorization trail.","negativeScenarios":["Attempt to block/unblock without approval.","Replay attack on card operations."],"auditLogsToVerify":"Check for action logs, including auditor interventions.","securityAssertions":"Card operations must follow strict authorization protocols.","priority":"P0","automationFeasibility":"High - Automate via scripts for UI and backend checks.","coverageTags":["financial transactions","authorization"]},{"type":"functional","title":"Case/Dispute Creation","description":"Test creation of disputes ensuring correct audit and permission workflows.","testId":"TC-010","testDescription":"User raises a dispute on a transaction, testing permission check and logging.","prerequisites":"User account with eligible transaction for dispute.","stepsToPerform":"1. Identify eligible transaction.\n2. Initiate dispute creation.\n3. Submit with mandatory information.\n4. Confirm creation and follow-up workflow initiation.","expectedResult":"Dispute is logged, workflow initiated, and user receives confirmation.","expectedResultTechnical":"Verify log entries for creation and status updates.","negativeScenarios":["Submit dispute without mandatory fields.","Duplicate dispute creation."],"auditLogsToVerify":"Dispute lifecycle logs verifying creation and handling.","securityAssertions":"Dispute creation must be tracked and restricted to permissible transactions.","priority":"P1","automationFeasibility":"Medium - Test automation for end-to-end dispute workflow.","coverageTags":["dispute management","logging"]},{"type":"functional","title":"Asynchronous Data Synchronization","description":"Check data sync behavior across systems when delays and retries are involved.","testId":"TC-011","testDescription":"Ensure data consistency and updates propagate correctly with potential delays.","prerequisites":"Operational data feed between call center and backend.","stepsToPerform":"1. Initiate data update on Call Center.\n2. Simulate delay and check state consistency.\n3. Verify data propagation to backend.","expectedResult":"Data syncs respecting retry windows, maintaining consistency.","expectedResultTechnical":"Log entries for each sync attempt and status.","negativeScenarios":["Data update fails post retry interval.","Mismatched data states post-sync."],"auditLogsToVerify":"Review sync logs for any anomalies in state consistency.","securityAssertions":"Data synchronization must maintain integrity, respecting defined delay policies.","priority":"P2","automationFeasibility":"Low - Requires bespoke tooling to simulate delays and check outcomes.","coverageTags":["data sync","consistency"]},{"type":"functional","title":"Unauthorized Access to Audit Trail","description":"Verify that only authorized users can access audit logs and trail information.","testId":"TC-012","testDescription":"Ensure that access to audit logs is restricted and monitored.","prerequisites":"User account with admin privileges.","stepsToPerform":"1. Log in as an admin user.\n2. Attempt to access audit logs.\n3. Verify permissions and access rights.\n4. Check logs for access attempts.","expectedResult":"Audit logs are accessible only to authorized users, and unauthorized attempts are logged.","negativeScenarios":["Unauthorized user attempts to access audit logs."],"auditLogsToVerify":"Access attempts and outcomes for audit logs.","securityAssertions":"Audit trail access must be logged and restricted.","expectedResultTechnical":"Audit entries for access attempts must be detailed.","priority":"P0","automationFeasibility":"Medium - Automation tools for log analysis.","coverageTags":["audit","access control"]},{"type":"functional","title":"Secure Financial Transaction Log","description":"Ensure secure logging practices for financial transactions.","testId":"TC-013","testDescription":"Verify that financial transactions are logged securely with all necessary details.","prerequisites":"Financial transaction data and logging module access.","stepsToPerform":"1. Perform a financial transaction.\n2. Verify that transaction details are securely logged.\n3. Attempt to access logs and verify security.","expectedResult":"All transaction logs must contain detailed and secure information.","negativeScenarios":["Log entry missing crucial details like amount or transaction ID."],"auditLogsToVerify":"Transaction details like ID, amount, and timestamp.","securityAssertions":"Transaction logs must not expose sensitive data directly.","expectedResultTechnical":"Log entries comply with PCI standards.","priority":"P0","automationFeasibility":"High - Scripted verification of log entries.","coverageTags":["financial transactions","logging"]},{"type":"functional","title":"Exporting Sensitive Data","description":"Test that exporting sensitive data requires authorization and logs all actions.","testId":"TC-014","testDescription":"Validate the export process and ensure controls are in place for sensitive data.","prerequisites":"User account with export permissions.","stepsToPerform":"1. Initiate export of sensitive customer data.\n2. Verify necessary authorizations.\n3. Check logs for export details.","expectedResult":"Sensitive data export requires approval and logs include export details.","negativeScenarios":["Export initiated without mandatory authorizations."],"auditLogsToVerify":"Log entries should include user ID and data exported.","securityAssertions":"Data export must be controlled and logged.","expectedResultTechnical":"Export logs must show timestamps and originating user.","priority":"P1","automationFeasibility":"Medium - Automation scripts for export verification.","coverageTags":["data export","authorization"]},{"type":"functional","title":"Invalid Data Entry Handling","description":"Check how system handles invalid data entries and ensures they don't affect workflows.","testId":"TC-015","testDescription":"Test response to invalid data submissions in various fields.","prerequisites":"Access to data entry modules.","stepsToPerform":"1. Enter invalid data (e.g., wrong date format) into form fields.\n2. Attempt to submit or proceed.\n3. Monitor system response and error messaging.","expectedResult":"System prevents continuation and provides informative error messages.","negativeScenarios":["Submission succeeds with malformed data."],"auditLogsToVerify":"Logs should capture validation failures and reject reasons.","securityAssertions":"Data validation should prevent malformed submissions.","expectedResultTechnical":"System captures each validation failure for audit.","priority":"P1","automationFeasibility":"High - Easy scripting for input variations.","coverageTags":["input validation","error handling"]},{"type":"functional","title":"Financial Calculation Validation","description":"Verify correctness and accuracy of complex financial calculations.","testId":"TC-016","testDescription":"Test key financial calculations for edge cases and boundary conditions.","prerequisites":"Access to financial calculation modules, test data.","stepsToPerform":"1. Input edge-case financial data values.\n2. Execute calculation functions.\n3. Validate outputs against expected results.","expectedResult":"Calculations must be correct and handle edge cases without error.","negativeScenarios":["Overflow or calculation error with extreme input values."],"auditLogsToVerify":"Log inputs and outputs of calculations for review.","securityAssertions":"Financial processing must maintain integrity and accuracy.","expectedResultTechnical":"Calculation results logged for traceability.","priority":"P0","automationFeasibility":"High - Calculate expected results programmatically.","coverageTags":["financial calculations","accuracy"]},{"type":"functional","title":"Data Provenance Verification","description":"Ensure consistent data provenance across updates.","testId":"TC-017","testDescription":"Test data trail integrity during updates.","prerequisites":"Historical data access and update tools.","stepsToPerform":"1. Update historical data records.\n2. Trace data provenance before and after update.\n3. Verify data integrity and audit trail.","expectedResult":"Data provenance maintains integrity post-update.","negativeScenarios":["Update breaks historical data trail."],"auditLogsToVerify":"Provenance logs must reflect accurate historical data lineage.","securityAssertions":"Provenance must be immutable and comprehensive.","expectedResultTechnical":"Detailed audit logs capture all changes and the original data state.","priority":"P1","automationFeasibility":"Low - Complex data matching across states.","coverageTags":["data provenance","integrity"]},{"type":"functional","title":"Unauthorized Access Blocking on Multi-Step Requests","description":"Ensure that unauthorized multi-step requests are blocked at each step.","testId":"TC-018","testDescription":"Simulate unauthorized access attempts during multi-step transaction processes.","prerequisites":"User account with limited access permissions.","stepsToPerform":"1. Log in as a low-privilege user.\n2. Attempt a multi-step transaction process such as fund transfer.\n3. Try to proceed at each step without necessary permissions.","expectedResult":"Unauthorized attempts are blocked at each step and logged for review.","negativeScenarios":["Bypass initial checks using indirect API calls.","Attempt escalation to modify transaction limits mid-process."],"auditLogsToVerify":"Each unauthorized access attempt should be logged detailing the step and the user.","securityAssertions":"The system must enforce access control at each process step.","priority":"P1","automationFeasibility":"Medium - Requires detailed script configuration to simulate stepwise access.","coverageTags":["authorization","access control"]},{"type":"functional","title":"Secure User Session Termination","description":"Verify that user sessions are terminated correctly upon logout and cannot be reused.","testId":"TC-019","testDescription":"Ensure user sessions are terminated securely during explicit logouts.","prerequisites":"Active user session on the Call Center platform.","stepsToPerform":"1. Log in to the platform.\n2. Perform various actions.\n3. Log out explicitly.\n4. Attempt to access the system with the previous session data.","expectedResult":"Previous session data should not grant access post-logout.","negativeScenarios":["Session remains active in new tabs after logout.","Logging out doesn't invalidate session tokens."],"auditLogsToVerify":"Logs should capture session termination event and associated actions.","securityAssertions":"Sessions must be invalidated immediately on logout.","priority":"P0","automationFeasibility":"High - Automate using scripts to manage session states.","coverageTags":["session management","security"]},{"type":"functional","title":"Audit Log Integrity Check","description":"Validate the integrity of audit logs to ensure they are tamper-proof.","testId":"TC-020","testDescription":"Audit logs must remain unchanged and provide a reliable trace of activities.","prerequisites":"Access to the audit log management module.","stepsToPerform":"1. Generate audit log entries by executing sample transactions.\n2. Attempt unauthorized modifications to audit logs.\n3. Verify log content integrity.","expectedResult":"Audit logs should be unalterable post-creation, capturing all attempts to modify.","negativeScenarios":["Unauthorized user alters log entries directly.","Log entries do not accurately reflect actions taken."],"auditLogsToVerify":"Logs should reflect all access and modification attempts, failing which indicates a breach.","securityAssertions":"Audit logs must be immutable and protected from unauthorized alterations.","priority":"P0","automationFeasibility":"Medium - Scripts for log entry verification and alteration attempts.","coverageTags":["audit integrity","tamper-proofing"]},{"type":"functional","title":"Enhanced Role-Based Access Enforcement","description":"Ensure strict adherence to role-based access controls throughout the application.","testId":"TC-021","testDescription":"Test access restrictions across multiple roles and functionalities.","prerequisites":"Multiple user accounts configured with different roles.","stepsToPerform":"1. Log in with various role accounts.\n2. Try accessing features exclusive to other roles.\n3. Validate access requests against expected permissions.","expectedResult":"Access should be granted or denied based on the user's assigned role.","negativeScenarios":["Access gained through privilege misconfigurations.","Role switch using session tampering."],"auditLogsToVerify":"Each access attempt and its result should be logged with user details and timestamps.","securityAssertions":"RBAC must strictly enforce defined permissions; anomalies must be addressed promptly.","priority":"P0","automationFeasibility":"High - Automated testing for role access with simulated user roles.","coverageTags":["RBAC","authorization"]},{"type":"functional","title":"Multiple Failed Login Alerting System","description":"Implement and verify alerting mechanisms for multiple failed login attempts.","testId":"TC-022","testDescription":"Test alert generation after several failed login attempts within a short period.","prerequisites":"User account with logging capabilities and no prior lockout.","stepsToPerform":"1. Enter incorrect passwords repeatedly until lockout occurs.\n2. Monitor alert system for triggered notifications.\n3. Check if account is temporarily suspended post multiple failures.","expectedResult":"Alert is triggered to admin/support team, and account lockout is enacted.","negativeScenarios":["False lockout due to legitimate rapid login attempts.","Lack of alerts even after multiple failures."],"auditLogsToVerify":"Log files should show the count of failed attempts and alert triggers.","securityAssertions":"Brute force attempts must be mitigated with alerts and temporary locks.","priority":"P1","automationFeasibility":"Medium - Scripted failure attempts with automated alert verification.","coverageTags":["security alerts","login security"]},{"type":"functional","title":"Data Integrity Check During System Updates","description":"Verify that data integrity is maintained during system updates or patches.","testId":"TC-023","testDescription":"Ensure transactions and user data remain consistent across system updates.","prerequisites":"Active system with pending updates, test accounts with known balances.","stepsToPerform":"1. Capture a snapshot of current data state.\n2. Apply system update/patch.\n3. Verify post-update data state against snapshot.\n4. Conduct random transaction checks for consistency.","expectedResult":"Data remains unchanged and consistent post-update.","negativeScenarios":["Data corruption post-update.","Transaction inconsistencies detected."],"auditLogsToVerify":"Logs should show update process and data integrity checks without errors.","securityAssertions":"Updates must not alter data integrity; correct state must be maintained.","priority":"P0","automationFeasibility":"Medium - Requires snapshot and comparison tool integration.","coverageTags":["system updates","data integrity"]},{"type":"functional","title":"Replay Attack Protection on Transactions","description":"Test the system's protection mechanisms against replay attacks on transactions.","testId":"TC-024","testDescription":"Ensure that duplicate transaction requests using old data are prevented.","prerequisites":"Access to transaction initiation tools and monitoring.","stepsToPerform":"1. Record a valid transaction request.\n2. Attempt to replay the transaction using the same request data.\n3. Monitor system response for rejection.","expectedResult":"The replayed transaction should be blocked and logged as a security incident.","negativeScenarios":["System processes duplicate transaction.","Log fails to show replay attempt."],"auditLogsToVerify":"Transaction logs must indicate attempt and rejection of replayed request.","securityAssertions":"Transaction requests must be timestamped and one-time use.","priority":"P0","automationFeasibility":"High - Ability to script replay attempts and verify logs.","coverageTags":["replay attack","transaction security"]},{"type":"functional","title":"System Response to Unauthorized API Access","description":"Verify system's handling of unauthorized direct API access attempts.","testId":"TC-025","testDescription":"Test system resilience to API requests made without valid authentication tokens.","prerequisites":"Access to API endpoints and a testing account.","stepsToPerform":"1. Attempt API call without authentication.\n2. Observe and record system response.\n3. Check for log entry on the access attempt.","expectedResult":"API access is denied, and a detailed log entry is created.","negativeScenarios":["API returns data without authentication.","No log entry for unauthorized access."],"auditLogsToVerify":"Logs must capture each unauthorized API access attempt with details.","securityAssertions":"APIs must enforce authentication for all requests.","priority":"P0","automationFeasibility":"Medium - Requires API tooling for attempt simulation.","coverageTags":["API security","authentication"]},{"type":"functional","title":"Endpoint Security Against SQL Injection","description":"Ensure that all data input endpoints are secure from SQL injection threats.","testId":"TC-026","testDescription":"Validate SQL protection mechanisms across various input fields.","prerequisites":"Access to endpoint testing tools and database logs.","stepsToPerform":"1. Select an input field vulnerable to SQL injection.\n2. Inject SQL payloads to test response.\n3. Verify input processing and database interactions.","expectedResult":"System should sanitize inputs, rejecting malicious payloads without SQL execution.","negativeScenarios":["SQL payload executes successfully.","Error messages reveal database details."],"auditLogsToVerify":"Logs should not show SQL execution from inputs; sanitize errors should be logged.","securityAssertions":"Inputs must be validated and sanitized against injections.","priority":"P0","automationFeasibility":"High - Use automated tools for injection testing.","coverageTags":["SQL injection","input validation"]}]
\ No newline at end of file
diff --git a/functional_tests/roost_test_1767670834/roost_test_1767670834.xlsx b/functional_tests/roost_test_1767670834/roost_test_1767670834.xlsx
new file mode 100644
index 0000000000000000000000000000000000000000..5c00e8000717c425c91bb57a81c6a7fb15eacf20
GIT binary patch
literal 15340
zcmaib19)c3vUY6Swry+TiEZ1qZA@%yGV#Qm*yhBxo&1?Scb~n_KIi_opHFLby;b#8
z_3G}mzIx@PfI*-D001BW5^>42;#ayL)d2wjE<gYPkU!393ftN^8QVDND!JPkJ8ILp
zSzA>l$=LKTAOzp@itf-#!e}cgi}vK#kD!&^0L-`v(cr9HrFO2kB2ko65tQp8Q>U??
zduI1xer}AGn8y(3&WMy}LxEhLrnE+He#q=BjwQ;2Q1Q1%bF2|YO5C#HS$8iC%AnoN
zkD20^kT8yhmD}Ud_^L$5g7C;jQyA(137vG`yBSE66>VmSr3o(|Rif5C+_z&q5_>NQ
zgoQM8t+QC`0QeJITWF_6OY=4~0S^Mx)dj1(p#%^*h)2SVdLJ;f!!=ua5-Jfh=m8A2
zVrPCZ8hV6&|I3nbA~L16@*z?(wJL0r(GGAxJ{BVz+3|cOpf&jGi>!35rWiY%!_D~+
z;-mNWn}>JMcrm!Ry=j~c@7;KPtd_9AEg~>}R0jCNsrP20wywnPo4FsX;<$BEQQZd5
zB_iy@yY^dVcO&<$RS@CPNC7X>($i6m0XKE<5s0P>f8`do-2Y?(;Ezmv1pi+R?BkcN
zgRzw({hu<wvvrjtv3&T^Cj|rm0R1l+x?hr23Ei^23@`%cUZOkC={DjJc}1-Rg==Ii
zd|f0q*bUJIeSv4^;c)^m(dOVW_9y$MBgbPr(MQn=cQ`OK6<8>sBjcgtT_bPi_V85D
zV4=j|Om>AZ8G9zL(!`QwL+!EZsN#cQ9`O&k&W*e>snjtj!=FdYg(xRx55ru#Vs6U6
zo;y7a`RxUjHI54`w~&^;GETEv*=X7x#-Hlv6PRke3{x0M<A(dY&z@(7sP5%a$xZHS
zt1Ps>@RnqYPv+$|W||=?mdS37XmmQ`tY|~-Pee%xHN7|Eqz4BOyQ)JPzA#Obvrl>f
z{27t|j2iGqMBJ?Y6|(;nfc!1+-y$1CQls)Kvdtfn#rnILtF42jfvv6OuPfotKwI=O
zAc&m5Le<=BxM)aH#ye8_YiZsC2h}%9TS=I)Tfg2bV~gWJ<bmh(RW7Cth#!yLbA)}C
zo&~SYrIJKAkonerj^f3#@@$IGx2(wv5(`B}vN-E{%#OpdkL%z~5--C;X*YT)D#--*
zNk%m6;93TIx|DNdcBphr$CX0W_>p9075E7Hb4?x8^tcK^I^~vcoAAmVm~J3v)WM@<
z5J`5(C_Ppdml5bEZ6o}+g>6--e#f6b9G`M{;3_m>;3HKwoP?goDfutj!XF>dMz<3f
zbO}#~2(K`ASe``32FftqFSn2I|Mx({{SMHt&^VeI8$11Tn3B-(evX3x0GQ<f0KoVU
z**_qRzv7v^qUpHRj~24|{7Ox6W-0)?wZSAy3N&gjZfv^HF|Vgz0Th<7!@0BYX+!v?
zJ-Veb!{}oB%cX{OgGbfgT?&4v_qJw|iM<03Yx~5h2{D&VV(7yIhsE3Z#9@hGUHtCm
zCE+UhfZ6N|rtz5W*_-1tuf+Rsc0PqI3Oa{L!JcAvj*Ui@)iVli&xxZ$L`?8W!VSXS
zkCB_2<g955ukSEiCz{1;XAN-rURE7in`EzptO;v$KgG6<p1s0i9!Er{&G7ertW0EY
zDc-p>^xhGta0eagPLzCJ*|DRdyJY=2@HjCdni1W5XY%GIJ$-T9@zCJwwr2P2aykNi
zd==`JL8e|i!jGQf>0NMl&SM3u`6Kzv27hado#Rt`yjZLJwd%Qv;nUds+UagaNecU;
z=dxRv%jPxTJMkl5<kmn*+hF{<70JXSAD>vofo46u*{s#^LV%I)<MM9SPo5W?PfLwq
z3#Et8`}j37cT2mS(ZXKi9+xX2{B-Z{c>Ft`>G=(xGk1qJ->Y@qaPOG9+Tae_;4fCj
z0oN7)*J9s5-cM=MV&5RDuh|N(r|`Gh+i9zxH*>Du`d{t|wa=I1=B483mvBPe-CQ%s
z*0B#shnFaM-iO@S_bb#mEqvL07zG>mZQmLm&bFk~FP~PlpBryay*5>!tE{p$<k$+>
z=rliBD>QyxuD9w~_FnR^sH?r5+cU;4r5$Ed(i}dI>8b=lOlu$zx)w#KS%P@O&QytC
zygy0TSYq9!CMxWNBr5hN2;f2!Q6dk3IIfQZ({D!?Q8WGct%abk4Ph`&3yPSROh8nR
zCKA*EK_rCTy?M*yYO&kAJ?x0d9p+9DmKqC+cpXk)z=tX_dJcMNV;T_lsD;3&3qiCe
zB{({)jM*ACseyp_L=*;L4Z^)}y;_yL|CM^e_=ITBpFk|;?_k7hbxiL*FS@W)dJx3x
zA_9|LNd!a<S8d-3CZx?3h`X=*OV!Dy>&g2}Pi_VN1V~J1B0^-wCxnEGf+RaS2#{%z
zM1+olBu0c`1T>(G#;O5flgqBJyd&a2n?R}0R@yb(&zi5a`uWaR0@`e$uR3T4pBoAO
z^B~2(>)B=E_MV0qu_HRSIeXuyisxS2oo*Wd5)vdnu7-e)8&O24H~?b2{lf=j5urU}
z93nz!!9Fj_Fv?aWk)U~R)of#uo+iYb>V0=P>Iq=g>=BNg>qdf{CeX(=+QEHmcVTNj
zyNauD&E(kCa<4s=UEwCGoEGKBMP9oi%}^os^1x$A{CUZT$z;23HU;D`he%EpQ46wi
z@i8UTvSw9L3zPDP=)I3aA=D||as#w#CBzD6^(t1)5C_F(`P;ALYnBVt>Gj&?s=GR@
z0K~k83|Gv6+oqqp2Pb(kDAWDp3pg<(G$<TPnn8#osTuMc(Hh^*7#FE3DO8hG+R~Gm
zCpaPNr?(xEDDF8Rlb$m{hJj^)b_vP-=hK!y4)DnRYd1;c&g_sVTsa|=yk&tVobkIh
zK2AGy8X(P5e{&y)%AmR*0CXFa$X&4cP~-W53P}`b?v==0-6fH``#}9V^?}?4B=^6H
zs}mSW*MjR(J{D}h%Gj^$EOQ9N@vFKOSkiz``j4+v?nTnYKRR+p?>uq?KLnaBcuQ3?
zt}}mdDxYNoe`~;_&^-39{r$yoKgIm-XFfVOEL||Hs=$YTS?tN$uUsv2u*CgkF?Hn_
z^0)H;YP?H*vUh`!Trf?>Jg_n`S4Vlm@yo3Utm_)!;!zcq=BcuAMQ^zkt9o)3Uq$Vl
zg>qv{)v!vh@}f;Mm8Q%>wj<Jk-ko_DY8F<t&d`M8{L2S)6EO7^i-DU>@6M|0WZ7@2
zNq*186VBuuZ1fB^^%a|en<KjpC9K<O%a3}QL#N#%cb^6#0;^*aVAKRI^%TeWtiMFB
z(W%So$Zu&Lu&xH!#1edT@1qA-|5-LSaA^}z^~SBugH>okodkt-H5y#c#iQ%w)^F()
zux=gLWB`2Bf*^HQfZ^C*4-JIZR8$V!alZ{v^#o9+Jw4Zc9z+z@bsI3%Q-I;#Pwxz{
zdlfjK863n>8Qf7>b<f5Nbg$edQ<NWOuN>~H+MG;#evUobs|f7<5nyTs*WX?(O!r67
z3>mI^jptof8~$m=%6AuCsM<V=*Nd6YtC`s^wX)-snx^|nRWpvm^N*aoY9?8^ijCuw
zl#bPKdpfwI?Odsz&f9$SC4tSV=wG=cjgL@Iqw37aEf$I3yS&(dua~6LxF0D~CrtGC
zGW@G%;)dtl#f^_e3TvIorrp)x0++HuRc}mX+RHQTRdz*SD}ep&LQk(5Q)M(5TI=;1
z&AU%#0@UpR>$ZSQet?cfMB0B@V@O3sH?Gd#GB`?Ji>f;zTh>1%0Qge?`lFM9noch}
z6X^N`CAFj^sX0*>dPRM{n@0%rD~E{j(cD~A-PhlsYYNoV(6TNbS<pRyDu!4k|D{jz
zjZa5<ck*2)1sMB`oG>Q%pjx-_!5+cP+ccTsE|nczsop3I&lJB!C^WsD8K@2QRQkIr
zqx{t|na77Q!0MR5OpGg)pCG0wy`tvzpD^(2`uUc%6*Qw{b@|j?9$m9D>E5aKx)(?$
z5_?xFN+`U-rmriuIQ3FU9#<mgN1WfWcPC2368e86HGARN&hn6&XNTD9z|eKPxhiz|
zctv~~v$@n`KDmwDPuY9y4Rvp82U5TMao}}VvPf~Z^)j*Zx~)u4zs`@~`uKhB864^S
z4e-w$&+pB4uI}D=Ck_C>iX{L5%I{r_qnW;gv5}&agSm~V;~)1%+Ukz0VhKL?)dCm#
z2J8W$G@d-6Mly0F4JJW5o03WQ`iA)B{zo=2Qv%qaaTf1SV-<9{P*&#m#)dTcb+xru
zFH9A8xBML^>09#m#b?VopF8+{?G+9hPs&@?Uc9az-`19NKSME>HY&(09OZn5Th4sh
z9&@dZ#)Nt>xAfs#g6n-dM@KJSJ<4L*U(;#2NO4{`p9OedvZWjCSSV-GtP0h3yuA7m
znM3DNZu2>!7JFrLKN0`!ZbpK!@%Fr+Bf<CalAhdFC*x`Ccyr8d@pu8fH)8?)Vg1VX
zc5?KsX1e&~_!U4i&AWQcPP6Fkmg}8(qh+BpwxMjZ_Yi+9_kORVb%yuM=}Gm~xOzlT
z6~6&9L;tb*zGb!1xh(zAwCZPRp3iKK<XU;hnF&v6O?l}38rZ{w%>C^XgP}r-p)P!=
zl%Z3sW@h{%u=b0AtjEE|%Le&*J=1Nu4HAAbu360TfoDS+qE4)JIDd}qG4q82z=E?T
z&s=Zg!^N4y(-1F?G^3UC)THTi2XzDE6=zr_pJ&N%-f`pzVuuBI9Nt%Fz5++*yR9Gh
zGrsNSV~fWIB7Bl_TSURe#V1dA<HZ!7+JyRZsRnDTGWUfQ2F?_tYDCn>HG&<c(9=Ja
zBs{cF#1@0!6nfu5fvHql4sOBTpzF(l^1UN~u;$jsbdvQfbA1KQ<a62{-`XCOdFONC
zS}?e%QRBR(8h#{Oq;El`&b>am(oaNUzv%ubusDjiTP)8a1G^heE%{nK-ub-Q_Q3Mh
zg_ZfPaKjgZpW=AUhvWV1lhmLj$U8&~AiKQ9q$I)h{&m2uEC<qNVUYs%iv_S|D7`+i
zTU#>IigL-*Q4)r|R9921`1g=%<JUa~V$X)TU132n0n;!|i1ASOTBkI;V~IR`K`myF
z_t%p30UI~cgfdOEJmaIxcMmLYkS|)>=CXWGIh5uquB<RvLC5zk!38s?Ava!hY~*kX
zg^k#9!7!z~gB=K@HryM4t}x_4<jgk>*~l%PjISxWM`Mi~)EjycpRv?R2XMpBudO#}
za~>*Zb5)=^sO6VKIwT#arxoKx#h3zLjry)@EN_-H)rzR-4qwdDK5ygAcCu;nU(@Bg
z^s2zx?VQyaR0zOCNZfoI=tdbvxo}l#YN7W~GaKh>4o~?=APfaMiCP{^O^uo*tKSQ(
zWGAM?Q{_yp_%hgNBR2LG2o-@(J-pjQ43rDXD^B#Af)aFU-08UzG@Jprso?(NvG>CE
zdTW0iFochM6RR871+6B+5@t})K+9BavT(IV!C>@6Fc~;#af|;1K{{cPp1e+(9|m|W
zG1ft45LVd6B%vxnc@Hgzrf>{qCzoct$KakGAQyrY=}OdNn9$Gr(2dnWO{Z6NH>*L@
z!cr9$!^mZr%S-sN5P~2F6*{6ClNc>~CCnq-Fu~J12NaAuM<816Ma>12WSyDj-1<R4
zD{eVlrQJfGwXvR6aP2(x98@!H&^;~^06l;#;~n@<@zHf&Xp&<2`0F}4qF1#FP|`kR
z8J}B%d7waj7F;bk&bAtNaS#`t+rTf!k+>v*#hwxcPnlxGAb}2D2qN1NDu4}=>iun%
zJRhhj&@Ej043+_37?{;NuY91FY^P#cQ7a+O0GQTVYL?MKHhORfI?gNe0uzM#jw6$)
z@L3>y(x4p>>BO?1WR`<^{3`m}E;ACqK2=QvGuZlJEfMX*U<en;2%T8xO9KX=icz7^
z;Xso@yc;8jcF8A95;_>PIY6;3sBp58S**qvK>(g(+|O=%ZO@?iZHtXkntPGB(U^rW
zR{Xs5neu71w>v51{Q;La&1*&BfLYsG*&3Ewd*V?|h%@Luws?ys`gJHG!Rv>lrYMwa
z4nnRYQi|0JmZBe)^2dFIq_(IpC9%Sx8^LsIYkM?_5p2>J$1x5JT5epVT|3ars>(%y
z=S2p=i!_k!gKC#SwRKA|140>VdcKgUx~uY3)n@hgtWN}4jj#AKn;MHqmU~7M^6YYb
z_7NVlTs6)sFdR3y&tk9#KRVd(5fn~51~d8deJvufjK%K`)o|7FdzhBk!3KF#YH$ch
z#L=JODj43n9XWZ^!usGTj5B~uZ?t5@n`e%hhlh~UM;#hR<vq?=F{gb?HAJj%P92v`
zPp81W><2e>GG*?$##J0chIRTM(UC0ssFUJ7#liL4SARxTfk_0H(k)PsaC|25%M|-6
zTtrPdw31bmkh5q3iX(XR?WmQUN<i?c_3ICjf#Zw(2}j*<Kru2J%`wP<{$x$6RBc&*
z>6h!b7;2Hnfg%>X&MIvZy@6c|erUijvSu}vPnN~j&lA^uKR>C=qsLrY0n0rt6!y}o
z8h^P6iyNS@C)!3z8w;Fa@zD$>!zT<a5t7qesG3xDfZ$t(U0uG>4#xECx)YH+AuJ6m
z!JTSC#v5d201yE0{ephFmef8^OA3U<beTvAo=R;5ip(4`aDME{;S>rOSLg?CM+Na?
zBfH00gi~QJbkwlMj=($OkvuZBZzR+I8^zIlKB4#msJG<#Ot|16*=Y|Em;gZz`gbQW
zBKTHxzN%;&LJs0?Md>i`rGZ1QK)pKBFiuM3R!cGMW+6B=Q4I)=8xNLGMzA)nYQ_SH
zKbsC>q+yX10$FjUz{V-O$l?<@UPuy3>z3?dF(HMJ6ujj2{F6FqZJzL^Xg44uW-z~O
z#G~ly5&%97t<BMrtL~)YHCS*!nG=0S4lr-JR;*2rw?jeJlM}4~59AEmC!(-$m?L_i
z&387L0}{^u5m~h)X<}E&-<(n|x)l8t4%C=}M%EH2Atf8_$;;8_=%QBPHu+ZX!2GS5
zX!!C=WI0>h84gPc0sgHHH63ZD{N=q3Ju~2HACVIV=KMtJ3(1eLH{(bED6Z74vny2|
zV>zEd0cXCMJz;2CBvm2`I<-*Nq8~hP%m?(n&1QH;d&<J(z5IJYVlHl;S<%D!HTfRJ
zixqf?hvI$l(H9OI23!yaFm{eb<>lqN0Ce9%yO8R$L)?XLroKB-E}DzUC7vSvuxY@P
z3Ew>A_yLzIaW)#4up*iMzyxG^e-W)rp=ZYr2MsBE*kp_uWfV%*X_ym#O$CS1>JQ6W
zDYtbnLrIMNGY2Jefcl1@*v4Y*3ql!tE|Ez9gZqYz=M$T-1b15Js8X``SGdfs85P4h
z1wHrz_(@&`_!NLgqtHvP{%Zt;S<b~INdSju5w49+z+h{u<!hM>GC3YYszDPF`(jR5
zIlbff??yQ!&@ete-<B9P+2WRabC^nLIeaB%7+-@T$Y@f?)VXQxsmip&_*q-PDI-&4
zgJvhLPuB6r3yaB*oV=PAv^E@P$J2@yyH<c*{Gfu)X@<=}o+>OH4s-ZBI==(fD5841
zyFSDGJj~$7=?PlTq>@q(h2bZ6-I6azp}>?OgB+y9QKlU8i;hT0q@dP^MsPL|M3|-7
zb-;81j0F=`)ST$X8ywEnDE%7cB*J_~LX)Hw#IiY2Rx8GQ#?7%U$v<CYV$_E&zjKe&
z^6BeNbsbDEI|LRu%l98s-eq6rH~QA~G7y>dx%4DKtd-4QPaRs5>YwsXvzJMm@gYM*
zzDq8^Be43%TOvu>OT3XJ@j;LaoF211JkT<Wtw2BK<3Sn0hVtKBV<*D|tPqpAJFKn~
zQ0pwvF3T;<8dr5^EEa-};U}X6+Ak>K<uRr9SEhe0j6%1<4$%Ibl~Zr8^+->1%!g2)
zT!kaOW0!qNr_vZh6o$t`qMkiQKqSpkn?7N^F}{zjW>pcP8=gqr=qD!==sngB>d%Z=
zDNb<^GASNHG^oG#3PVOC2>xS_4n%e5$1AM0l2p(Avcn)uak#BKH6345A?~85pu34A
zfdhS#*44uIb9tY~*;{zau;CL$lB_KoG~s)U<H__K+xiz;?lVCt?M2d82uM62P>k9x
zkME^7<t8eh9~TRKSz&WmPnHX%ub7;;0|qC5cKhLTl%%?(bxffz@jztB&c=7oMd2}^
z)$rSk%i2Nc_XgKVCiGRh0+{->2q<C-@)`%H^&0$)Soo$u4h~eoO)@S$FO)V<IT3gK
zGePAC`LPGIcjinVwcz}hTrNS68g7&+9h*fzqudjbYsCv%8leQSvE;^nA`t0>eJ$uj
zJQ|M?lgfa8rh8e4X&F|DuUm5*Rhy6b0c-0bVBbRXs1?T+DN$b3Dh3ZXC_YWLY+goZ
zvJh_hrSvT`Nhf!<40(bwo@`-BJ|kkZ962N1kXq93#zMF$y#R01E(yV`E*2QT2SPsc
z?uRG*+<jiEgeJwzl~hBbZp9cQ3d-Ph#=X)jOIV47)-lTNJ}CY<TR|o!bSYr8yREMc
z_6c4hVn;f&^;<@*0_<~R-z*$ChafM!{Gkk8k>vtw-p}O~cFUcm@2)+K%tVwWHt?(N
z!81z}_0n$g{j|VFEJuEpC1p=rJu;qhG_a2-5UOGz+2#itgzDg%#zO69kba)LXBjQh
zQ0xUSDljtb^SgOgZZyH0!@%awgC1<kZP_&Y5&RslSAtl?_NSJtF8RdJqKHd+aaFlS
z-BOvbYnWWn<W!vfnMS9sGfE;x6k>^i&0~4AP2LLzNM6y4OXQE>_DtsZ(iGTlC`Prx
zW|DMi5qNY|kQZGvSTAje`a?HpP2sI%tP%np#OzeVur6^FY!b@}%tG9$0pYRvsb|!*
zOfBB*b~OZ}qyBE#5EsZ=237XMO7NdG42=Siig%F6E_QU+(TJu;tu1tB1;zSE$y=jz
zVB090tR1KgQbcBLvOa}4;B+)MeiF-t9p_UltE!>BR%$|hxS9dto`+bK1l^vO-g$`^
zo`i}Zo({EZb7)?3#}zk{>1CM3H;Lg0_>3G1-vFoy*gZ&s0U7G+8d9;}*7K=U_y(Ez
zz&`<P7p8w<5Mf1YRvi-ztmkVt)Hpg#NnWZo=TM1d<nW`&xYgSw@Aq?NaZ*xfEkc#+
zu4{*&GG{c&sl1w+BO_?qV~!J>EwtEmU$JyV$vsViRmRo<FMCSJQ;o`NUce}^5V0=n
z_6=@Z5Q7_@-DL2JA<Iz`^e>9TjF<@3#5YW43nhNt>LGdMxUfH<$8Y8kAb~2Y<kIpg
zeEepwv6tH?Vxk0MyT4h>6}oB1){MI2q7Ak+^|qo6AAA?Ly9}40LiG28Yd@&V($b-D
z!sSd&K2Gyu=9uom5c?c)UTQxDdDSDDO&tFdhPo8@Aq(Eeos_#gSV}R+r3V|LbPwPz
zHI%|H_`66LnOa?)4hU|WBkF*69C=`fNof0lDH_nqjF$#wfMg22xn)+gdk7wp3`M2l
z=|M~?QP8x?_E%Jq7#yKHI#Fe?2ybgZzFaKqtnQOqF<SPx+;j=1&;7VIj0S>Yg31hu
zMq{Q-#B`>|Uc@C0kDDnYWIwI9HKV3;8&vu)(_>wS7DD{-t&D6Z05Wd8M60T6hb?@)
zC<Z;{+4#OR*ggp@!*$D?4vx88vh<xgj|ZJ2_mBuREtCjFwI^o)<WL(ch%f5y@txIo
zk5;AkIb#5V@F9Zbmedg(e@l4c?*bU%d>umvS&?t^;X-9jf!Qi?OMHnO;zQpcSLx}O
zF)M=gW}A7;fC)pQ7&vaJFcw$2&|SdV_5fUYEQ*pB!@&y#9VFs2@$tT+W6AGE;2(+h
z0zo_TmM3A2*+}f735vy`|5E*0ws>jfN)Q!%xPMR^0a9+$7-z=y9LE6h2yzE!l|sk;
z<wqaRa2&-MdBC76Ql?|PSisunMKf5D_^`4C|6D5;H0xR)y2Omae0zvJ$f?OfbVbXz
zw~EVF&9u$D=+(H^7g4(iC&rjh<n3BEbXe@*eO_VW?e3WMd=SZ9z|o=tA#FOu^Y<{7
z>=|1m=myw>UXhe)iv)Yb=2VLp#4$oq{Y1Qv`cwnAf<2d)XqKNqfa%_%!4b1_jaE>!
ztQFjzT`T9fp5RBONx<2o)SY=fDZ&TRYCzF!8Q>cx1CsE#OwFCSJ*p*pkx;X8K{gL(
zRa}@Pi$h@0w|yF8BP?&q=rXkX4vfGsKM6P+(>O?|4i%l~;OM2pNR2OjvzzRcTlc7v
zrgDip1MfsFce(4jMlMyOLtCeCMBpx#3Y^7X4D=N8*6R4A-&yA+(wK>5m_F2Jnx$G!
z`3bY<VN8B>ryIzifsIN?0Gn`$PY)!&Udk7eX>2-i9K*%~?n)4!NojFi8QUrVld~2z
zXcnpfi^5u&{^uu=I?1Vqy-^NdCO`T<10Lv|Ll}1`v{Dguu`x8SYtSpTqxHvNYiz|~
zvy7m@u5@hBx>%sW+b*SZ3WNlB`f19VxLP=4(*nZ75hTIZ(kh4fOu!V4%dz*9I64uM
zo=3zq_`#Y0NjMfg(`ib+AqzsN8P~5E#qZJS>~nG1b`8M_Bk;lddbQ&1j$~HBg{I&^
z)K(r1j;cD@6Xm_y($uC~L<<@MtgXQBmGKEWZHo5WwQBv-VBmAhy3ktL$LVo%<6zL|
zRdXClqmngS+1fFy^sM7U)4>rNP}Y9ACG;64(ebv%Xe*HFc+Yy&ZJ)-ntUZesvPNkx
zQ0a7hz$`xB^a9f!${|+jDUX7%KoERMHtBRl{Wj2LbwhNa`}Ia15Rx_0=!cA-fGHu>
zm+A77va7OhZrn?Zs!fDBh4&t7aXEydGK2U)@haietAMP>bw_J9I4DG3JZg1;*J}n1
zmmKe$fs?98u4beGn`OIn);aoRkL*(cgGZ~B-k{4?`=s9zdp^f|VclfwIpEN11q2ZH
zC4e1{U!bOK7>LjlGX$AQngVx-XB=4RO|Uv3UB}}Yqd3COf7U7*l6e-JvsM(2I8uH1
zLgmVJh5ea)z_4@T8&1?6v(tJyYeF1$%p%#YG#648zKmn?bq^nzVhiCxCRbDLmS%+d
zr5oKsZM3&-;DExh3Yn8V1$v;&UW+_~b!2b4w&*wAFow-Ef0>23v_aZ^FdI8`=yVhw
z6GF|Mh#U`L4tNVtzxVjc&GWT6lxCcv>kd&EV(#!3M_KhC-;*vN6gZuomyA$YHpBD6
z?G{z>i!wIO9afy743x=rKhH$WCFtsVCZe>7{w4cVyIJH0+SIBWnSJ{S1R@#!JX7T=
z9<0RXeo-4EwrF&|*d)za{~ud21nfN>TLdE|wT@Ke!ubb+?>W^1tvLnT-@3k6z4ku(
zzF?B}_pp=LF1Dm^uf07bY1#EEPsYUOuZbhUwn=%T>fq;_DrR2yvG@n4(8dSLeokqP
z&QcFrYkDg4^RpnSMr4YQ=ztdst&qhI?RfCK_OWa7oQxD-s+`S^d1*2CmCcJflnmK-
z@U!-k@<7$y5A_19#C{_`$e6h>-QQfa2U87m6DMs!$oh=!AlzsJ#@<Gr)!ZE}>2i!D
z2sDaDXr99&)Qwyi<Tfx-j3~#JNLjv?O?U0I#$`TFZ)#{Kn4`?Z<v|P(p*YM`fdHJZ
zIV4kMlndd-<j_ZtUAPS1aaZiFdQYT!frF5;{%PgbcThCVFZBn~B^y!ll2eC8Q;sZe
zu)1)jqdrekt@(5Ud<B3Oj5lZP>9|pu?I|%K&BDeCCIttRIrk6eqa28hanVVJJ%(4*
zF%zvG5hi<?yt1ihdM*bpHeYbXE6VmkVgDt3!`rh^8Dtg5Jg2ocSxC=bZGLM@h^^GY
zBo@wsQVz-{sQ?*O7!Kr-WDf2A2uBp8cjg(}93Z21`{?dcT``}LDJ}!8&T?Sm@SM*O
zR?c~j^ENenWf6~>X6$cxN?$qY3VKm>ZhIA=>n+~QzF1npu5@6tC*38qpSjO6vTs~D
zu%QiX2Qocw;y*Yn#IDj3wr~s*7j-lE4hMVL(I0>~huEuUV6#>)Sjw<dCb%Nyj39@F
z$Uq!iGPWiFfNyH*AF}^!>0S?u0^lWw*Bq1aZ!hW*idptVdM?F+gF8mU7qmkUvJ$dB
zPZsj3V&~XO_QDt)AGrn^M23s51p~Ri@vEZ{&PKtw2}uRK)R*sypX>Khusz|RK}AYj
z_NPOH5zDQ2r`)vVXh97A7S5M~uZ^+eLS$~}Xtx{G`g!-qJ5_3jW30mks<}0O)sXAr
zHg+)DV$<>t9#z9_aF&Pc&pc;~_n1i3X3(%E(XvR{vi(Y#P{xV&6Y@li;Wv{K#{2~n
z(=F&*OPxH(oP6m5UwTtyYpaXzLKkmAg&AVo)Zb*%`NDzTu_wN}p2Oh+(uwy#=_fLp
zt%zCG#8nSDroe}bTr9n129KUPmX-#)X^W|<2{#C@sZEQ9P9<muTDR9A6q4wrX4(`V
zQ?;z2xvU;HtZ2ZFqwh@LZUkU?$;_WPYfc&SGxvQ8&L(G64y+(XZK5h><QR6<@8{*e
zES)=>HCU-HUz3eirBQOgk#6hbp2Ilps220FQLz<xNm9DE(4A1C80S3D8C%wI>!%X9
zG3sayrUTGvayW}42Wd=Sj}$w~x12h_$%%q6p=)V+9eh<4!6-)d<zC$Ahec4^dnBU9
zU+^!yvQqGu2*2SWM*h}&w|wO;O}(yy*)!n;SCZYakaUJEEg83!UMFY1HcT8Ub<qog
zS{)7Cf_S5EVSwO5hW9+rLYrmJP)EoUnJA{{de;*M@S;==;vH>v!oT8+utP|*HMJM;
zCAc0$dmK?qM5ipoCKm71=qrtvZmP<upuL3l>FESOQwfoAtgsd0J32|D*~UCOLcn_K
zNe`VN{k0PDU8A5=9A;>j?uFNRo#7suewbyiz?GCtv|S&b_UU)iB(?{M!okfKY%bFg
z%`pr-em8d!Wg%Ii9TZt-nR?Y71ZOd1j_QM&j2{IWdP2v^#~oMk9Hv{9+YqVKW#Om6
z0!9o>k<?PO&tc-v#6$h7Cg<dn!GlsA2<`(#$+?c*Q=>RRt##O)_O<sQ0X%(FmiRwA
zSU}e=wXzqyIkC5)HK~$Yi;~@3M+5dBZ0MTsJWqA6)PNX?lI!n(8u4(Y&VP<tGQ#cs
z)bWL`fON=onv7V0sPeGDqK*81E5MsAi5w8!B<MTfCB6F%Yw(Zj04|g9lD)6Jn;BRy
zNDa{ndhIv4nrL11$l}umk~u$ddN#1R!WIj{J#mEuahX$(^FSi`M4ZErp*$?e16REd
zpOdnisXZD65E-4T_zK7w`}?rT8`C!+p_lPpskU&%w&$hbwLkTv5+iK7)0x6Jh~Wn|
zw|s~8aHakxLS`7Y=I;pwC4${qe7d4Op^ZRDABXpT&1HkH(la6;Fq0Ei{u2F}t^L6q
zG}2|i9dJ4@NPm6q?iOoTcjj%FJf_lpg)O_Y3Xfj|i!ZaEOY*1TlT}PLqXC7KK!959
zHLb_yf|wi_C63qqC~~kZ#Mr1RJdOLHFM%sTXvUIuVP>aGH`a?m_lt8*(F1;`Cfl*b
zxU$tFC-TEj>8JRbo=F;FoUFMT;sBm2z4I|pc+%#ku&Yg6-!!iz)>{E_ASI)QTX<?+
zNs_mlobx;egn=d$efyFG@kxYCb`W36P(8ImHO&YJ2J>X*y(RJ7-pM#|vfvG)bpzMY
zvAXTHFWRQx_(EFW2hb>U(pfh?r{|rs?c}=QWT?pbs<9*lY0Z|zD=ueov1FBVOh9}}
z?aj<F2S>I-?A^RxZ4TGUK%th_eTzHfcC-k@?Gb_E&Y_SRNMKdnQPiMuAA?~d#y@^|
zoS&TuI%^j5nVvi!(%41}=i_Y;OB3iLqb9VyPF`<nL+1d+FwJP$EfdBb3~cJtr2jEY
zT6^YJSJ2t*C;&3OnBnXn{!Nl@Xu+EYQ&Tb;44kQz!Nl#l^Ups#|JPDECo^Mf<9}7u
z{r+FnC4*s|@S{Qz6aRO~=ts%jZ?Qi<|0wJ_RhO|{VZ-P+S4C)Px=K+XFIDV|S+lWT
zCa~we5tpj(3qb-+klk9D!~=)Hn1^kJS+ow-*YrnQEP7^L;<Cb>?EI!WA4-{Fkx8~D
zN5IKJbjx#&zJ5<?uG?vk!{j6$RLFCrc3Z&;9Y45>7yT0B?91_ex-m|P<BDM$@lZ{X
zs0up+UwZ(Xihxj1Aa)1rOwC{6GQ?U6y||`r*bu3^l@Xm#g#o4G6w(XCK-h%cqJfpW
zkEK>FNI1^JmZz9buvet8A>8568w@`_p$;=8+}pKSalg>)JeTj8zNB^lgsZR8(4Q_A
zA9kpw7NJ+6J2FN&<5it4_mnfbjH*Qpcl6D{LiQ34i&FWaAV3qpe!kjzqJf2p7R;=3
z{rvXWv5XR=mF_`XH>3&d)T1e`vUl1vFhpmptO1Rp<;xzEar??C*RiprVnO{E%F|^H
z%L@78dX@;oi=x)K<EmuJ7%_FtVwkU0)gSVdG<qytYGfo8yt?(AW}{2A%muJfF7bp|
z<MRp(iHK#xQ81UpbYOnsDR|Uagsjm+7_ELMn|34=+2-BYAePm&oT_vaq)_orpwY?$
zPbB?ve2$|TDg5p3k2oLilby@R#DUIi9(RYU2Xy3Xv>30f$EQ&G_s28loBQi?UH;dW
z00QS8e16}zXIoumg5(&l+p#)+T^`TdQ*__ghuNTYB)7utP!<xTHPTOJv7s9|5}=sj
z%nBiZ#iUSh02V@b%5p+KvkXi?TqHO{;6du4iLdr{<cEH~3P_`{654|6LpJwv9y{pY
z9lGSp-kT#mqCWi)0YB6CGE-XDRNH+c30W-`%WL;bl3p|ZcCko~C{N)&01v@<iKn0u
zaSrDUn&MSCDIC#~nhwldNNjAfmQP4CIcr8-=|L&P4KJ6%To7RGpcWz&tY?BEsYaR3
zekrm!X~hbc2G<^_tjFTyOSP)7Q4}D054l}>jz}3@=xLzA^vD*%W<2hP%LY3lmv`Wg
z=mGBdRk-O<kiJXbsxd>%AMQ;JPoUqRek6GbPUmZy5e#%d!BMiWKsc9S&3cKCp6r*M
zF%b;QpbLj+*(Hobigl3TcAmm1O>XXj$z^)(XCc$|fYWg``N-Ecqz8YOOKYBR7f7XH
zW8_Y&trVFTYt%PBji&iZ>({|-NvI0=3&Y{Xj&vr6PsLd}0U195OlGE{R9CUK0Pq}(
zj0@>6to%S!a}-cdz&XIQZ<V6y9UnVH7*p(wYsygzRSluuCdjh3n4sM%UB0J`vr9Ft
z3Mp{i7)xj~Bi6PI?=@UkRF*6zJI`l9WsRG2S@U+uX+n_eTFx$Dm4U{IrXtd-M@fr!
zsGWQ69<h2K0-YevwC!28KfY}pXHI>IjPx8sa9xq}q|w00FNkS4W5I!L<~UO`<Ou0D
z#0Zp5W1$#*DK%`Sx^@m;*1qv+CptW0Em?l7%~lg{h&GNxGChx=_aGXJ51Ek+aFEZ&
zXq_x?WLdd=UqkaW?;diK)>39IioS00$`4zFZzE<gK&}bx4pd3^z)SvS&2r`McVla;
zu1<H|=7-iPJ4_8-$I+!OSbv)&4tbdSjTrYxY+0GFt?u&}^zBgd4dwcyHU~0$`%)b=
zIH<pTLJw{vG^(AMw!Ofbzh9kbIpT@199Ot`7^!XrIa{J|)mo84?b!jiMeLKfoLM{-
zLeNS1==RLc9Cnd5J9=_caq}G0IG)%}+&6uN14{`88kC(=@>t0TEe-J%wIE{O3qYJi
zjq|qHvAKrv#-hfXHQ^Pd`3c)0i`LfSdihPCUiT5%#<u7IyIa8_@Dl)~@6z1l@Q-*#
zU{o<k5DvGJ+|=_14j_$9&iu&w@252t+R2dUJ|1&h>y;7jWs(!fz5@t8`?CitA?b|`
zkqTT|Z}u^<c>bU(c90q0tR(vxMzdW+kKV#OXI|2V>QjvTDcK;<PU9K#f7;jVK+BK&
z+@|AW-ZAk?P(ax@qT2LNvK0rcs|D-Yv0X=+cjv6}L^Gup^BWssGT1g;FV-Ba%4-cJ
zMo^?*d)-oetq(Xy5q0*mK)GIA>VF{_klfIDi^MBzsUp4K``5zrdqn}|_S13sD7*&#
zSXE&Er_#pB-OBin5}TqVZQBe6l#ug#YMOOLU|5=PKMV5+rLqhv)<l<MKZ(jGV9c3#
zndftEFeD`B<>I^Hf$G?t>nG;s!$JZ2Q5LNV6mV5OF=^D69gCE$>WtM4!&$X*Nve7S
zO1^Jk>qhtq{dgdr%giQ-2ug`t?G3jHam9<w5*gIm%%H@{YzZ0%>A2<=y=F__B^2T&
z?+uA4Row_^j4$~SB*q*yJ%hinHh7JIHic#f$J2bd=PrU>gR)x&W!A{03zKoHoRq4L
z5ZA$2I~djhOgbpv0`)v~7DNj|Lx%ijOALy5*{i>)u3&DAt#qKGzUZCH9XeuK)LF3#
z%V|G2oFD{k9T%)HIt1cG)y$ELPNjgumB-!#Cg`vjq4UBBA;|w}%CLtP)ywib@{nAf
zE!Ktuq3l;79td?HY@0NBPNzu>TR7HKc{^4x>74u6ldQZ@f~aw_8`#-33&kGg%)4z0
z<8Zy?V91d3yRQu`WHyr;iw886oNMNy!NPc^QGj~TWPORP)$8TZE~<oc!&=MFOh4={
z*N$QdF|c|8nVoRnGughaM~iAZ5Ao+c3!&d6MyyH{KSX+B8wllEj|A@?!H4*(yCg37
z%(e_TsDomVR+v$r?6IV7QNE2z{v5tYx*gQ5$E_=V=+06?XvM0mgO5JdoW;uC%5klT
zjl9*y^KkTKy*F8)xk8(=I2Em1ne)h^f0^ujb-uG$zcd*L1&cE#CK!o|#2w?8(TJGf
z3Vii>@49Qg7sYta$?v+qvgE%oVa)Qpe&D*gqJUVqv~ot@ol3hui0%yf9H7U9PfMF3
zZTExj)OK8%gXG}N7;(o9$>^!0ZvFqiGcvL@lyk7P`)A#|A<Rm={|A|d_=Aan@G*}6
zC8lp@_p4egD?!k9g#jk`{24XmEc)atMTmfkd?B@m*%W|8D>L;>jhs4@$h`R7F*$eG
zaV7WZoj4zlZ*i&3UDb$3lu;nPXw9H#$j_kRCv8fd#(Q*r5iyt!AatHDTYe-qH|z~D
zdA);Zlv0q{l2Z(>Qj|k1i$Ju~izO1c2GE(q-xKq`R&}@P@oC)9&|kl3Y-LZWs%bkZ
z=5mnHdA_YrQl<LG>NJJY?V3BUIFDm(+$25?rDIUcX1=asJ4ud*Qh{1edWnpHXHj#~
z&-MHDDnre)atM*~V;=$PFD_wOkyLr;+?jFoMV*}2H%P^|18({$M&RXxPHdTRqZPQ|
z+Rt_hd6j_0OAM894mZ1gJx!()6Gqw><Mb!-j``kj5|@3<D)I(y&q$7k*%xKce1WR_
zAglXC?TNY!=cSRGIg9MJxVe!vTX1`RGi}|A%aG0H^;0PWj7a5Bz8F0f>xeK<jQv3s
z_5oLgd}5*74!(LIW8udw(R=p(HfE-Wq)&F!8}Of5{XOkm<h4-iexz&rW9mWtd%6s5
z9gP3Tm%_*|=2P1}HPLz?vOsCHP~38aVmuY<Y&rXaP8Vqnt*80m`ht6$-*8z|R@Txb
zUnZTbDBg>ovqA-D_$Ne20ejlQ<*^}?c9?UCjX26~hblc;Dm$b2wW3uLElszEWj|3!
zx(l&k($&!+yeX0-u8z=v=6F?#&o&LT7#?P>vkX3Z+_~En=~F;)kReg?A$f<m5~h@H
zw&pQxwlE+ial(L5xY3^&aqA%(?bxBQ_Jq{MD`8fXvWIlM9ct0P7;{pQN6+5l&&1A+
zXfj(+D7RC=kw}4l{tg<lY=Z49*P`_CU}=s=a+J_=TKj<5_2mgH#<~TZ4{hUnGT3XD
z#ue4(guP$+tP013PTrFOjDCsroC5F_fhnBo+o~qyRt=WNt5ngN%?hRfh!43$Yd7;X
zpSy<+y#!lKe;q?auUTUZ*^pDZG#=k^cJ&c>Z@%ZwdW>nHO-F@q+AGk%XG6_OH18J^
z&Hf`B@V^&<zjJS*6Qpc=7+?m@pHbw`;=nMhP-&;@Www|IPwnB$q=>H+60RQZ9HFyV
z>^G4HWM8h=WxrG;PVE2?Qkg;z4`7n&6;&jyq24?nd*6siNcX4+aYKXh3Kv#f>AO4W
zcRJgAW?1hJV55A@tf9bWAd1NXk0ft^79(-$jS<BcP^tkG7ps%_GM0uoJPl0<f6t($
zO$}Ks+X!aWA^>C-FXwHQ6bn2y=xHYw<bC{U8Z$PmYMLs`lY&%i?>Ng@(2CW?dn*<g
zvx(iTz{qZD&OEBLVlczUy`Q7AUW?AMXmg**nW*g@p|~QSa*C+9Ns_b_DuT6vyQfpY
z>{Y6Qg==EQN>cst9w|eBs#LUM2E82X;Gy_hy`Pg*jY)73#2Mi#YLl)>6}|e)&2h`o
zc-Sebw+rIWcfX)BLDArA0o3LmOMUGzE+}jU1+#D_t{Fo#o(!5N?7+b*bU7(NAQXWA
zoe}tviodo0!VmmQ!GGRH{vxvdZolTkh>!ICNxu4bqyHqf{fPnq`1&u*AMC6DpRr&3
zuix#Lv96DC^amU4PfP#l-7h}a@AeC@`5W-x9sDOh>`&kakMhIphn?TBzmM4e)8Ah-
zs^9IGdCCt4=7*ktBUSzB`tSMbpR}q!(EtF-|AGCBWc63Xerx$>S@U07us`-*A0GTi
zk@H^~{;v?iQ2n9d&!-0e?*2cY8~kOM`R}m5o+A8Z_rGrw|56al@Z0l$Z5scA{$DPW
zG5>9y{tNco;y)Mkzbwl99ri!V`#;hDTwne|zp(tx=%1_2KjHtJ5dVTlu>EVO{7Fre
XlLGzYT0{8Qc=Z3;etb~x0090UyXVG$

literal 0
HcmV?d00001