From 550d44ea2da437be7f1b3ab08f7125481b04737c Mon Sep 17 00:00:00 2001
From: spalger <spalger@users.noreply.github.com>
Date: Thu, 30 Jul 2020 09:26:32 -0700
Subject: [PATCH 01/11] [i18n] remove unused translation keys

---
 x-pack/plugins/translations/translations/ja-JP.json | 1 -
 x-pack/plugins/translations/translations/zh-CN.json | 1 -
 2 files changed, 2 deletions(-)

diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 69a8449c4dc708..ff8c3186d5cf89 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -5008,7 +5008,6 @@
     "xpack.apm.settings.anomaly_detection.legacy_jobs.body": "以前の統合のレガシー機械学習ジョブが見つかりました。これは、APMアプリでは使用されていません。",
     "xpack.apm.settings.anomaly_detection.legacy_jobs.button": "ジョブの確認",
     "xpack.apm.settings.anomaly_detection.legacy_jobs.title": "レガシーMLジョブはAPMアプリで使用されていません。",
-    "xpack.apm.settings.anomaly_detection.license.text": "異常検知を使用するには、Elastic Platinumライセンスのサブスクリプションが必要です。このライセンスがあれば、機械学習を活用して、サービスを監視できます。",
     "xpack.apm.settings.anomalyDetection": "異常検知",
     "xpack.apm.settings.anomalyDetection.addEnvironments.cancelButtonText": "キャンセル",
     "xpack.apm.settings.anomalyDetection.addEnvironments.createJobsButtonText": "ジョブの作成",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 898897548b7fc5..bcf2f6707e7bfc 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -5009,7 +5009,6 @@
     "xpack.apm.settings.anomaly_detection.legacy_jobs.body": "我们在以前的集成中发现 APM 应用中不再使用的旧版 Machine Learning 作业",
     "xpack.apm.settings.anomaly_detection.legacy_jobs.button": "复查作业",
     "xpack.apm.settings.anomaly_detection.legacy_jobs.title": "旧版 ML 作业不再用于 APM 应用",
-    "xpack.apm.settings.anomaly_detection.license.text": "要使用异常检测，必须订阅 Elastic 白金级许可。使用该许可，您将能够借助 Machine Learning 监测服务。",
     "xpack.apm.settings.anomalyDetection": "异常检测",
     "xpack.apm.settings.anomalyDetection.addEnvironments.cancelButtonText": "取消",
     "xpack.apm.settings.anomalyDetection.addEnvironments.createJobsButtonText": "创建作业",

From c09216b6698eee0189e096dd67085bbe9ff12e4b Mon Sep 17 00:00:00 2001
From: Nathan Reese <reese.nathan@gmail.com>
Date: Thu, 30 Jul 2020 10:30:57 -0600
Subject: [PATCH 02/11] [Maps] fix application state filters transfer from
 other kibana application to maps application (#73516)

* [Maps] fix application state filters transfer from other kibana application to maps application

* clean up comment

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 .../maps/public/routing/routes/maps_app/maps_app_view.js  | 8 --------
 .../plugins/maps/public/routing/state_syncing/app_sync.js | 4 ++++
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/x-pack/plugins/maps/public/routing/routes/maps_app/maps_app_view.js b/x-pack/plugins/maps/public/routing/routes/maps_app/maps_app_view.js
index 7578d2fd3d3eab..d945aa9623b212 100644
--- a/x-pack/plugins/maps/public/routing/routes/maps_app/maps_app_view.js
+++ b/x-pack/plugins/maps/public/routing/routes/maps_app/maps_app_view.js
@@ -91,14 +91,6 @@ export class MapsAppView extends React.Component {
       this._globalSyncChangeMonitorSubscription.unsubscribe();
     }
 
-    // Clean up app state filters
-    const { filterManager } = getData().query;
-    filterManager.filters.forEach((filter) => {
-      if (filter.$state.store === esFilters.FilterStateStore.APP_STATE) {
-        filterManager.removeFilter(filter);
-      }
-    });
-
     getCoreChrome().setBreadcrumbs([]);
   }
 
diff --git a/x-pack/plugins/maps/public/routing/state_syncing/app_sync.js b/x-pack/plugins/maps/public/routing/state_syncing/app_sync.js
index 8dd643607ba9c5..60e8dc9cd574cb 100644
--- a/x-pack/plugins/maps/public/routing/state_syncing/app_sync.js
+++ b/x-pack/plugins/maps/public/routing/state_syncing/app_sync.js
@@ -15,6 +15,10 @@ export function startAppStateSyncing(appStateManager) {
   // sync app filters with app state container from data.query to state container
   const { query } = getData();
 
+  // Filter manager state persists across applications
+  // clear app state filters to prevent application filters from other applications being transfered to maps
+  query.filterManager.setAppFilters([]);
+
   const stateContainer = {
     get: () => ({
       query: appStateManager.getQuery(),

From e8cc2ff72f967a048d64c1f5072df8b1a4f2dae9 Mon Sep 17 00:00:00 2001
From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com>
Date: Thu, 30 Jul 2020 13:02:54 -0400
Subject: [PATCH 03/11] [SECURITY_SOLUTION][ENDPOINT] Fix Endpoint Hosts
 crashing periodically when switching between policy responses from linux and
 windows (#73809)

* Fix use of hooks in policy response
* Additional fixes to use of `useMemo`
* Added error boundary to management pages
---
 .../components/management_page_view.tsx       |  7 ++-
 .../view/details/policy_response.tsx          | 12 ++----
 .../view/policy_forms/events/checkbox.tsx     |  3 +-
 .../view/policy_forms/protections/malware.tsx |  3 +-
 .../pages/policy/view/policy_list.tsx         | 43 ++++++++-----------
 5 files changed, 31 insertions(+), 37 deletions(-)

diff --git a/x-pack/plugins/security_solution/public/management/components/management_page_view.tsx b/x-pack/plugins/security_solution/public/management/components/management_page_view.tsx
index aa562b9a202017..54d9131209d0d8 100644
--- a/x-pack/plugins/security_solution/public/management/components/management_page_view.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/management_page_view.tsx
@@ -5,10 +5,15 @@
  */
 
 import React, { memo } from 'react';
+import { EuiErrorBoundary } from '@elastic/eui';
 import { PageView, PageViewProps } from '../../common/components/endpoint/page_view';
 
 export const ManagementPageView = memo<Omit<PageViewProps, 'tabs'>>((options) => {
-  return <PageView {...options} />;
+  return (
+    <EuiErrorBoundary>
+      <PageView {...options} />
+    </EuiErrorBoundary>
+  );
 });
 
 ManagementPageView.displayName = 'ManagementPageView';
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/policy_response.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/policy_response.tsx
index 4cdfaad69eb726..3a1dd180405e04 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/policy_response.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/details/policy_response.tsx
@@ -140,20 +140,16 @@ export const PolicyResponse = memo(
     responseActions: Immutable<HostPolicyResponseAppliedAction[]>;
     responseAttentionCount: Map<string, number>;
   }) => {
+    const generateId = useMemo(() => htmlIdGenerator(), []);
+
     return (
       <>
         {Object.entries(responseConfig).map(([key, val]) => {
           const attentionCount = responseAttentionCount.get(key);
           return (
             <PolicyResponseConfigAccordion
-              id={
-                /* eslint-disable-next-line react-hooks/rules-of-hooks */
-                useMemo(() => htmlIdGenerator()(), [])
-              }
-              key={
-                /* eslint-disable-next-line react-hooks/rules-of-hooks */
-                useMemo(() => htmlIdGenerator()(), [])
-              }
+              id={generateId(`id_${key}`)}
+              key={generateId(`key_${key}`)}
               data-test-subj="hostDetailsPolicyResponseConfigAccordion"
               buttonContent={
                 <EuiText size="s">
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/events/checkbox.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/events/checkbox.tsx
index 9ceade5d0264c4..76077831c670b4 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/events/checkbox.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/events/checkbox.tsx
@@ -27,6 +27,7 @@ export const EventsCheckbox = React.memo(function ({
   const policyDetailsConfig = usePolicyDetailsSelector(policyConfig);
   const selected = getter(policyDetailsConfig);
   const dispatch = useDispatch<(action: PolicyDetailsAction) => void>();
+  const checkboxId = useMemo(() => htmlIdGenerator()(), []);
 
   const handleCheckboxChange = useCallback(
     (event: React.ChangeEvent<HTMLInputElement>) => {
@@ -42,7 +43,7 @@ export const EventsCheckbox = React.memo(function ({
 
   return (
     <EuiCheckbox
-      id={useMemo(() => htmlIdGenerator()(), [])}
+      id={checkboxId}
       label={name}
       checked={selected}
       onChange={handleCheckboxChange}
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/protections/malware.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/protections/malware.tsx
index 84d4bf5355cd98..1698f5bc3fd0c2 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/protections/malware.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_forms/protections/malware.tsx
@@ -41,6 +41,7 @@ const protection = 'malware';
 const ProtectionRadio = React.memo(({ id, label }: { id: ProtectionModes; label: string }) => {
   const policyDetailsConfig = usePolicyDetailsSelector(policyConfig);
   const dispatch = useDispatch();
+  const radioButtonId = useMemo(() => htmlIdGenerator()(), []);
   // currently just taking windows.malware, but both windows.malware and mac.malware should be the same value
   const selected = policyDetailsConfig && policyDetailsConfig.windows.malware.mode;
 
@@ -66,7 +67,7 @@ const ProtectionRadio = React.memo(({ id, label }: { id: ProtectionModes; label:
     <EuiRadio
       className="policyDetailsProtectionRadio"
       label={label}
-      id={useMemo(() => htmlIdGenerator()(), [])}
+      id={radioButtonId}
       checked={selected === id}
       onChange={handleRadioChange}
       disabled={selected === ProtectionModes.off}
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_list.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_list.tsx
index 246dbeb39886fb..39b77d259add1b 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_list.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_list.tsx
@@ -377,6 +377,22 @@ export const PolicyList = React.memo(() => {
     [services.application, handleDeleteOnClick, formatUrl, search]
   );
 
+  const bodyContent = useMemo(() => {
+    return policyItems && policyItems.length > 0 ? (
+      <EuiBasicTable
+        items={[...policyItems]}
+        columns={columns}
+        loading={loading}
+        pagination={paginationSetup}
+        onChange={handleTableChange}
+        data-test-subj="policyTable"
+        hasActions={false}
+      />
+    ) : (
+      <PolicyEmptyState loading={loading} onActionClick={handleCreatePolicyClick} />
+    );
+  }, [policyItems, loading, columns, handleCreatePolicyClick, handleTableChange, paginationSetup]);
+
   return (
     <>
       {showDelete && (
@@ -449,32 +465,7 @@ export const PolicyList = React.memo(() => {
             <EuiHorizontalRule margin="xs" />
           </>
         )}
-        {useMemo(() => {
-          return (
-            <>
-              {policyItems && policyItems.length > 0 ? (
-                <EuiBasicTable
-                  items={[...policyItems]}
-                  columns={columns}
-                  loading={loading}
-                  pagination={paginationSetup}
-                  onChange={handleTableChange}
-                  data-test-subj="policyTable"
-                  hasActions={false}
-                />
-              ) : (
-                <PolicyEmptyState loading={loading} onActionClick={handleCreatePolicyClick} />
-              )}
-            </>
-          );
-        }, [
-          policyItems,
-          loading,
-          columns,
-          handleCreatePolicyClick,
-          handleTableChange,
-          paginationSetup,
-        ])}
+        {bodyContent}
         <SpyRoute pageName={SecurityPageName.administration} />
       </ManagementPageView>
     </>

From 585d58c202e84945877f6138769bc0414c23ab09 Mon Sep 17 00:00:00 2001
From: Mikhail Shustov <restrry@gmail.com>
Date: Thu, 30 Jul 2020 20:12:37 +0300
Subject: [PATCH 04/11] [KP] Expose new es client (#73651)

* mark legacy ES client types as deprecated

* expose es client to plugins and update mocks

* ElasticSearchClientMock --> ElasticsearchClientMock

* expose es client mocks

* expose es client via RequestHandlerContext

* convert test/plugin_functional/config into ts

* convert top_nav test into ts

* add an integration test for the es client

* update comments to refer to the new es client

* fix import paths. do not use extensions

temp

* update docs

* fix other refs

* add test for a custom client

* fix context

* add test for scoped client

* update docs
---
 ...lugin-core-server.assistanceapiresponse.md |  3 +
 ...in-core-server.assistantapiclientparams.md |  3 +
 ...-core-server.deprecationapiclientparams.md |  3 +
 ...ugin-core-server.deprecationapiresponse.md |  3 +
 ...bana-plugin-core-server.deprecationinfo.md |  3 +
 ...n-core-server.elasticsearchclientconfig.md | 18 +++++
 ...server.elasticsearchservicestart.client.md | 22 +++++++
 ....elasticsearchservicestart.createclient.md | 23 +++++++
 ...n-core-server.elasticsearchservicestart.md |  2 +
 ...ervicesetup.registerroutehandlercontext.md |  2 +-
 ...re-server.iclusterclient.asinternaluser.md | 13 ++++
 ...gin-core-server.iclusterclient.asscoped.md | 13 ++++
 ...ibana-plugin-core-server.iclusterclient.md | 21 ++++++
 ...-core-server.icustomclusterclient.close.md | 13 ++++
 ...plugin-core-server.icustomclusterclient.md | 20 ++++++
 ...plugin-core-server.ilegacyclusterclient.md |  5 ++
 ...-core-server.ilegacycustomclusterclient.md |  5 ++
 ...-core-server.ilegacyscopedclusterclient.md |  5 ++
 ...ore-server.indexsettingsdeprecationinfo.md |  3 +
 ...rver.iscopedclusterclient.ascurrentuser.md | 13 ++++
 ...ver.iscopedclusterclient.asinternaluser.md | 13 ++++
 ...plugin-core-server.iscopedclusterclient.md | 21 ++++++
 ...bana-plugin-core-server.legacyapicaller.md |  3 +
 ...plugin-core-server.legacycallapioptions.md |  4 ++
 ...-plugin-core-server.legacyclusterclient.md |  6 ++
 ...-server.legacyelasticsearchclientconfig.md |  3 +
 ...in-core-server.legacyelasticsearcherror.md |  1 +
 ...n-core-server.legacyscopedclusterclient.md |  6 ++
 .../core/server/kibana-plugin-core-server.md  | 12 ++--
 ...erver.migration_assistance_index_action.md |  3 +
 ...core-server.migration_deprecation_level.md |  3 +
 ...-core-server.requesthandlercontext.core.md |  1 +
 ...lugin-core-server.requesthandlercontext.md |  4 +-
 scripts/functional_tests.js                   |  2 +-
 src/core/server/elasticsearch/client/mocks.ts | 15 ++---
 .../client/retry_call_cluster.test.ts         |  8 +--
 .../client/scoped_cluster_client.test.ts      |  8 +--
 .../client/scoped_cluster_client.ts           |  2 +-
 .../elasticsearch_service.mock.ts             | 30 ++++-----
 .../server/elasticsearch/legacy/api_types.ts  | 46 ++++++++++---
 .../elasticsearch/legacy/cluster_client.ts    |  4 +-
 .../legacy/elasticsearch_client_config.ts     |  1 +
 .../server/elasticsearch/legacy/errors.ts     |  5 +-
 .../legacy/scoped_cluster_client.ts           |  2 +
 src/core/server/elasticsearch/types.ts        | 64 +++++++++---------
 src/core/server/http/types.ts                 |  2 +-
 src/core/server/index.ts                      | 11 +++-
 src/core/server/mocks.ts                      |  1 +
 src/core/server/plugins/plugin_context.ts     |  2 +
 .../migrations/core/elastic_index.test.ts     |  4 +-
 .../migrations/core/index_migrator.test.ts    |  6 +-
 .../core/migration_es_client.test.ts          |  4 +-
 .../migrations/kibana/kibana_migrator.test.ts |  4 +-
 .../service/lib/repository.test.js            |  2 +-
 .../service/lib/repository_es_client.test.ts  |  4 +-
 src/core/server/server.api.md                 | 66 +++++++++++++------
 src/core/server/server.ts                     |  1 +
 src/plugins/data/server/server.api.md         |  1 +
 tasks/config/run.js                           |  2 +-
 test/api_integration/services/index.ts        |  1 -
 test/plugin_functional/README.md              |  6 +-
 .../{config.js => config.ts}                  |  6 +-
 .../elasticsearch_client_plugin/kibana.json   |  7 ++
 .../elasticsearch_client_plugin/package.json  | 15 +++++
 .../server/index.ts}                          | 10 +--
 .../server/plugin.ts                          | 53 +++++++++++++++
 .../elasticsearch_client_plugin/tsconfig.json | 12 ++++
 test/plugin_functional/services/index.ts      | 11 +---
 .../core_plugins/elasticsearch_client.ts      | 38 +++++++++++
 .../test_suites/core_plugins/index.ts         |  1 +
 .../core_plugins/{top_nav.js => top_nav.ts}   |  4 +-
 x-pack/test/plugin_api_integration/config.ts  |  1 +
 .../plugins/elasticsearch_client/kibana.json  |  7 ++
 .../plugins/elasticsearch_client/package.json | 14 ++++
 .../elasticsearch_client/server/index.ts      |  9 +++
 .../elasticsearch_client/server/plugin.ts     | 36 ++++++++++
 .../platform/elasticsearch_client.ts          | 26 ++++++++
 .../test_suites/platform/index.ts             | 14 ++++
 78 files changed, 695 insertions(+), 146 deletions(-)
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.elasticsearchclientconfig.md
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.client.md
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.createclient.md
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.iclusterclient.asinternaluser.md
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.iclusterclient.asscoped.md
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.iclusterclient.md
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.icustomclusterclient.close.md
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.icustomclusterclient.md
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.ascurrentuser.md
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.asinternaluser.md
 create mode 100644 docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.md
 rename test/plugin_functional/{config.js => config.ts} (94%)
 create mode 100644 test/plugin_functional/plugins/elasticsearch_client_plugin/kibana.json
 create mode 100644 test/plugin_functional/plugins/elasticsearch_client_plugin/package.json
 rename test/plugin_functional/{services/supertest.ts => plugins/elasticsearch_client_plugin/server/index.ts} (66%)
 create mode 100644 test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts
 create mode 100644 test/plugin_functional/plugins/elasticsearch_client_plugin/tsconfig.json
 create mode 100644 test/plugin_functional/test_suites/core_plugins/elasticsearch_client.ts
 rename test/plugin_functional/test_suites/core_plugins/{top_nav.js => top_nav.ts} (88%)
 create mode 100644 x-pack/test/plugin_api_integration/plugins/elasticsearch_client/kibana.json
 create mode 100644 x-pack/test/plugin_api_integration/plugins/elasticsearch_client/package.json
 create mode 100644 x-pack/test/plugin_api_integration/plugins/elasticsearch_client/server/index.ts
 create mode 100644 x-pack/test/plugin_api_integration/plugins/elasticsearch_client/server/plugin.ts
 create mode 100644 x-pack/test/plugin_api_integration/test_suites/platform/elasticsearch_client.ts
 create mode 100644 x-pack/test/plugin_api_integration/test_suites/platform/index.ts

diff --git a/docs/development/core/server/kibana-plugin-core-server.assistanceapiresponse.md b/docs/development/core/server/kibana-plugin-core-server.assistanceapiresponse.md
index 9bc24f4d1d366c..4778c98493b5bd 100644
--- a/docs/development/core/server/kibana-plugin-core-server.assistanceapiresponse.md
+++ b/docs/development/core/server/kibana-plugin-core-server.assistanceapiresponse.md
@@ -4,6 +4,9 @@
 
 ## AssistanceAPIResponse interface
 
+> Warning: This API is now obsolete.
+> 
+> 
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.assistantapiclientparams.md b/docs/development/core/server/kibana-plugin-core-server.assistantapiclientparams.md
index 8be7a9edde3632..6d3f8df2fa5182 100644
--- a/docs/development/core/server/kibana-plugin-core-server.assistantapiclientparams.md
+++ b/docs/development/core/server/kibana-plugin-core-server.assistantapiclientparams.md
@@ -4,6 +4,9 @@
 
 ## AssistantAPIClientParams interface
 
+> Warning: This API is now obsolete.
+> 
+> 
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.deprecationapiclientparams.md b/docs/development/core/server/kibana-plugin-core-server.deprecationapiclientparams.md
index e545cf42d3c26f..ed64d61e75fabc 100644
--- a/docs/development/core/server/kibana-plugin-core-server.deprecationapiclientparams.md
+++ b/docs/development/core/server/kibana-plugin-core-server.deprecationapiclientparams.md
@@ -4,6 +4,9 @@
 
 ## DeprecationAPIClientParams interface
 
+> Warning: This API is now obsolete.
+> 
+> 
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.deprecationapiresponse.md b/docs/development/core/server/kibana-plugin-core-server.deprecationapiresponse.md
index 1f6e1f9988fc26..1d837d9b4705d6 100644
--- a/docs/development/core/server/kibana-plugin-core-server.deprecationapiresponse.md
+++ b/docs/development/core/server/kibana-plugin-core-server.deprecationapiresponse.md
@@ -4,6 +4,9 @@
 
 ## DeprecationAPIResponse interface
 
+> Warning: This API is now obsolete.
+> 
+> 
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.deprecationinfo.md b/docs/development/core/server/kibana-plugin-core-server.deprecationinfo.md
index bd343f5bc74764..8eeb5ef638a829 100644
--- a/docs/development/core/server/kibana-plugin-core-server.deprecationinfo.md
+++ b/docs/development/core/server/kibana-plugin-core-server.deprecationinfo.md
@@ -4,6 +4,9 @@
 
 ## DeprecationInfo interface
 
+> Warning: This API is now obsolete.
+> 
+> 
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.elasticsearchclientconfig.md b/docs/development/core/server/kibana-plugin-core-server.elasticsearchclientconfig.md
new file mode 100644
index 00000000000000..1ba359e81b9c62
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.elasticsearchclientconfig.md
@@ -0,0 +1,18 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [ElasticsearchClientConfig](./kibana-plugin-core-server.elasticsearchclientconfig.md)
+
+## ElasticsearchClientConfig type
+
+Configuration options to be used to create a [cluster client](./kibana-plugin-core-server.iclusterclient.md) using the [createClient API](./kibana-plugin-core-server.elasticsearchservicestart.createclient.md)
+
+<b>Signature:</b>
+
+```typescript
+export declare type ElasticsearchClientConfig = Pick<ElasticsearchConfig, 'customHeaders' | 'logQueries' | 'sniffOnStart' | 'sniffOnConnectionFault' | 'requestHeadersWhitelist' | 'sniffInterval' | 'hosts' | 'username' | 'password'> & {
+    pingTimeout?: ElasticsearchConfig['pingTimeout'] | ClientOptions['pingTimeout'];
+    requestTimeout?: ElasticsearchConfig['requestTimeout'] | ClientOptions['requestTimeout'];
+    ssl?: Partial<ElasticsearchConfig['ssl']>;
+    keepAlive?: boolean;
+};
+```
diff --git a/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.client.md b/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.client.md
new file mode 100644
index 00000000000000..591f126c423e3c
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.client.md
@@ -0,0 +1,22 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [ElasticsearchServiceStart](./kibana-plugin-core-server.elasticsearchservicestart.md) &gt; [client](./kibana-plugin-core-server.elasticsearchservicestart.client.md)
+
+## ElasticsearchServiceStart.client property
+
+A pre-configured [Elasticsearch client](./kibana-plugin-core-server.iclusterclient.md)
+
+<b>Signature:</b>
+
+```typescript
+readonly client: IClusterClient;
+```
+
+## Example
+
+
+```js
+const client = core.elasticsearch.client;
+
+```
+
diff --git a/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.createclient.md b/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.createclient.md
new file mode 100644
index 00000000000000..d4a13812ab5338
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.createclient.md
@@ -0,0 +1,23 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [ElasticsearchServiceStart](./kibana-plugin-core-server.elasticsearchservicestart.md) &gt; [createClient](./kibana-plugin-core-server.elasticsearchservicestart.createclient.md)
+
+## ElasticsearchServiceStart.createClient property
+
+Create application specific Elasticsearch cluster API client with customized config. See [IClusterClient](./kibana-plugin-core-server.iclusterclient.md)<!-- -->.
+
+<b>Signature:</b>
+
+```typescript
+readonly createClient: (type: string, clientConfig?: Partial<ElasticsearchClientConfig>) => ICustomClusterClient;
+```
+
+## Example
+
+
+```js
+const client = elasticsearch.createClient('my-app-name', config);
+const data = await client.asInternalUser.search();
+
+```
+
diff --git a/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.md b/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.md
index e059acdbd52fa2..860867d6544358 100644
--- a/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.md
+++ b/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.md
@@ -15,5 +15,7 @@ export interface ElasticsearchServiceStart
 
 |  Property | Type | Description |
 |  --- | --- | --- |
+|  [client](./kibana-plugin-core-server.elasticsearchservicestart.client.md) | <code>IClusterClient</code> | A pre-configured [Elasticsearch client](./kibana-plugin-core-server.iclusterclient.md) |
+|  [createClient](./kibana-plugin-core-server.elasticsearchservicestart.createclient.md) | <code>(type: string, clientConfig?: Partial&lt;ElasticsearchClientConfig&gt;) =&gt; ICustomClusterClient</code> | Create application specific Elasticsearch cluster API client with customized config. See [IClusterClient](./kibana-plugin-core-server.iclusterclient.md)<!-- -->. |
 |  [legacy](./kibana-plugin-core-server.elasticsearchservicestart.legacy.md) | <code>{</code><br/><code>        readonly createClient: (type: string, clientConfig?: Partial&lt;LegacyElasticsearchClientConfig&gt;) =&gt; ILegacyCustomClusterClient;</code><br/><code>        readonly client: ILegacyClusterClient;</code><br/><code>    }</code> |  |
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.httpservicesetup.registerroutehandlercontext.md b/docs/development/core/server/kibana-plugin-core-server.httpservicesetup.registerroutehandlercontext.md
index 8958b49d98b0c7..b0dc4d44f75594 100644
--- a/docs/development/core/server/kibana-plugin-core-server.httpservicesetup.registerroutehandlercontext.md
+++ b/docs/development/core/server/kibana-plugin-core-server.httpservicesetup.registerroutehandlercontext.md
@@ -21,7 +21,7 @@ registerRouteHandlerContext: <T extends keyof RequestHandlerContext>(contextName
    'myApp',
    (context, req) => {
     async function search (id: string) {
-      return await context.elasticsearch.legacy.client.callAsInternalUser('endpoint', id);
+      return await context.elasticsearch.client.asCurrentUser.find(id);
     }
     return { search };
    }
diff --git a/docs/development/core/server/kibana-plugin-core-server.iclusterclient.asinternaluser.md b/docs/development/core/server/kibana-plugin-core-server.iclusterclient.asinternaluser.md
new file mode 100644
index 00000000000000..c7adc345af5a33
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.iclusterclient.asinternaluser.md
@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [IClusterClient](./kibana-plugin-core-server.iclusterclient.md) &gt; [asInternalUser](./kibana-plugin-core-server.iclusterclient.asinternaluser.md)
+
+## IClusterClient.asInternalUser property
+
+A [client](./kibana-plugin-core-server.elasticsearchclient.md) to be used to query the ES cluster on behalf of the Kibana internal user
+
+<b>Signature:</b>
+
+```typescript
+readonly asInternalUser: ElasticsearchClient;
+```
diff --git a/docs/development/core/server/kibana-plugin-core-server.iclusterclient.asscoped.md b/docs/development/core/server/kibana-plugin-core-server.iclusterclient.asscoped.md
new file mode 100644
index 00000000000000..301fcbfee58581
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.iclusterclient.asscoped.md
@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [IClusterClient](./kibana-plugin-core-server.iclusterclient.md) &gt; [asScoped](./kibana-plugin-core-server.iclusterclient.asscoped.md)
+
+## IClusterClient.asScoped property
+
+Creates a [scoped cluster client](./kibana-plugin-core-server.iscopedclusterclient.md) bound to given [request](./kibana-plugin-core-server.scopeablerequest.md)
+
+<b>Signature:</b>
+
+```typescript
+asScoped: (request: ScopeableRequest) => IScopedClusterClient;
+```
diff --git a/docs/development/core/server/kibana-plugin-core-server.iclusterclient.md b/docs/development/core/server/kibana-plugin-core-server.iclusterclient.md
new file mode 100644
index 00000000000000..f6bacee322538d
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.iclusterclient.md
@@ -0,0 +1,21 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [IClusterClient](./kibana-plugin-core-server.iclusterclient.md)
+
+## IClusterClient interface
+
+Represents an Elasticsearch cluster API client created by the platform. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via `asScoped(...)`<!-- -->).
+
+<b>Signature:</b>
+
+```typescript
+export interface IClusterClient 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [asInternalUser](./kibana-plugin-core-server.iclusterclient.asinternaluser.md) | <code>ElasticsearchClient</code> | A [client](./kibana-plugin-core-server.elasticsearchclient.md) to be used to query the ES cluster on behalf of the Kibana internal user |
+|  [asScoped](./kibana-plugin-core-server.iclusterclient.asscoped.md) | <code>(request: ScopeableRequest) =&gt; IScopedClusterClient</code> | Creates a [scoped cluster client](./kibana-plugin-core-server.iscopedclusterclient.md) bound to given [request](./kibana-plugin-core-server.scopeablerequest.md) |
+
diff --git a/docs/development/core/server/kibana-plugin-core-server.icustomclusterclient.close.md b/docs/development/core/server/kibana-plugin-core-server.icustomclusterclient.close.md
new file mode 100644
index 00000000000000..5fa2e93cca75bd
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.icustomclusterclient.close.md
@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [ICustomClusterClient](./kibana-plugin-core-server.icustomclusterclient.md) &gt; [close](./kibana-plugin-core-server.icustomclusterclient.close.md)
+
+## ICustomClusterClient.close property
+
+Closes the cluster client. After that client cannot be used and one should create a new client instance to be able to interact with Elasticsearch API.
+
+<b>Signature:</b>
+
+```typescript
+close: () => Promise<void>;
+```
diff --git a/docs/development/core/server/kibana-plugin-core-server.icustomclusterclient.md b/docs/development/core/server/kibana-plugin-core-server.icustomclusterclient.md
new file mode 100644
index 00000000000000..189a50b5d6c20a
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.icustomclusterclient.md
@@ -0,0 +1,20 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [ICustomClusterClient](./kibana-plugin-core-server.icustomclusterclient.md)
+
+## ICustomClusterClient interface
+
+See [IClusterClient](./kibana-plugin-core-server.iclusterclient.md)
+
+<b>Signature:</b>
+
+```typescript
+export interface ICustomClusterClient extends IClusterClient 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [close](./kibana-plugin-core-server.icustomclusterclient.close.md) | <code>() =&gt; Promise&lt;void&gt;</code> | Closes the cluster client. After that client cannot be used and one should create a new client instance to be able to interact with Elasticsearch API. |
+
diff --git a/docs/development/core/server/kibana-plugin-core-server.ilegacyclusterclient.md b/docs/development/core/server/kibana-plugin-core-server.ilegacyclusterclient.md
index c70a5ac07c6ad8..b5fbb3d54b972a 100644
--- a/docs/development/core/server/kibana-plugin-core-server.ilegacyclusterclient.md
+++ b/docs/development/core/server/kibana-plugin-core-server.ilegacyclusterclient.md
@@ -4,6 +4,11 @@
 
 ## ILegacyClusterClient type
 
+> Warning: This API is now obsolete.
+> 
+> Use [IClusterClient](./kibana-plugin-core-server.iclusterclient.md)<!-- -->.
+> 
+
 Represents an Elasticsearch cluster API client created by the platform. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via `asScoped(...)`<!-- -->).
 
 See [LegacyClusterClient](./kibana-plugin-core-server.legacyclusterclient.md)<!-- -->.
diff --git a/docs/development/core/server/kibana-plugin-core-server.ilegacycustomclusterclient.md b/docs/development/core/server/kibana-plugin-core-server.ilegacycustomclusterclient.md
index a3cb8f13150212..4da121984d0847 100644
--- a/docs/development/core/server/kibana-plugin-core-server.ilegacycustomclusterclient.md
+++ b/docs/development/core/server/kibana-plugin-core-server.ilegacycustomclusterclient.md
@@ -4,6 +4,11 @@
 
 ## ILegacyCustomClusterClient type
 
+> Warning: This API is now obsolete.
+> 
+> Use [ICustomClusterClient](./kibana-plugin-core-server.icustomclusterclient.md)<!-- -->.
+> 
+
 Represents an Elasticsearch cluster API client created by a plugin. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via `asScoped(...)`<!-- -->).
 
 See [LegacyClusterClient](./kibana-plugin-core-server.legacyclusterclient.md)<!-- -->.
diff --git a/docs/development/core/server/kibana-plugin-core-server.ilegacyscopedclusterclient.md b/docs/development/core/server/kibana-plugin-core-server.ilegacyscopedclusterclient.md
index 1263b85acb4983..51d0b2e4882cb6 100644
--- a/docs/development/core/server/kibana-plugin-core-server.ilegacyscopedclusterclient.md
+++ b/docs/development/core/server/kibana-plugin-core-server.ilegacyscopedclusterclient.md
@@ -4,6 +4,11 @@
 
 ## ILegacyScopedClusterClient type
 
+> Warning: This API is now obsolete.
+> 
+> Use [IScopedClusterClient](./kibana-plugin-core-server.iscopedclusterclient.md)<!-- -->.
+> 
+
 Serves the same purpose as "normal" `ClusterClient` but exposes additional `callAsCurrentUser` method that doesn't use credentials of the Kibana internal user (as `callAsInternalUser` does) to request Elasticsearch API, but rather passes HTTP headers extracted from the current user request to the API.
 
 See [LegacyScopedClusterClient](./kibana-plugin-core-server.legacyscopedclusterclient.md)<!-- -->.
diff --git a/docs/development/core/server/kibana-plugin-core-server.indexsettingsdeprecationinfo.md b/docs/development/core/server/kibana-plugin-core-server.indexsettingsdeprecationinfo.md
index 00f16595490784..706898c4ad9aa2 100644
--- a/docs/development/core/server/kibana-plugin-core-server.indexsettingsdeprecationinfo.md
+++ b/docs/development/core/server/kibana-plugin-core-server.indexsettingsdeprecationinfo.md
@@ -4,6 +4,9 @@
 
 ## IndexSettingsDeprecationInfo interface
 
+> Warning: This API is now obsolete.
+> 
+> 
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.ascurrentuser.md b/docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.ascurrentuser.md
new file mode 100644
index 00000000000000..ddc6357bb8835e
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.ascurrentuser.md
@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [IScopedClusterClient](./kibana-plugin-core-server.iscopedclusterclient.md) &gt; [asCurrentUser](./kibana-plugin-core-server.iscopedclusterclient.ascurrentuser.md)
+
+## IScopedClusterClient.asCurrentUser property
+
+A [client](./kibana-plugin-core-server.elasticsearchclient.md) to be used to query the elasticsearch cluster on behalf of the user that initiated the request to the Kibana server.
+
+<b>Signature:</b>
+
+```typescript
+readonly asCurrentUser: ElasticsearchClient;
+```
diff --git a/docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.asinternaluser.md b/docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.asinternaluser.md
new file mode 100644
index 00000000000000..f7f308aa131614
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.asinternaluser.md
@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [IScopedClusterClient](./kibana-plugin-core-server.iscopedclusterclient.md) &gt; [asInternalUser](./kibana-plugin-core-server.iscopedclusterclient.asinternaluser.md)
+
+## IScopedClusterClient.asInternalUser property
+
+A [client](./kibana-plugin-core-server.elasticsearchclient.md) to be used to query the elasticsearch cluster on behalf of the internal Kibana user.
+
+<b>Signature:</b>
+
+```typescript
+readonly asInternalUser: ElasticsearchClient;
+```
diff --git a/docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.md b/docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.md
new file mode 100644
index 00000000000000..f39db268288a6f
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.iscopedclusterclient.md
@@ -0,0 +1,21 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [IScopedClusterClient](./kibana-plugin-core-server.iscopedclusterclient.md)
+
+## IScopedClusterClient interface
+
+Serves the same purpose as the normal [cluster client](./kibana-plugin-core-server.iclusterclient.md) but exposes an additional `asCurrentUser` method that doesn't use credentials of the Kibana internal user (as `asInternalUser` does) to request Elasticsearch API, but rather passes HTTP headers extracted from the current user request to the API instead.
+
+<b>Signature:</b>
+
+```typescript
+export interface IScopedClusterClient 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [asCurrentUser](./kibana-plugin-core-server.iscopedclusterclient.ascurrentuser.md) | <code>ElasticsearchClient</code> | A [client](./kibana-plugin-core-server.elasticsearchclient.md) to be used to query the elasticsearch cluster on behalf of the user that initiated the request to the Kibana server. |
+|  [asInternalUser](./kibana-plugin-core-server.iscopedclusterclient.asinternaluser.md) | <code>ElasticsearchClient</code> | A [client](./kibana-plugin-core-server.elasticsearchclient.md) to be used to query the elasticsearch cluster on behalf of the internal Kibana user. |
+
diff --git a/docs/development/core/server/kibana-plugin-core-server.legacyapicaller.md b/docs/development/core/server/kibana-plugin-core-server.legacyapicaller.md
index e6c2878d2b3556..168209659046e7 100644
--- a/docs/development/core/server/kibana-plugin-core-server.legacyapicaller.md
+++ b/docs/development/core/server/kibana-plugin-core-server.legacyapicaller.md
@@ -4,6 +4,9 @@
 
 ## LegacyAPICaller interface
 
+> Warning: This API is now obsolete.
+> 
+> 
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.legacycallapioptions.md b/docs/development/core/server/kibana-plugin-core-server.legacycallapioptions.md
index 9ebe2fc57a54bf..40def157114ef2 100644
--- a/docs/development/core/server/kibana-plugin-core-server.legacycallapioptions.md
+++ b/docs/development/core/server/kibana-plugin-core-server.legacycallapioptions.md
@@ -4,6 +4,10 @@
 
 ## LegacyCallAPIOptions interface
 
+> Warning: This API is now obsolete.
+> 
+> 
+
 The set of options that defines how API call should be made and result be processed.
 
 <b>Signature:</b>
diff --git a/docs/development/core/server/kibana-plugin-core-server.legacyclusterclient.md b/docs/development/core/server/kibana-plugin-core-server.legacyclusterclient.md
index c51f1858c97a57..668d0b2866a264 100644
--- a/docs/development/core/server/kibana-plugin-core-server.legacyclusterclient.md
+++ b/docs/development/core/server/kibana-plugin-core-server.legacyclusterclient.md
@@ -4,6 +4,12 @@
 
 ## LegacyClusterClient class
 
+> Warning: This API is now obsolete.
+> 
+> Use [IClusterClient](./kibana-plugin-core-server.iclusterclient.md)<!-- -->.
+> 
+
+Represents an Elasticsearch cluster API client created by the platform. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via `asScoped(...)`<!-- -->).
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.legacyelasticsearchclientconfig.md b/docs/development/core/server/kibana-plugin-core-server.legacyelasticsearchclientconfig.md
index 62b0f216c863c0..78f7bf582d355e 100644
--- a/docs/development/core/server/kibana-plugin-core-server.legacyelasticsearchclientconfig.md
+++ b/docs/development/core/server/kibana-plugin-core-server.legacyelasticsearchclientconfig.md
@@ -4,6 +4,9 @@
 
 ## LegacyElasticsearchClientConfig type
 
+> Warning: This API is now obsolete.
+> 
+> 
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.legacyelasticsearcherror.md b/docs/development/core/server/kibana-plugin-core-server.legacyelasticsearcherror.md
index f760780504e55f..40fc1a8e05a68b 100644
--- a/docs/development/core/server/kibana-plugin-core-server.legacyelasticsearcherror.md
+++ b/docs/development/core/server/kibana-plugin-core-server.legacyelasticsearcherror.md
@@ -4,6 +4,7 @@
 
 ## LegacyElasticsearchError interface
 
+@<!-- -->deprecated. The new elasticsearch client doesn't wrap errors anymore.
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.legacyscopedclusterclient.md b/docs/development/core/server/kibana-plugin-core-server.legacyscopedclusterclient.md
index c4a94d8661c47b..7f752d70921ba7 100644
--- a/docs/development/core/server/kibana-plugin-core-server.legacyscopedclusterclient.md
+++ b/docs/development/core/server/kibana-plugin-core-server.legacyscopedclusterclient.md
@@ -4,6 +4,12 @@
 
 ## LegacyScopedClusterClient class
 
+> Warning: This API is now obsolete.
+> 
+> Use [scoped cluster client](./kibana-plugin-core-server.iscopedclusterclient.md)<!-- -->.
+> 
+
+Serves the same purpose as the normal [cluster client](./kibana-plugin-core-server.iclusterclient.md) but exposes an additional `asCurrentUser` method that doesn't use credentials of the Kibana internal user (as `asInternalUser` does) to request Elasticsearch API, but rather passes HTTP headers extracted from the current user request to the API instead.
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.md b/docs/development/core/server/kibana-plugin-core-server.md
index 95b7627398b45e..5347f0b55e19b4 100644
--- a/docs/development/core/server/kibana-plugin-core-server.md
+++ b/docs/development/core/server/kibana-plugin-core-server.md
@@ -20,9 +20,9 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [CspConfig](./kibana-plugin-core-server.cspconfig.md) | CSP configuration for use in Kibana. |
 |  [ElasticsearchConfig](./kibana-plugin-core-server.elasticsearchconfig.md) | Wrapper of config schema. |
 |  [KibanaRequest](./kibana-plugin-core-server.kibanarequest.md) | Kibana specific abstraction for an incoming request. |
-|  [LegacyClusterClient](./kibana-plugin-core-server.legacyclusterclient.md) |  |
+|  [LegacyClusterClient](./kibana-plugin-core-server.legacyclusterclient.md) | Represents an Elasticsearch cluster API client created by the platform. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via <code>asScoped(...)</code>). |
 |  [LegacyElasticsearchErrorHelpers](./kibana-plugin-core-server.legacyelasticsearcherrorhelpers.md) | Helpers for working with errors returned from the Elasticsearch service.Since the internal data of errors are subject to change, consumers of the Elasticsearch service should always use these helpers to classify errors instead of checking error internals such as <code>body.error.header[WWW-Authenticate]</code> |
-|  [LegacyScopedClusterClient](./kibana-plugin-core-server.legacyscopedclusterclient.md) |  |
+|  [LegacyScopedClusterClient](./kibana-plugin-core-server.legacyscopedclusterclient.md) | Serves the same purpose as the normal [cluster client](./kibana-plugin-core-server.iclusterclient.md) but exposes an additional <code>asCurrentUser</code> method that doesn't use credentials of the Kibana internal user (as <code>asInternalUser</code> does) to request Elasticsearch API, but rather passes HTTP headers extracted from the current user request to the API instead. |
 |  [RouteValidationError](./kibana-plugin-core-server.routevalidationerror.md) | Error to return when the validation is not successful. |
 |  [SavedObjectsClient](./kibana-plugin-core-server.savedobjectsclient.md) |  |
 |  [SavedObjectsErrorHelpers](./kibana-plugin-core-server.savedobjectserrorhelpers.md) |  |
@@ -98,20 +98,23 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [HttpServerInfo](./kibana-plugin-core-server.httpserverinfo.md) |  |
 |  [HttpServiceSetup](./kibana-plugin-core-server.httpservicesetup.md) | Kibana HTTP Service provides own abstraction for work with HTTP stack. Plugins don't have direct access to <code>hapi</code> server and its primitives anymore. Moreover, plugins shouldn't rely on the fact that HTTP Service uses one or another library under the hood. This gives the platform flexibility to upgrade or changing our internal HTTP stack without breaking plugins. If the HTTP Service lacks functionality you need, we are happy to discuss and support your needs. |
 |  [HttpServiceStart](./kibana-plugin-core-server.httpservicestart.md) |  |
+|  [IClusterClient](./kibana-plugin-core-server.iclusterclient.md) | Represents an Elasticsearch cluster API client created by the platform. It allows to call API on behalf of the internal Kibana user and the actual user that is derived from the request headers (via <code>asScoped(...)</code>). |
 |  [IContextContainer](./kibana-plugin-core-server.icontextcontainer.md) | An object that handles registration of context providers and configuring handlers with context. |
 |  [ICspConfig](./kibana-plugin-core-server.icspconfig.md) | CSP configuration for use in Kibana. |
+|  [ICustomClusterClient](./kibana-plugin-core-server.icustomclusterclient.md) | See [IClusterClient](./kibana-plugin-core-server.iclusterclient.md) |
 |  [IKibanaResponse](./kibana-plugin-core-server.ikibanaresponse.md) | A response data object, expected to returned as a result of [RequestHandler](./kibana-plugin-core-server.requesthandler.md) execution |
 |  [IKibanaSocket](./kibana-plugin-core-server.ikibanasocket.md) | A tiny abstraction for TCP socket. |
 |  [ImageValidation](./kibana-plugin-core-server.imagevalidation.md) |  |
 |  [IndexSettingsDeprecationInfo](./kibana-plugin-core-server.indexsettingsdeprecationinfo.md) |  |
 |  [IRenderOptions](./kibana-plugin-core-server.irenderoptions.md) |  |
 |  [IRouter](./kibana-plugin-core-server.irouter.md) | Registers route handlers for specified resource path and method. See [RouteConfig](./kibana-plugin-core-server.routeconfig.md) and [RequestHandler](./kibana-plugin-core-server.requesthandler.md) for more information about arguments to route registrations. |
+|  [IScopedClusterClient](./kibana-plugin-core-server.iscopedclusterclient.md) | Serves the same purpose as the normal [cluster client](./kibana-plugin-core-server.iclusterclient.md) but exposes an additional <code>asCurrentUser</code> method that doesn't use credentials of the Kibana internal user (as <code>asInternalUser</code> does) to request Elasticsearch API, but rather passes HTTP headers extracted from the current user request to the API instead. |
 |  [IUiSettingsClient](./kibana-plugin-core-server.iuisettingsclient.md) | Server-side client that provides access to the advanced settings stored in elasticsearch. The settings provide control over the behavior of the Kibana application. For example, a user can specify how to display numeric or date fields. Users can adjust the settings via Management UI. |
 |  [KibanaRequestEvents](./kibana-plugin-core-server.kibanarequestevents.md) | Request events. |
 |  [KibanaRequestRoute](./kibana-plugin-core-server.kibanarequestroute.md) | Request specific route information exposed to a handler. |
 |  [LegacyAPICaller](./kibana-plugin-core-server.legacyapicaller.md) |  |
 |  [LegacyCallAPIOptions](./kibana-plugin-core-server.legacycallapioptions.md) | The set of options that defines how API call should be made and result be processed. |
-|  [LegacyElasticsearchError](./kibana-plugin-core-server.legacyelasticsearcherror.md) |  |
+|  [LegacyElasticsearchError](./kibana-plugin-core-server.legacyelasticsearcherror.md) | @<!-- -->deprecated. The new elasticsearch client doesn't wrap errors anymore. |
 |  [LegacyRequest](./kibana-plugin-core-server.legacyrequest.md) |  |
 |  [LegacyServiceSetupDeps](./kibana-plugin-core-server.legacyservicesetupdeps.md) |  |
 |  [LegacyServiceStartDeps](./kibana-plugin-core-server.legacyservicestartdeps.md) |  |
@@ -137,7 +140,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [PluginConfigDescriptor](./kibana-plugin-core-server.pluginconfigdescriptor.md) | Describes a plugin configuration properties. |
 |  [PluginInitializerContext](./kibana-plugin-core-server.plugininitializercontext.md) | Context that's available to plugins during initialization stage. |
 |  [PluginManifest](./kibana-plugin-core-server.pluginmanifest.md) | Describes the set of required and optional properties plugin can define in its mandatory JSON manifest file. |
-|  [RequestHandlerContext](./kibana-plugin-core-server.requesthandlercontext.md) | Plugin specific context passed to a route handler.<!-- -->Provides the following clients and services: - [savedObjects.client](./kibana-plugin-core-server.savedobjectsclient.md) - Saved Objects client which uses the credentials of the incoming request - [savedObjects.typeRegistry](./kibana-plugin-core-server.isavedobjecttyperegistry.md) - Type registry containing all the registered types. - [elasticsearch.legacy.client](./kibana-plugin-core-server.legacyscopedclusterclient.md) - Elasticsearch data client which uses the credentials of the incoming request - [uiSettings.client](./kibana-plugin-core-server.iuisettingsclient.md) - uiSettings client which uses the credentials of the incoming request |
+|  [RequestHandlerContext](./kibana-plugin-core-server.requesthandlercontext.md) | Plugin specific context passed to a route handler.<!-- -->Provides the following clients and services: - [savedObjects.client](./kibana-plugin-core-server.savedobjectsclient.md) - Saved Objects client which uses the credentials of the incoming request - [savedObjects.typeRegistry](./kibana-plugin-core-server.isavedobjecttyperegistry.md) - Type registry containing all the registered types. - [elasticsearch.client](./kibana-plugin-core-server.iscopedclusterclient.md) - Elasticsearch data client which uses the credentials of the incoming request - [elasticsearch.legacy.client](./kibana-plugin-core-server.legacyscopedclusterclient.md) - The legacy Elasticsearch data client which uses the credentials of the incoming request - [uiSettings.client](./kibana-plugin-core-server.iuisettingsclient.md) - uiSettings client which uses the credentials of the incoming request - [uiSettings.auditor](./kibana-plugin-core-server.auditor.md) - AuditTrail client scoped to the incoming request |
 |  [RouteConfig](./kibana-plugin-core-server.routeconfig.md) | Route specific configuration. |
 |  [RouteConfigOptions](./kibana-plugin-core-server.routeconfigoptions.md) | Additional route options. |
 |  [RouteConfigOptionsBody](./kibana-plugin-core-server.routeconfigoptionsbody.md) | Additional body options for a route |
@@ -236,6 +239,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
 |  [ConfigPath](./kibana-plugin-core-server.configpath.md) |  |
 |  [DestructiveRouteMethod](./kibana-plugin-core-server.destructiveroutemethod.md) | Set of HTTP methods changing the state of the server. |
 |  [ElasticsearchClient](./kibana-plugin-core-server.elasticsearchclient.md) | Client used to query the elasticsearch cluster. |
+|  [ElasticsearchClientConfig](./kibana-plugin-core-server.elasticsearchclientconfig.md) | Configuration options to be used to create a [cluster client](./kibana-plugin-core-server.iclusterclient.md) using the [createClient API](./kibana-plugin-core-server.elasticsearchservicestart.createclient.md) |
 |  [Freezable](./kibana-plugin-core-server.freezable.md) |  |
 |  [GetAuthHeaders](./kibana-plugin-core-server.getauthheaders.md) | Get headers to authenticate a user against Elasticsearch. |
 |  [GetAuthState](./kibana-plugin-core-server.getauthstate.md) | Gets authentication state for a request. Returned by <code>auth</code> interceptor. |
diff --git a/docs/development/core/server/kibana-plugin-core-server.migration_assistance_index_action.md b/docs/development/core/server/kibana-plugin-core-server.migration_assistance_index_action.md
index 69fb573d365300..a924f0cea6b6b0 100644
--- a/docs/development/core/server/kibana-plugin-core-server.migration_assistance_index_action.md
+++ b/docs/development/core/server/kibana-plugin-core-server.migration_assistance_index_action.md
@@ -4,6 +4,9 @@
 
 ## MIGRATION\_ASSISTANCE\_INDEX\_ACTION type
 
+> Warning: This API is now obsolete.
+> 
+> 
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.migration_deprecation_level.md b/docs/development/core/server/kibana-plugin-core-server.migration_deprecation_level.md
index c3256eaa783314..0fcae8c847cb40 100644
--- a/docs/development/core/server/kibana-plugin-core-server.migration_deprecation_level.md
+++ b/docs/development/core/server/kibana-plugin-core-server.migration_deprecation_level.md
@@ -4,6 +4,9 @@
 
 ## MIGRATION\_DEPRECATION\_LEVEL type
 
+> Warning: This API is now obsolete.
+> 
+> 
 
 <b>Signature:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.requesthandlercontext.core.md b/docs/development/core/server/kibana-plugin-core-server.requesthandlercontext.core.md
index 2d31c24a077cbf..5b8492ec5ece1b 100644
--- a/docs/development/core/server/kibana-plugin-core-server.requesthandlercontext.core.md
+++ b/docs/development/core/server/kibana-plugin-core-server.requesthandlercontext.core.md
@@ -13,6 +13,7 @@ core: {
             typeRegistry: ISavedObjectTypeRegistry;
         };
         elasticsearch: {
+            client: IScopedClusterClient;
             legacy: {
                 client: ILegacyScopedClusterClient;
             };
diff --git a/docs/development/core/server/kibana-plugin-core-server.requesthandlercontext.md b/docs/development/core/server/kibana-plugin-core-server.requesthandlercontext.md
index 07e6dcbdae125e..4e530973f9d50a 100644
--- a/docs/development/core/server/kibana-plugin-core-server.requesthandlercontext.md
+++ b/docs/development/core/server/kibana-plugin-core-server.requesthandlercontext.md
@@ -6,7 +6,7 @@
 
 Plugin specific context passed to a route handler.
 
-Provides the following clients and services: - [savedObjects.client](./kibana-plugin-core-server.savedobjectsclient.md) - Saved Objects client which uses the credentials of the incoming request - [savedObjects.typeRegistry](./kibana-plugin-core-server.isavedobjecttyperegistry.md) - Type registry containing all the registered types. - [elasticsearch.legacy.client](./kibana-plugin-core-server.legacyscopedclusterclient.md) - Elasticsearch data client which uses the credentials of the incoming request - [uiSettings.client](./kibana-plugin-core-server.iuisettingsclient.md) - uiSettings client which uses the credentials of the incoming request
+Provides the following clients and services: - [savedObjects.client](./kibana-plugin-core-server.savedobjectsclient.md) - Saved Objects client which uses the credentials of the incoming request - [savedObjects.typeRegistry](./kibana-plugin-core-server.isavedobjecttyperegistry.md) - Type registry containing all the registered types. - [elasticsearch.client](./kibana-plugin-core-server.iscopedclusterclient.md) - Elasticsearch data client which uses the credentials of the incoming request - [elasticsearch.legacy.client](./kibana-plugin-core-server.legacyscopedclusterclient.md) - The legacy Elasticsearch data client which uses the credentials of the incoming request - [uiSettings.client](./kibana-plugin-core-server.iuisettingsclient.md) - uiSettings client which uses the credentials of the incoming request - [uiSettings.auditor](./kibana-plugin-core-server.auditor.md) - AuditTrail client scoped to the incoming request
 
 <b>Signature:</b>
 
@@ -18,5 +18,5 @@ export interface RequestHandlerContext
 
 |  Property | Type | Description |
 |  --- | --- | --- |
-|  [core](./kibana-plugin-core-server.requesthandlercontext.core.md) | <code>{</code><br/><code>        savedObjects: {</code><br/><code>            client: SavedObjectsClientContract;</code><br/><code>            typeRegistry: ISavedObjectTypeRegistry;</code><br/><code>        };</code><br/><code>        elasticsearch: {</code><br/><code>            legacy: {</code><br/><code>                client: ILegacyScopedClusterClient;</code><br/><code>            };</code><br/><code>        };</code><br/><code>        uiSettings: {</code><br/><code>            client: IUiSettingsClient;</code><br/><code>        };</code><br/><code>        auditor: Auditor;</code><br/><code>    }</code> |  |
+|  [core](./kibana-plugin-core-server.requesthandlercontext.core.md) | <code>{</code><br/><code>        savedObjects: {</code><br/><code>            client: SavedObjectsClientContract;</code><br/><code>            typeRegistry: ISavedObjectTypeRegistry;</code><br/><code>        };</code><br/><code>        elasticsearch: {</code><br/><code>            client: IScopedClusterClient;</code><br/><code>            legacy: {</code><br/><code>                client: ILegacyScopedClusterClient;</code><br/><code>            };</code><br/><code>        };</code><br/><code>        uiSettings: {</code><br/><code>            client: IUiSettingsClient;</code><br/><code>        };</code><br/><code>        auditor: Auditor;</code><br/><code>    }</code> |  |
 
diff --git a/scripts/functional_tests.js b/scripts/functional_tests.js
index 3fdab481dc7500..4facbe1ffbb07e 100644
--- a/scripts/functional_tests.js
+++ b/scripts/functional_tests.js
@@ -20,7 +20,7 @@
 // eslint-disable-next-line no-restricted-syntax
 const alwaysImportedTests = [
   require.resolve('../test/functional/config.js'),
-  require.resolve('../test/plugin_functional/config.js'),
+  require.resolve('../test/plugin_functional/config.ts'),
   require.resolve('../test/ui_capabilities/newsfeed_err/config.ts'),
   require.resolve('../test/new_visualize_flow/config.js'),
 ];
diff --git a/src/core/server/elasticsearch/client/mocks.ts b/src/core/server/elasticsearch/client/mocks.ts
index c93294404b52ff..2f2ca08fee6f20 100644
--- a/src/core/server/elasticsearch/client/mocks.ts
+++ b/src/core/server/elasticsearch/client/mocks.ts
@@ -70,15 +70,14 @@ const createInternalClientMock = (): DeeplyMockedKeys<Client> => {
   return (mock as unknown) as DeeplyMockedKeys<Client>;
 };
 
-// TODO fix naming ElasticsearchClientMock
-export type ElasticSearchClientMock = DeeplyMockedKeys<ElasticsearchClient>;
+export type ElasticsearchClientMock = DeeplyMockedKeys<ElasticsearchClient>;
 
-const createClientMock = (): ElasticSearchClientMock =>
-  (createInternalClientMock() as unknown) as ElasticSearchClientMock;
+const createClientMock = (): ElasticsearchClientMock =>
+  (createInternalClientMock() as unknown) as ElasticsearchClientMock;
 
 interface ScopedClusterClientMock {
-  asInternalUser: ElasticSearchClientMock;
-  asCurrentUser: ElasticSearchClientMock;
+  asInternalUser: ElasticsearchClientMock;
+  asCurrentUser: ElasticsearchClientMock;
 }
 
 const createScopedClusterClientMock = () => {
@@ -91,7 +90,7 @@ const createScopedClusterClientMock = () => {
 };
 
 export interface ClusterClientMock {
-  asInternalUser: ElasticSearchClientMock;
+  asInternalUser: ElasticsearchClientMock;
   asScoped: jest.MockedFunction<() => ScopedClusterClientMock>;
 }
 
@@ -157,7 +156,7 @@ export const elasticsearchClientMock = {
   createClusterClient: createClusterClientMock,
   createCustomClusterClient: createCustomClusterClientMock,
   createScopedClusterClient: createScopedClusterClientMock,
-  createElasticSearchClient: createClientMock,
+  createElasticsearchClient: createClientMock,
   createInternalClient: createInternalClientMock,
   createSuccessTransportRequestPromise,
   createErrorTransportRequestPromise,
diff --git a/src/core/server/elasticsearch/client/retry_call_cluster.test.ts b/src/core/server/elasticsearch/client/retry_call_cluster.test.ts
index 3aa47e8b40e24e..c9366c575ba743 100644
--- a/src/core/server/elasticsearch/client/retry_call_cluster.test.ts
+++ b/src/core/server/elasticsearch/client/retry_call_cluster.test.ts
@@ -27,10 +27,10 @@ const createErrorReturn = (err: any) =>
   elasticsearchClientMock.createErrorTransportRequestPromise(err);
 
 describe('retryCallCluster', () => {
-  let client: ReturnType<typeof elasticsearchClientMock.createElasticSearchClient>;
+  let client: ReturnType<typeof elasticsearchClientMock.createElasticsearchClient>;
 
   beforeEach(() => {
-    client = elasticsearchClientMock.createElasticSearchClient();
+    client = elasticsearchClientMock.createElasticsearchClient();
   });
 
   it('returns response from ES API call in case of success', async () => {
@@ -91,11 +91,11 @@ describe('retryCallCluster', () => {
 });
 
 describe('migrationRetryCallCluster', () => {
-  let client: ReturnType<typeof elasticsearchClientMock.createElasticSearchClient>;
+  let client: ReturnType<typeof elasticsearchClientMock.createElasticsearchClient>;
   let logger: ReturnType<typeof loggingSystemMock.createLogger>;
 
   beforeEach(() => {
-    client = elasticsearchClientMock.createElasticSearchClient();
+    client = elasticsearchClientMock.createElasticsearchClient();
     logger = loggingSystemMock.createLogger();
   });
 
diff --git a/src/core/server/elasticsearch/client/scoped_cluster_client.test.ts b/src/core/server/elasticsearch/client/scoped_cluster_client.test.ts
index 78ca8fcbd3c073..4288c6bf6421d7 100644
--- a/src/core/server/elasticsearch/client/scoped_cluster_client.test.ts
+++ b/src/core/server/elasticsearch/client/scoped_cluster_client.test.ts
@@ -22,8 +22,8 @@ import { ScopedClusterClient } from './scoped_cluster_client';
 
 describe('ScopedClusterClient', () => {
   it('uses the internal client passed in the constructor', () => {
-    const internalClient = elasticsearchClientMock.createElasticSearchClient();
-    const scopedClient = elasticsearchClientMock.createElasticSearchClient();
+    const internalClient = elasticsearchClientMock.createElasticsearchClient();
+    const scopedClient = elasticsearchClientMock.createElasticsearchClient();
 
     const scopedClusterClient = new ScopedClusterClient(internalClient, scopedClient);
 
@@ -31,8 +31,8 @@ describe('ScopedClusterClient', () => {
   });
 
   it('uses the scoped client passed in the constructor', () => {
-    const internalClient = elasticsearchClientMock.createElasticSearchClient();
-    const scopedClient = elasticsearchClientMock.createElasticSearchClient();
+    const internalClient = elasticsearchClientMock.createElasticsearchClient();
+    const scopedClient = elasticsearchClientMock.createElasticsearchClient();
 
     const scopedClusterClient = new ScopedClusterClient(internalClient, scopedClient);
 
diff --git a/src/core/server/elasticsearch/client/scoped_cluster_client.ts b/src/core/server/elasticsearch/client/scoped_cluster_client.ts
index 1af7948a65e168..05ab67073f9e16 100644
--- a/src/core/server/elasticsearch/client/scoped_cluster_client.ts
+++ b/src/core/server/elasticsearch/client/scoped_cluster_client.ts
@@ -20,7 +20,7 @@
 import { ElasticsearchClient } from './types';
 
 /**
- * Serves the same purpose as the normal {@link ClusterClient | cluster client} but exposes
+ * Serves the same purpose as the normal {@link IClusterClient | cluster client} but exposes
  * an additional `asCurrentUser` method that doesn't use credentials of the Kibana internal
  * user (as `asInternalUser` does) to request Elasticsearch API, but rather passes HTTP headers
  * extracted from the current user request to the API instead.
diff --git a/src/core/server/elasticsearch/elasticsearch_service.mock.ts b/src/core/server/elasticsearch/elasticsearch_service.mock.ts
index b97f6df6b0afcf..501ab619316c22 100644
--- a/src/core/server/elasticsearch/elasticsearch_service.mock.ts
+++ b/src/core/server/elasticsearch/elasticsearch_service.mock.ts
@@ -24,6 +24,7 @@ import {
   ClusterClientMock,
   CustomClusterClientMock,
 } from './client/mocks';
+import { ElasticsearchClientConfig } from './client';
 import { legacyClientMock } from './legacy/mocks';
 import { ElasticsearchConfig } from './elasticsearch_config';
 import { ElasticsearchService } from './elasticsearch_service';
@@ -38,12 +39,12 @@ interface MockedElasticSearchServiceSetup {
   };
 }
 
-type MockedElasticSearchServiceStart = MockedElasticSearchServiceSetup;
-
-interface MockedInternalElasticSearchServiceStart extends MockedElasticSearchServiceStart {
+type MockedElasticSearchServiceStart = MockedElasticSearchServiceSetup & {
   client: ClusterClientMock;
-  createClient: jest.MockedFunction<() => CustomClusterClientMock>;
-}
+  createClient: jest.MockedFunction<
+    (name: string, config?: Partial<ElasticsearchClientConfig>) => CustomClusterClientMock
+  >;
+};
 
 const createSetupContractMock = () => {
   const setupContract: MockedElasticSearchServiceSetup = {
@@ -61,6 +62,8 @@ const createSetupContractMock = () => {
 
 const createStartContractMock = () => {
   const startContract: MockedElasticSearchServiceStart = {
+    client: elasticsearchClientMock.createClusterClient(),
+    createClient: jest.fn(),
     legacy: {
       createClient: jest.fn(),
       client: legacyClientMock.createClusterClient(),
@@ -70,20 +73,13 @@ const createStartContractMock = () => {
   startContract.legacy.client.asScoped.mockReturnValue(
     legacyClientMock.createScopedClusterClient()
   );
+  startContract.createClient.mockImplementation(() =>
+    elasticsearchClientMock.createCustomClusterClient()
+  );
   return startContract;
 };
 
-const createInternalStartContractMock = () => {
-  const startContract: MockedInternalElasticSearchServiceStart = {
-    ...createStartContractMock(),
-    client: elasticsearchClientMock.createClusterClient(),
-    createClient: jest.fn(),
-  };
-
-  startContract.createClient.mockReturnValue(elasticsearchClientMock.createCustomClusterClient());
-
-  return startContract;
-};
+const createInternalStartContractMock = createStartContractMock;
 
 type MockedInternalElasticSearchServiceSetup = jest.Mocked<
   InternalElasticsearchServiceSetup & {
@@ -136,4 +132,6 @@ export const elasticsearchServiceMock = {
   createLegacyCustomClusterClient: legacyClientMock.createCustomClusterClient,
   createLegacyScopedClusterClient: legacyClientMock.createScopedClusterClient,
   createLegacyElasticsearchClient: legacyClientMock.createElasticsearchClient,
+
+  ...elasticsearchClientMock,
 };
diff --git a/src/core/server/elasticsearch/legacy/api_types.ts b/src/core/server/elasticsearch/legacy/api_types.ts
index b9699ab290e3fc..896a58e085d49b 100644
--- a/src/core/server/elasticsearch/legacy/api_types.ts
+++ b/src/core/server/elasticsearch/legacy/api_types.ts
@@ -150,6 +150,7 @@ import {
  * processed.
  *
  * @public
+ * @deprecated
  */
 export interface LegacyCallAPIOptions {
   /**
@@ -165,7 +166,10 @@ export interface LegacyCallAPIOptions {
   signal?: AbortSignal;
 }
 
-/** @public */
+/**
+ * @deprecated
+ * @public
+ * */
 export interface LegacyAPICaller {
   /* eslint-disable */
   (endpoint: 'bulk', params: BulkIndexDocumentsParams, options?: LegacyCallAPIOptions): ReturnType<Client['bulk']>;
@@ -317,18 +321,30 @@ export interface LegacyAPICaller {
   /* eslint-enable */
 }
 
-/** @public */
+/**
+ * @deprecated
+ * @public
+ * */
 export interface AssistantAPIClientParams extends GenericParams {
   path: '/_migration/assistance';
   method: 'GET';
 }
 
-/** @public */
+/**
+ * @deprecated
+ * @public
+ * */
 export type MIGRATION_ASSISTANCE_INDEX_ACTION = 'upgrade' | 'reindex';
-/** @public */
+/**
+ * @deprecated
+ * @public
+ * */
 export type MIGRATION_DEPRECATION_LEVEL = 'none' | 'info' | 'warning' | 'critical';
 
-/** @public */
+/**
+ * @deprecated
+ * @public
+ * */
 export interface AssistanceAPIResponse {
   indices: {
     [indexName: string]: {
@@ -337,13 +353,19 @@ export interface AssistanceAPIResponse {
   };
 }
 
-/** @public */
+/**
+ * @deprecated
+ * @public
+ * */
 export interface DeprecationAPIClientParams extends GenericParams {
   path: '/_migration/deprecations';
   method: 'GET';
 }
 
-/** @public */
+/**
+ * @deprecated
+ * @public
+ * */
 export interface DeprecationInfo {
   level: MIGRATION_DEPRECATION_LEVEL;
   message: string;
@@ -351,12 +373,18 @@ export interface DeprecationInfo {
   details?: string;
 }
 
-/** @public */
+/**
+ * @deprecated
+ * @public
+ * */
 export interface IndexSettingsDeprecationInfo {
   [indexName: string]: DeprecationInfo[];
 }
 
-/** @public */
+/**
+ * @deprecated
+ * @public
+ * */
 export interface DeprecationAPIResponse {
   cluster_settings: DeprecationInfo[];
   ml_settings: DeprecationInfo[];
diff --git a/src/core/server/elasticsearch/legacy/cluster_client.ts b/src/core/server/elasticsearch/legacy/cluster_client.ts
index 7a39113d25a14d..f8b2d39a4251c0 100644
--- a/src/core/server/elasticsearch/legacy/cluster_client.ts
+++ b/src/core/server/elasticsearch/legacy/cluster_client.ts
@@ -88,6 +88,7 @@ const callAPI = async (
  *
  * See {@link LegacyClusterClient}.
  *
+ * @deprecated Use {@link IClusterClient}.
  * @public
  */
 export type ILegacyClusterClient = Pick<LegacyClusterClient, 'callAsInternalUser' | 'asScoped'>;
@@ -98,7 +99,7 @@ export type ILegacyClusterClient = Pick<LegacyClusterClient, 'callAsInternalUser
  * the actual user that is derived from the request headers (via `asScoped(...)`).
  *
  * See {@link LegacyClusterClient}.
- *
+ * @deprecated Use {@link ICustomClusterClient}.
  * @public
  */
 export type ILegacyCustomClusterClient = Pick<
@@ -108,6 +109,7 @@ export type ILegacyCustomClusterClient = Pick<
 
 /**
  * {@inheritDoc IClusterClient}
+ * @deprecated Use {@link IClusterClient}.
  * @public
  */
 export class LegacyClusterClient implements ILegacyClusterClient {
diff --git a/src/core/server/elasticsearch/legacy/elasticsearch_client_config.ts b/src/core/server/elasticsearch/legacy/elasticsearch_client_config.ts
index 260a60ac74f118..3dbc1c2c647a99 100644
--- a/src/core/server/elasticsearch/legacy/elasticsearch_client_config.ts
+++ b/src/core/server/elasticsearch/legacy/elasticsearch_client_config.ts
@@ -31,6 +31,7 @@ import { ElasticsearchConfig } from '../elasticsearch_config';
  * not only entries from standard `elasticsearch.*` yaml config, but also some Elasticsearch JS
  * client specific options like `keepAlive` or `plugins` (that eventually will be deprecated).
  *
+ * @deprecated
  * @public
  */
 export type LegacyElasticsearchClientConfig = Pick<ConfigOptions, 'keepAlive' | 'log' | 'plugins'> &
diff --git a/src/core/server/elasticsearch/legacy/errors.ts b/src/core/server/elasticsearch/legacy/errors.ts
index 3b3b8da51a9075..de4d2739977bb7 100644
--- a/src/core/server/elasticsearch/legacy/errors.ts
+++ b/src/core/server/elasticsearch/legacy/errors.ts
@@ -26,7 +26,10 @@ enum ErrorCode {
   NOT_AUTHORIZED = 'Elasticsearch/notAuthorized',
 }
 
-/** @public */
+/**
+ * @deprecated. The new elasticsearch client doesn't wrap errors anymore.
+ * @public
+ * */
 export interface LegacyElasticsearchError extends Boom {
   [code]?: string;
 }
diff --git a/src/core/server/elasticsearch/legacy/scoped_cluster_client.ts b/src/core/server/elasticsearch/legacy/scoped_cluster_client.ts
index 9edb73645f0e2c..aee7a1daa81668 100644
--- a/src/core/server/elasticsearch/legacy/scoped_cluster_client.ts
+++ b/src/core/server/elasticsearch/legacy/scoped_cluster_client.ts
@@ -30,6 +30,7 @@ import { LegacyAPICaller, LegacyCallAPIOptions } from './api_types';
  *
  * See {@link LegacyScopedClusterClient}.
  *
+ * @deprecated Use {@link IScopedClusterClient}.
  * @public
  */
 export type ILegacyScopedClusterClient = Pick<
@@ -39,6 +40,7 @@ export type ILegacyScopedClusterClient = Pick<
 
 /**
  * {@inheritDoc IScopedClusterClient}
+ * @deprecated Use {@link IScopedClusterClient | scoped cluster client}.
  * @public
  */
 export class LegacyScopedClusterClient implements ILegacyScopedClusterClient {
diff --git a/src/core/server/elasticsearch/types.ts b/src/core/server/elasticsearch/types.ts
index 40399aecbc4466..88094af8047e7c 100644
--- a/src/core/server/elasticsearch/types.ts
+++ b/src/core/server/elasticsearch/types.ts
@@ -95,6 +95,37 @@ export interface InternalElasticsearchServiceSetup {
  * @public
  */
 export interface ElasticsearchServiceStart {
+  /**
+   * A pre-configured {@link IClusterClient | Elasticsearch client}
+   *
+   * @example
+   * ```js
+   * const client = core.elasticsearch.client;
+   * ```
+   */
+  readonly client: IClusterClient;
+  /**
+   * Create application specific Elasticsearch cluster API client with customized config. See {@link IClusterClient}.
+   *
+   * @param type Unique identifier of the client
+   * @param clientConfig A config consists of Elasticsearch JS client options and
+   * valid sub-set of Elasticsearch service config.
+   * We fill all the missing properties in the `clientConfig` using the default
+   * Elasticsearch config so that we don't depend on default values set and
+   * controlled by underlying Elasticsearch JS client.
+   * We don't run validation against the passed config and expect it to be valid.
+   *
+   * @example
+   * ```js
+   * const client = elasticsearch.createClient('my-app-name', config);
+   * const data = await client.asInternalUser.search();
+   * ```
+   */
+  readonly createClient: (
+    type: string,
+    clientConfig?: Partial<ElasticsearchClientConfig>
+  ) => ICustomClusterClient;
+
   /**
    * @deprecated
    * Provided for the backward compatibility.
@@ -138,38 +169,7 @@ export interface ElasticsearchServiceStart {
 /**
  * @internal
  */
-export interface InternalElasticsearchServiceStart extends ElasticsearchServiceStart {
-  /**
-   * A pre-configured {@link IClusterClient | Elasticsearch client}
-   *
-   * @example
-   * ```js
-   * const client = core.elasticsearch.client;
-   * ```
-   */
-  readonly client: IClusterClient;
-  /**
-   * Create application specific Elasticsearch cluster API client with customized config. See {@link IClusterClient}.
-   *
-   * @param type Unique identifier of the client
-   * @param clientConfig A config consists of Elasticsearch JS client options and
-   * valid sub-set of Elasticsearch service config.
-   * We fill all the missing properties in the `clientConfig` using the default
-   * Elasticsearch config so that we don't depend on default values set and
-   * controlled by underlying Elasticsearch JS client.
-   * We don't run validation against the passed config and expect it to be valid.
-   *
-   * @example
-   * ```js
-   * const client = elasticsearch.createClient('my-app-name', config);
-   * const data = await client.asInternalUser().search();
-   * ```
-   */
-  readonly createClient: (
-    type: string,
-    clientConfig?: Partial<ElasticsearchClientConfig>
-  ) => ICustomClusterClient;
-}
+export type InternalElasticsearchServiceStart = ElasticsearchServiceStart;
 
 /** @public */
 export interface ElasticsearchStatusMeta {
diff --git a/src/core/server/http/types.ts b/src/core/server/http/types.ts
index 3df098a1df00d6..4345783e46e110 100644
--- a/src/core/server/http/types.ts
+++ b/src/core/server/http/types.ts
@@ -250,7 +250,7 @@ export interface HttpServiceSetup {
    *    'myApp',
    *    (context, req) => {
    *     async function search (id: string) {
-   *       return await context.elasticsearch.legacy.client.callAsInternalUser('endpoint', id);
+   *       return await context.elasticsearch.client.asCurrentUser.find(id);
    *     }
    *     return { search };
    *    }
diff --git a/src/core/server/index.ts b/src/core/server/index.ts
index f46b41d6b87938..382318ea86a343 100644
--- a/src/core/server/index.ts
+++ b/src/core/server/index.ts
@@ -44,6 +44,7 @@ import {
   ILegacyScopedClusterClient,
   configSchema as elasticsearchConfigSchema,
   ElasticsearchServiceStart,
+  IScopedClusterClient,
 } from './elasticsearch';
 
 import { HttpServiceSetup, HttpServiceStart } from './http';
@@ -110,6 +111,10 @@ export {
   FakeRequest,
   ScopeableRequest,
   ElasticsearchClient,
+  IClusterClient,
+  ICustomClusterClient,
+  ElasticsearchClientConfig,
+  IScopedClusterClient,
   SearchResponse,
   CountResponse,
   ShardsInfo,
@@ -367,10 +372,13 @@ export {
  *      which uses the credentials of the incoming request
  *    - {@link ISavedObjectTypeRegistry | savedObjects.typeRegistry} - Type registry containing
  *      all the registered types.
- *    - {@link LegacyScopedClusterClient | elasticsearch.legacy.client} - Elasticsearch
+ *    - {@link IScopedClusterClient | elasticsearch.client} - Elasticsearch
+ *      data client which uses the credentials of the incoming request
+ *    - {@link LegacyScopedClusterClient | elasticsearch.legacy.client} - The legacy Elasticsearch
  *      data client which uses the credentials of the incoming request
  *    - {@link IUiSettingsClient | uiSettings.client} - uiSettings client
  *      which uses the credentials of the incoming request
+ *    - {@link Auditor | uiSettings.auditor} - AuditTrail client scoped to the incoming request
  *
  * @public
  */
@@ -381,6 +389,7 @@ export interface RequestHandlerContext {
       typeRegistry: ISavedObjectTypeRegistry;
     };
     elasticsearch: {
+      client: IScopedClusterClient;
       legacy: {
         client: ILegacyScopedClusterClient;
       };
diff --git a/src/core/server/mocks.ts b/src/core/server/mocks.ts
index 84e4b4741b717c..bf9dcc4abe01c1 100644
--- a/src/core/server/mocks.ts
+++ b/src/core/server/mocks.ts
@@ -193,6 +193,7 @@ function createCoreRequestHandlerContextMock() {
       typeRegistry: savedObjectsTypeRegistryMock.create(),
     },
     elasticsearch: {
+      client: elasticsearchServiceMock.createScopedClusterClient(),
       legacy: {
         client: elasticsearchServiceMock.createLegacyScopedClusterClient(),
       },
diff --git a/src/core/server/plugins/plugin_context.ts b/src/core/server/plugins/plugin_context.ts
index c17b8df8bb52c0..5235f3ee6d580d 100644
--- a/src/core/server/plugins/plugin_context.ts
+++ b/src/core/server/plugins/plugin_context.ts
@@ -212,6 +212,8 @@ export function createPluginStartContext<TPlugin, TPluginDependencies>(
       resolveCapabilities: deps.capabilities.resolveCapabilities,
     },
     elasticsearch: {
+      client: deps.elasticsearch.client,
+      createClient: deps.elasticsearch.createClient,
       legacy: deps.elasticsearch.legacy,
     },
     http: {
diff --git a/src/core/server/saved_objects/migrations/core/elastic_index.test.ts b/src/core/server/saved_objects/migrations/core/elastic_index.test.ts
index fb8fb4ef950811..0b3ad1b6e3cc89 100644
--- a/src/core/server/saved_objects/migrations/core/elastic_index.test.ts
+++ b/src/core/server/saved_objects/migrations/core/elastic_index.test.ts
@@ -22,10 +22,10 @@ import { elasticsearchClientMock } from '../../../elasticsearch/client/mocks';
 import * as Index from './elastic_index';
 
 describe('ElasticIndex', () => {
-  let client: ReturnType<typeof elasticsearchClientMock.createElasticSearchClient>;
+  let client: ReturnType<typeof elasticsearchClientMock.createElasticsearchClient>;
 
   beforeEach(() => {
-    client = elasticsearchClientMock.createElasticSearchClient();
+    client = elasticsearchClientMock.createElasticsearchClient();
   });
   describe('fetchInfo', () => {
     test('it handles 404', async () => {
diff --git a/src/core/server/saved_objects/migrations/core/index_migrator.test.ts b/src/core/server/saved_objects/migrations/core/index_migrator.test.ts
index 78601d033f8d8b..b0669774207dd9 100644
--- a/src/core/server/saved_objects/migrations/core/index_migrator.test.ts
+++ b/src/core/server/saved_objects/migrations/core/index_migrator.test.ts
@@ -27,13 +27,13 @@ import { loggingSystemMock } from '../../../logging/logging_system.mock';
 
 describe('IndexMigrator', () => {
   let testOpts: jest.Mocked<MigrationOpts> & {
-    client: ReturnType<typeof elasticsearchClientMock.createElasticSearchClient>;
+    client: ReturnType<typeof elasticsearchClientMock.createElasticsearchClient>;
   };
 
   beforeEach(() => {
     testOpts = {
       batchSize: 10,
-      client: elasticsearchClientMock.createElasticSearchClient(),
+      client: elasticsearchClientMock.createElasticsearchClient(),
       index: '.kibana',
       log: loggingSystemMock.create().get(),
       mappingProperties: {},
@@ -366,7 +366,7 @@ describe('IndexMigrator', () => {
 });
 
 function withIndex(
-  client: ReturnType<typeof elasticsearchClientMock.createElasticSearchClient>,
+  client: ReturnType<typeof elasticsearchClientMock.createElasticsearchClient>,
   opts: any = {}
 ) {
   const defaultIndex = {
diff --git a/src/core/server/saved_objects/migrations/core/migration_es_client.test.ts b/src/core/server/saved_objects/migrations/core/migration_es_client.test.ts
index 40c06677c4a5a5..a6da62095060cd 100644
--- a/src/core/server/saved_objects/migrations/core/migration_es_client.test.ts
+++ b/src/core/server/saved_objects/migrations/core/migration_es_client.test.ts
@@ -24,11 +24,11 @@ import { loggerMock } from '../../../logging/logger.mock';
 import { SavedObjectsErrorHelpers } from '../../service/lib/errors';
 
 describe('MigrationEsClient', () => {
-  let client: ReturnType<typeof elasticsearchClientMock.createElasticSearchClient>;
+  let client: ReturnType<typeof elasticsearchClientMock.createElasticsearchClient>;
   let migrationEsClient: MigrationEsClient;
 
   beforeEach(() => {
-    client = elasticsearchClientMock.createElasticSearchClient();
+    client = elasticsearchClientMock.createElasticsearchClient();
     migrationEsClient = createMigrationEsClient(client, loggerMock.create());
     migrationRetryCallClusterMock.mockClear();
   });
diff --git a/src/core/server/saved_objects/migrations/kibana/kibana_migrator.test.ts b/src/core/server/saved_objects/migrations/kibana/kibana_migrator.test.ts
index c3ed97a89af800..cc443093e30a34 100644
--- a/src/core/server/saved_objects/migrations/kibana/kibana_migrator.test.ts
+++ b/src/core/server/saved_objects/migrations/kibana/kibana_migrator.test.ts
@@ -127,7 +127,7 @@ describe('KibanaMigrator', () => {
 });
 
 type MockedOptions = KibanaMigratorOptions & {
-  client: ReturnType<typeof elasticsearchClientMock.createElasticSearchClient>;
+  client: ReturnType<typeof elasticsearchClientMock.createElasticsearchClient>;
 };
 
 const mockOptions = () => {
@@ -170,7 +170,7 @@ const mockOptions = () => {
       scrollDuration: '10m',
       skip: false,
     },
-    client: elasticsearchClientMock.createElasticSearchClient(),
+    client: elasticsearchClientMock.createElasticsearchClient(),
   };
   return options;
 };
diff --git a/src/core/server/saved_objects/service/lib/repository.test.js b/src/core/server/saved_objects/service/lib/repository.test.js
index b902179b012ff2..4a9fceb9bf3578 100644
--- a/src/core/server/saved_objects/service/lib/repository.test.js
+++ b/src/core/server/saved_objects/service/lib/repository.test.js
@@ -201,7 +201,7 @@ describe('SavedObjectsRepository', () => {
   };
 
   beforeEach(() => {
-    client = elasticsearchClientMock.createElasticSearchClient();
+    client = elasticsearchClientMock.createElasticsearchClient();
     migrator = {
       migrateDocument: jest.fn().mockImplementation(documentMigrator.migrate),
       runMigrations: async () => ({ status: 'skipped' }),
diff --git a/src/core/server/saved_objects/service/lib/repository_es_client.test.ts b/src/core/server/saved_objects/service/lib/repository_es_client.test.ts
index 86a984fb671246..61df94fb6bfe2e 100644
--- a/src/core/server/saved_objects/service/lib/repository_es_client.test.ts
+++ b/src/core/server/saved_objects/service/lib/repository_es_client.test.ts
@@ -23,11 +23,11 @@ import { elasticsearchClientMock } from '../../../elasticsearch/client/mocks';
 import { SavedObjectsErrorHelpers } from './errors';
 
 describe('RepositoryEsClient', () => {
-  let client: ReturnType<typeof elasticsearchClientMock.createElasticSearchClient>;
+  let client: ReturnType<typeof elasticsearchClientMock.createElasticsearchClient>;
   let repositoryClient: RepositoryEsClient;
 
   beforeEach(() => {
-    client = elasticsearchClientMock.createElasticSearchClient();
+    client = elasticsearchClientMock.createElasticsearchClient();
     repositoryClient = createRepositoryEsClient(client);
     retryCallClusterMock.mockClear();
   });
diff --git a/src/core/server/server.api.md b/src/core/server/server.api.md
index c94151f8cee179..c1054c27d084e4 100644
--- a/src/core/server/server.api.md
+++ b/src/core/server/server.api.md
@@ -158,7 +158,7 @@ export type AppenderConfigType = TypeOf<typeof appendersSchema>;
 // @public
 export function assertNever(x: never): never;
 
-// @public (undocumented)
+// @public @deprecated (undocumented)
 export interface AssistanceAPIResponse {
     // (undocumented)
     indices: {
@@ -168,7 +168,7 @@ export interface AssistanceAPIResponse {
     };
 }
 
-// @public (undocumented)
+// @public @deprecated (undocumented)
 export interface AssistantAPIClientParams extends GenericParams {
     // (undocumented)
     method: 'GET';
@@ -622,7 +622,7 @@ export interface DeleteDocumentResponse {
     _version: number;
 }
 
-// @public (undocumented)
+// @public @deprecated (undocumented)
 export interface DeprecationAPIClientParams extends GenericParams {
     // (undocumented)
     method: 'GET';
@@ -630,7 +630,7 @@ export interface DeprecationAPIClientParams extends GenericParams {
     path: '/_migration/deprecations';
 }
 
-// @public (undocumented)
+// @public @deprecated (undocumented)
 export interface DeprecationAPIResponse {
     // (undocumented)
     cluster_settings: DeprecationInfo[];
@@ -642,7 +642,7 @@ export interface DeprecationAPIResponse {
     node_settings: DeprecationInfo[];
 }
 
-// @public (undocumented)
+// @public @deprecated (undocumented)
 export interface DeprecationInfo {
     // (undocumented)
     details?: string;
@@ -679,6 +679,14 @@ export type ElasticsearchClient = Omit<KibanaClient, 'connectionPool' | 'transpo
     };
 };
 
+// @public
+export type ElasticsearchClientConfig = Pick<ElasticsearchConfig, 'customHeaders' | 'logQueries' | 'sniffOnStart' | 'sniffOnConnectionFault' | 'requestHeadersWhitelist' | 'sniffInterval' | 'hosts' | 'username' | 'password'> & {
+    pingTimeout?: ElasticsearchConfig['pingTimeout'] | ClientOptions['pingTimeout'];
+    requestTimeout?: ElasticsearchConfig['requestTimeout'] | ClientOptions['requestTimeout'];
+    ssl?: Partial<ElasticsearchConfig['ssl']>;
+    keepAlive?: boolean;
+};
+
 // @public
 export class ElasticsearchConfig {
     constructor(rawConfig: ElasticsearchConfigType);
@@ -715,6 +723,8 @@ export interface ElasticsearchServiceSetup {
 
 // @public (undocumented)
 export interface ElasticsearchServiceStart {
+    readonly client: IClusterClient;
+    readonly createClient: (type: string, clientConfig?: Partial<ElasticsearchClientConfig>) => ICustomClusterClient;
     // @deprecated (undocumented)
     legacy: {
         readonly createClient: (type: string, clientConfig?: Partial<LegacyElasticsearchClientConfig>) => ILegacyCustomClusterClient;
@@ -895,6 +905,12 @@ export interface HttpServiceStart {
 // @public
 export type IBasePath = Pick<BasePath, keyof BasePath>;
 
+// @public
+export interface IClusterClient {
+    readonly asInternalUser: ElasticsearchClient;
+    asScoped: (request: ScopeableRequest) => IScopedClusterClient;
+}
+
 // @public
 export interface IContextContainer<THandler extends HandlerFunction<any>> {
     createHandler(pluginOpaqueId: PluginOpaqueId, handler: THandler): (...rest: HandlerParameters<THandler>) => ShallowPromise<ReturnType<THandler>>;
@@ -914,6 +930,11 @@ export interface ICspConfig {
     readonly warnLegacyBrowsers: boolean;
 }
 
+// @public
+export interface ICustomClusterClient extends IClusterClient {
+    close: () => Promise<void>;
+}
+
 // @public
 export interface IKibanaResponse<T extends HttpResponsePayload | ResponseError = any> {
     // (undocumented)
@@ -935,13 +956,13 @@ export interface IKibanaSocket {
     getPeerCertificate(detailed?: boolean): PeerCertificate | DetailedPeerCertificate | null;
 }
 
-// @public
+// @public @deprecated
 export type ILegacyClusterClient = Pick<LegacyClusterClient, 'callAsInternalUser' | 'asScoped'>;
 
-// @public
+// @public @deprecated
 export type ILegacyCustomClusterClient = Pick<LegacyClusterClient, 'callAsInternalUser' | 'close' | 'asScoped'>;
 
-// @public
+// @public @deprecated
 export type ILegacyScopedClusterClient = Pick<LegacyScopedClusterClient, 'callAsCurrentUser' | 'callAsInternalUser'>;
 
 // @public (undocumented)
@@ -956,7 +977,7 @@ export interface ImageValidation {
 // @public
 export function importSavedObjectsFromStream({ readStream, objectLimit, overwrite, savedObjectsClient, supportedTypes, namespace, }: SavedObjectsImportOptions): Promise<SavedObjectsImportResponse>;
 
-// @public (undocumented)
+// @public @deprecated (undocumented)
 export interface IndexSettingsDeprecationInfo {
     // (undocumented)
     [indexName: string]: DeprecationInfo[];
@@ -997,6 +1018,12 @@ export type ISavedObjectsRepository = Pick<SavedObjectsRepository, keyof SavedOb
 // @public
 export type ISavedObjectTypeRegistry = Omit<SavedObjectTypeRegistry, 'registerType'>;
 
+// @public
+export interface IScopedClusterClient {
+    readonly asCurrentUser: ElasticsearchClient;
+    readonly asInternalUser: ElasticsearchClient;
+}
+
 // @public
 export function isRelativeUrl(candidatePath: string): boolean;
 
@@ -1086,7 +1113,7 @@ export const kibanaResponseFactory: {
 // @public
 export type KnownHeaders = KnownKeys<IncomingHttpHeaders>;
 
-// @public (undocumented)
+// @public @deprecated (undocumented)
 export interface LegacyAPICaller {
     // (undocumented)
     (endpoint: 'bulk', params: BulkIndexDocumentsParams, options?: LegacyCallAPIOptions): ReturnType<Client['bulk']>;
@@ -1330,15 +1357,13 @@ export interface LegacyAPICaller {
     <T = any>(endpoint: string, clientParams?: Record<string, any>, options?: LegacyCallAPIOptions): Promise<T>;
 }
 
-// @public
+// @public @deprecated
 export interface LegacyCallAPIOptions {
     signal?: AbortSignal;
     wrap401Errors?: boolean;
 }
 
-// Warning: (ae-unresolved-inheritdoc-reference) The @inheritDoc reference could not be resolved: The package "kibana" does not have an export "IClusterClient"
-//
-// @public (undocumented)
+// @public @deprecated
 export class LegacyClusterClient implements ILegacyClusterClient {
     constructor(config: LegacyElasticsearchClientConfig, log: Logger, getAuditorFactory: () => AuditorFactory, getAuthHeaders?: GetAuthHeaders);
     asScoped(request?: ScopeableRequest): ILegacyScopedClusterClient;
@@ -1360,7 +1385,7 @@ export interface LegacyConfig {
     set(config: LegacyVars): void;
 }
 
-// @public (undocumented)
+// @public @deprecated (undocumented)
 export type LegacyElasticsearchClientConfig = Pick<ConfigOptions, 'keepAlive' | 'log' | 'plugins'> & Pick<ElasticsearchConfig, 'apiVersion' | 'customHeaders' | 'logQueries' | 'requestHeadersWhitelist' | 'sniffOnStart' | 'sniffOnConnectionFault' | 'hosts' | 'username' | 'password'> & {
     pingTimeout?: ElasticsearchConfig['pingTimeout'] | ConfigOptions['pingTimeout'];
     requestTimeout?: ElasticsearchConfig['requestTimeout'] | ConfigOptions['requestTimeout'];
@@ -1368,7 +1393,7 @@ export type LegacyElasticsearchClientConfig = Pick<ConfigOptions, 'keepAlive' |
     ssl?: Partial<ElasticsearchConfig['ssl']>;
 };
 
-// @public (undocumented)
+// @public
 export interface LegacyElasticsearchError extends Boom {
     // (undocumented)
     [code]?: string;
@@ -1401,9 +1426,7 @@ export class LegacyInternals implements ILegacyInternals {
 export interface LegacyRequest extends Request {
 }
 
-// Warning: (ae-unresolved-inheritdoc-reference) The @inheritDoc reference could not be resolved: The package "kibana" does not have an export "IScopedClusterClient"
-//
-// @public (undocumented)
+// @public @deprecated
 export class LegacyScopedClusterClient implements ILegacyScopedClusterClient {
     constructor(internalAPICaller: LegacyAPICaller, scopedAPICaller: LegacyAPICaller, headers?: Headers | undefined, auditor?: Auditor | undefined);
     callAsCurrentUser(endpoint: string, clientParams?: Record<string, any>, options?: LegacyCallAPIOptions): Promise<any>;
@@ -1559,10 +1582,10 @@ export interface LogRecord {
 export interface MetricsServiceSetup {
 }
 
-// @public (undocumented)
+// @public @deprecated (undocumented)
 export type MIGRATION_ASSISTANCE_INDEX_ACTION = 'upgrade' | 'reindex';
 
-// @public (undocumented)
+// @public @deprecated (undocumented)
 export type MIGRATION_DEPRECATION_LEVEL = 'none' | 'info' | 'warning' | 'critical';
 
 // @public
@@ -1812,6 +1835,7 @@ export interface RequestHandlerContext {
             typeRegistry: ISavedObjectTypeRegistry;
         };
         elasticsearch: {
+            client: IScopedClusterClient;
             legacy: {
                 client: ILegacyScopedClusterClient;
             };
diff --git a/src/core/server/server.ts b/src/core/server/server.ts
index 2dae7f8f38f23a..aff749ca975342 100644
--- a/src/core/server/server.ts
+++ b/src/core/server/server.ts
@@ -275,6 +275,7 @@ export class Server {
             typeRegistry: coreStart.savedObjects.getTypeRegistry(),
           },
           elasticsearch: {
+            client: coreStart.elasticsearch.client.asScoped(req),
             legacy: {
               client: coreStart.elasticsearch.legacy.client.asScoped(req),
             },
diff --git a/src/plugins/data/server/server.api.md b/src/plugins/data/server/server.api.md
index 7ad2f9edd33254..d35a6a5bbb9a99 100644
--- a/src/plugins/data/server/server.api.md
+++ b/src/plugins/data/server/server.api.md
@@ -22,6 +22,7 @@ import { CatTasksParams } from 'elasticsearch';
 import { CatThreadPoolParams } from 'elasticsearch';
 import { ClearScrollParams } from 'elasticsearch';
 import { Client } from 'elasticsearch';
+import { ClientOptions } from '@elastic/elasticsearch';
 import { ClusterAllocationExplainParams } from 'elasticsearch';
 import { ClusterGetSettingsParams } from 'elasticsearch';
 import { ClusterHealthParams } from 'elasticsearch';
diff --git a/tasks/config/run.js b/tasks/config/run.js
index 9ac8f72d56d4af..132b51765b3edd 100644
--- a/tasks/config/run.js
+++ b/tasks/config/run.js
@@ -210,7 +210,7 @@ module.exports = function () {
       args: [
         'scripts/functional_tests',
         '--config',
-        'test/plugin_functional/config.js',
+        'test/plugin_functional/config.ts',
         '--bail',
         '--debug',
       ],
diff --git a/test/api_integration/services/index.ts b/test/api_integration/services/index.ts
index 782ea271869ba4..d024943bef792a 100644
--- a/test/api_integration/services/index.ts
+++ b/test/api_integration/services/index.ts
@@ -19,7 +19,6 @@
 
 import { services as commonServices } from '../../common/services';
 
-// @ts-ignore not TS yet
 import { KibanaSupertestProvider, ElasticsearchSupertestProvider } from './supertest';
 
 export const services = {
diff --git a/test/plugin_functional/README.md b/test/plugin_functional/README.md
index 476c08408658c5..075d321917c395 100644
--- a/test/plugin_functional/README.md
+++ b/test/plugin_functional/README.md
@@ -17,9 +17,9 @@ To run these tests during development you can use the following commands:
 
 ```
 # Start the test server (can continue running)
-node scripts/functional_tests_server.js --config test/plugin_functional/config.js
+node scripts/functional_tests_server.js --config test/plugin_functional/config.ts
 # Start a test run
-node scripts/functional_test_runner.js --config test/plugin_functional/config.js
+node scripts/functional_test_runner.js --config test/plugin_functional/config.ts
 ```
 
 ## Run Kibana with a test plugin
@@ -42,7 +42,7 @@ If you wish to load up specific es archived data for your test, you can do so vi
 Another option, which will automatically use any specific settings the test environment may rely on, is to boot up the functional test server pointing to the plugin configuration file.
 
 ```
-node scripts/functional_tests_server --config test/plugin_functional/config.js
+node scripts/functional_tests_server --config test/plugin_functional/config.ts
 ```
 
 *Note:* you may still need to use the es_archiver script to boot up any required data.
diff --git a/test/plugin_functional/config.js b/test/plugin_functional/config.ts
similarity index 94%
rename from test/plugin_functional/config.js
rename to test/plugin_functional/config.ts
index f51fb5e1bade4c..c611300eade103 100644
--- a/test/plugin_functional/config.js
+++ b/test/plugin_functional/config.ts
@@ -16,12 +16,11 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-
+import { FtrConfigProviderContext } from '@kbn/test/types/ftr';
 import path from 'path';
 import fs from 'fs';
-import { services } from './services';
 
-export default async function ({ readConfigFile }) {
+export default async function ({ readConfigFile }: FtrConfigProviderContext) {
   const functionalConfig = await readConfigFile(require.resolve('../functional/config'));
 
   // Find all folders in ./plugins since we treat all them as plugin folder
@@ -42,7 +41,6 @@ export default async function ({ readConfigFile }) {
     ],
     services: {
       ...functionalConfig.get('services'),
-      ...services,
     },
     pageObjects: functionalConfig.get('pageObjects'),
     servers: functionalConfig.get('servers'),
diff --git a/test/plugin_functional/plugins/elasticsearch_client_plugin/kibana.json b/test/plugin_functional/plugins/elasticsearch_client_plugin/kibana.json
new file mode 100644
index 00000000000000..a7674881e8ba02
--- /dev/null
+++ b/test/plugin_functional/plugins/elasticsearch_client_plugin/kibana.json
@@ -0,0 +1,7 @@
+{
+  "id": "elasticsearch_client_plugin",
+  "version": "0.0.1",
+  "kibanaVersion": "kibana",
+  "server": true,
+  "ui": false
+}
diff --git a/test/plugin_functional/plugins/elasticsearch_client_plugin/package.json b/test/plugin_functional/plugins/elasticsearch_client_plugin/package.json
new file mode 100644
index 00000000000000..02c2955f26c863
--- /dev/null
+++ b/test/plugin_functional/plugins/elasticsearch_client_plugin/package.json
@@ -0,0 +1,15 @@
+{
+  "name": "elasticsearch_client_plugin",
+  "version": "1.0.0",
+  "kibana": {
+    "version": "kibana"
+  },
+  "license": "Apache-2.0",
+  "scripts": {
+    "kbn": "node ../../../../scripts/kbn.js",
+    "build": "rm -rf './target' && tsc"
+  },
+  "devDependencies": {
+    "typescript": "3.9.5"
+  }
+}
diff --git a/test/plugin_functional/services/supertest.ts b/test/plugin_functional/plugins/elasticsearch_client_plugin/server/index.ts
similarity index 66%
rename from test/plugin_functional/services/supertest.ts
rename to test/plugin_functional/plugins/elasticsearch_client_plugin/server/index.ts
index 6b7dc26248c061..3801e33a2cf3e6 100644
--- a/test/plugin_functional/services/supertest.ts
+++ b/test/plugin_functional/plugins/elasticsearch_client_plugin/server/index.ts
@@ -16,13 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-import { format as formatUrl } from 'url';
-import { FtrProviderContext } from 'test/functional/ftr_provider_context';
 
-import supertestAsPromised from 'supertest-as-promised';
+import { ElasticsearchClientPlugin } from './plugin';
 
-export function KibanaSupertestProvider({ getService }: FtrProviderContext) {
-  const config = getService('config');
-  const kibanaServerUrl = formatUrl(config.get('servers.kibana'));
-  return supertestAsPromised(kibanaServerUrl);
-}
+export const plugin = () => new ElasticsearchClientPlugin();
diff --git a/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts b/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts
new file mode 100644
index 00000000000000..5e018ca7818d39
--- /dev/null
+++ b/test/plugin_functional/plugins/elasticsearch_client_plugin/server/plugin.ts
@@ -0,0 +1,53 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { Plugin, CoreSetup, CoreStart, ICustomClusterClient } from 'src/core/server';
+
+export class ElasticsearchClientPlugin implements Plugin {
+  private client?: ICustomClusterClient;
+  public setup(core: CoreSetup) {
+    const router = core.http.createRouter();
+    router.get(
+      { path: '/api/elasticsearch_client_plugin/context/ping', validate: false },
+      async (context, req, res) => {
+        const { body } = await context.core.elasticsearch.client.asInternalUser.ping();
+        return res.ok({ body });
+      }
+    );
+    router.get(
+      { path: '/api/elasticsearch_client_plugin/contract/ping', validate: false },
+      async (context, req, res) => {
+        const [coreStart] = await core.getStartServices();
+        const { body } = await coreStart.elasticsearch.client.asInternalUser.ping();
+        return res.ok({ body });
+      }
+    );
+    router.get(
+      { path: '/api/elasticsearch_client_plugin/custom_client/ping', validate: false },
+      async (context, req, res) => {
+        const { body } = await this.client!.asInternalUser.ping();
+        return res.ok({ body });
+      }
+    );
+  }
+
+  public start(core: CoreStart) {
+    this.client = core.elasticsearch.createClient('my-custom-client-test');
+  }
+  public stop() {}
+}
diff --git a/test/plugin_functional/plugins/elasticsearch_client_plugin/tsconfig.json b/test/plugin_functional/plugins/elasticsearch_client_plugin/tsconfig.json
new file mode 100644
index 00000000000000..d0751f31ecc5ea
--- /dev/null
+++ b/test/plugin_functional/plugins/elasticsearch_client_plugin/tsconfig.json
@@ -0,0 +1,12 @@
+{
+  "extends": "../../../../tsconfig.json",
+  "compilerOptions": {
+    "outDir": "./target",
+    "skipLibCheck": true
+  },
+  "include": [
+    "server/**/*.ts",
+    "../../../../typings/**/*"
+  ],
+  "exclude": []
+}
diff --git a/test/plugin_functional/services/index.ts b/test/plugin_functional/services/index.ts
index dd2b25e14fe170..453cfc5a8636ff 100644
--- a/test/plugin_functional/services/index.ts
+++ b/test/plugin_functional/services/index.ts
@@ -16,14 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-import { GenericFtrProviderContext } from '@kbn/test/types/ftr';
-import { FtrProviderContext } from 'test/functional/ftr_provider_context';
 
-import { KibanaSupertestProvider } from './supertest';
+import { FtrProviderContext } from '../../functional/ftr_provider_context';
 
-export const services = {
-  supertest: KibanaSupertestProvider,
-};
-
-export type PluginFunctionalProviderContext = FtrProviderContext &
-  GenericFtrProviderContext<typeof services, {}>;
+export type PluginFunctionalProviderContext = FtrProviderContext;
diff --git a/test/plugin_functional/test_suites/core_plugins/elasticsearch_client.ts b/test/plugin_functional/test_suites/core_plugins/elasticsearch_client.ts
new file mode 100644
index 00000000000000..9b9efc261126f3
--- /dev/null
+++ b/test/plugin_functional/test_suites/core_plugins/elasticsearch_client.ts
@@ -0,0 +1,38 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+import { PluginFunctionalProviderContext } from '../../services';
+import '../../plugins/core_provider_plugin/types';
+
+// eslint-disable-next-line import/no-default-export
+export default function ({ getService, getPageObjects }: PluginFunctionalProviderContext) {
+  const supertest = getService('supertest');
+  describe('elasticsearch client', () => {
+    it('server plugins have access to elasticsearch client via request context', async () => {
+      await supertest.get('/api/elasticsearch_client_plugin/context/ping').expect(200, 'true');
+    });
+    it('server plugins have access to elasticsearch client via core contract', async () => {
+      await supertest.get('/api/elasticsearch_client_plugin/contract/ping').expect(200, 'true');
+    });
+    it('server plugins can create a custom elasticsearch client', async () => {
+      await supertest
+        .get('/api/elasticsearch_client_plugin/custom_client/ping')
+        .expect(200, 'true');
+    });
+  });
+}
diff --git a/test/plugin_functional/test_suites/core_plugins/index.ts b/test/plugin_functional/test_suites/core_plugins/index.ts
index 8f54ec6c0f4cd9..99ac6dc9b84743 100644
--- a/test/plugin_functional/test_suites/core_plugins/index.ts
+++ b/test/plugin_functional/test_suites/core_plugins/index.ts
@@ -22,6 +22,7 @@ import { PluginFunctionalProviderContext } from '../../services';
 export default function ({ loadTestFile }: PluginFunctionalProviderContext) {
   describe('core plugins', () => {
     loadTestFile(require.resolve('./applications'));
+    loadTestFile(require.resolve('./elasticsearch_client'));
     loadTestFile(require.resolve('./legacy_plugins'));
     loadTestFile(require.resolve('./server_plugins'));
     loadTestFile(require.resolve('./ui_plugins'));
diff --git a/test/plugin_functional/test_suites/core_plugins/top_nav.js b/test/plugin_functional/test_suites/core_plugins/top_nav.ts
similarity index 88%
rename from test/plugin_functional/test_suites/core_plugins/top_nav.js
rename to test/plugin_functional/test_suites/core_plugins/top_nav.ts
index 5c46e3d7f76db1..6d2c6b7f85d28a 100644
--- a/test/plugin_functional/test_suites/core_plugins/top_nav.js
+++ b/test/plugin_functional/test_suites/core_plugins/top_nav.ts
@@ -17,8 +17,10 @@
  * under the License.
  */
 import expect from '@kbn/expect';
+import { PluginFunctionalProviderContext } from '../../services';
 
-export default function ({ getService, getPageObjects }) {
+// eslint-disable-next-line import/no-default-export
+export default function ({ getService, getPageObjects }: PluginFunctionalProviderContext) {
   const PageObjects = getPageObjects(['common']);
 
   const browser = getService('browser');
diff --git a/x-pack/test/plugin_api_integration/config.ts b/x-pack/test/plugin_api_integration/config.ts
index 6a86bcb7176f78..b89ed6ad550a34 100644
--- a/x-pack/test/plugin_api_integration/config.ts
+++ b/x-pack/test/plugin_api_integration/config.ts
@@ -20,6 +20,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
 
   return {
     testFiles: [
+      require.resolve('./test_suites/platform'),
       require.resolve('./test_suites/task_manager'),
       require.resolve('./test_suites/event_log'),
       require.resolve('./test_suites/licensed_feature_usage'),
diff --git a/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/kibana.json b/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/kibana.json
new file mode 100644
index 00000000000000..37ec33c168e763
--- /dev/null
+++ b/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/kibana.json
@@ -0,0 +1,7 @@
+{
+  "id": "elasticsearch_client_xpack",
+  "version": "1.0.0",
+  "kibanaVersion": "kibana",
+  "server": true,
+  "ui": false
+}
diff --git a/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/package.json b/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/package.json
new file mode 100644
index 00000000000000..ed31989472134e
--- /dev/null
+++ b/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/package.json
@@ -0,0 +1,14 @@
+{
+  "name": "elasticsearch_client_xpack",
+  "version": "1.0.0",
+  "kibana": {
+    "version": "kibana"
+  },
+  "scripts": {
+    "kbn": "node ../../../../../scripts/kbn.js",
+    "build": "rm -rf './target' && tsc"
+  },
+  "devDependencies": {
+    "typescript": "3.9.5"
+  }
+}
diff --git a/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/server/index.ts b/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/server/index.ts
new file mode 100644
index 00000000000000..19b54a9b0326de
--- /dev/null
+++ b/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/server/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { ElasticsearchClientXPack } from './plugin';
+
+export const plugin = () => new ElasticsearchClientXPack();
diff --git a/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/server/plugin.ts b/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/server/plugin.ts
new file mode 100644
index 00000000000000..921c8f9c50860a
--- /dev/null
+++ b/x-pack/test/plugin_api_integration/plugins/elasticsearch_client/server/plugin.ts
@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { Plugin, CoreSetup } from 'kibana/server';
+
+export class ElasticsearchClientXPack implements Plugin {
+  constructor() {}
+
+  public setup(core: CoreSetup) {
+    const router = core.http.createRouter();
+    router.get(
+      { path: '/api/elasticsearch_client_xpack/context/user', validate: false },
+      async (context, req, res) => {
+        const { body } = await context.core.elasticsearch.client.asCurrentUser.security.getUser();
+        return res.ok({ body });
+      }
+    );
+
+    router.get(
+      { path: '/api/elasticsearch_client_xpack/contract/user', validate: false },
+      async (context, req, res) => {
+        const [coreStart] = await core.getStartServices();
+        const { body } = await coreStart.elasticsearch.client
+          .asScoped(req)
+          .asCurrentUser.security.getUser();
+        return res.ok({ body });
+      }
+    );
+  }
+
+  public start() {}
+  public stop() {}
+}
diff --git a/x-pack/test/plugin_api_integration/test_suites/platform/elasticsearch_client.ts b/x-pack/test/plugin_api_integration/test_suites/platform/elasticsearch_client.ts
new file mode 100644
index 00000000000000..c2f6e93de83c13
--- /dev/null
+++ b/x-pack/test/plugin_api_integration/test_suites/platform/elasticsearch_client.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import expect from '@kbn/expect';
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function ({ getService }: FtrProviderContext) {
+  const supertest = getService('supertest');
+  describe('elasticsearch client', () => {
+    it('scopes the elasticsearch client provided via request context to user credentials', async () => {
+      const { body } = await supertest
+        .get('/api/elasticsearch_client_xpack/context/user')
+        .expect(200);
+      expect(body).not.to.be.empty();
+    });
+    it('scopes the elasticsearch client provided via request context to user credentials', async () => {
+      const { body } = await supertest
+        .get('/api/elasticsearch_client_xpack/contract/user')
+        .expect(200);
+      expect(body).not.to.be.empty();
+    });
+  });
+}
diff --git a/x-pack/test/plugin_api_integration/test_suites/platform/index.ts b/x-pack/test/plugin_api_integration/test_suites/platform/index.ts
new file mode 100644
index 00000000000000..3375e9ca839a58
--- /dev/null
+++ b/x-pack/test/plugin_api_integration/test_suites/platform/index.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function ({ loadTestFile }: FtrProviderContext) {
+  describe('platform', function taskManagerSuite() {
+    this.tags('ciGroup2');
+    loadTestFile(require.resolve('./elasticsearch_client'));
+  });
+}

From 15f4ead00504f0fe368e423421524325e75246e6 Mon Sep 17 00:00:00 2001
From: Frank Hassanabad <frank.hassanabad@elastic.co>
Date: Thu, 30 Jul 2020 11:20:12 -0600
Subject: [PATCH 05/11] [SIEM] Fixes broken maps link to Kibana index
 management (#73757)

## Summary

Embarrassing simple fix

If you don't have an index setup like below and click configure index patterns it takes you to `/app/kibana` when it should just be `/app` and there shouldn't be anymore hashes of `#`.

<img width="1487" alt="Screen Shot 2020-07-29 at 5 09 10 PM" src="https://user-images.githubusercontent.com/1151048/88862759-4b90e580-d1be-11ea-834c-aedc73cc330a.png">
---
 .../index_patterns_missing_prompt.test.tsx.snap             | 4 ++--
 .../embeddables/index_patterns_missing_prompt.tsx           | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/__snapshots__/index_patterns_missing_prompt.test.tsx.snap b/x-pack/plugins/security_solution/public/network/components/embeddables/__snapshots__/index_patterns_missing_prompt.test.tsx.snap
index 30f7df940fa994..b72b9e5c73977c 100644
--- a/x-pack/plugins/security_solution/public/network/components/embeddables/__snapshots__/index_patterns_missing_prompt.test.tsx.snap
+++ b/x-pack/plugins/security_solution/public/network/components/embeddables/__snapshots__/index_patterns_missing_prompt.test.tsx.snap
@@ -6,7 +6,7 @@ exports[`IndexPatternsMissingPrompt renders correctly against snapshot 1`] = `
     <EuiButton
       color="primary"
       fill={true}
-      href="/test/base/path/app/kibana#/management/kibana/indexPatterns"
+      href="/test/base/path/app/management/kibana/indexPatterns"
       target="_blank"
     >
       Configure index patterns
@@ -28,7 +28,7 @@ exports[`IndexPatternsMissingPrompt renders correctly against snapshot 1`] = `
                 beats
               </a>,
               "defaultIndex": <a
-                href="/test/base/path/app/kibana#/management/kibana/settings"
+                href="/test/base/path/app/management/kibana/settings"
                 rel="noopener noreferrer"
                 target="_blank"
               >
diff --git a/x-pack/plugins/security_solution/public/network/components/embeddables/index_patterns_missing_prompt.tsx b/x-pack/plugins/security_solution/public/network/components/embeddables/index_patterns_missing_prompt.tsx
index 62ffad515f4240..b5595daa9cf474 100644
--- a/x-pack/plugins/security_solution/public/network/components/embeddables/index_patterns_missing_prompt.tsx
+++ b/x-pack/plugins/security_solution/public/network/components/embeddables/index_patterns_missing_prompt.tsx
@@ -13,7 +13,7 @@ import * as i18n from './translations';
 
 export const IndexPatternsMissingPromptComponent = () => {
   const { docLinks } = useKibana().services;
-  const kibanaBasePath = `${useBasePath()}/app/kibana`;
+  const kibanaBasePath = `${useBasePath()}/app`;
 
   return (
     <EuiEmptyPrompt
@@ -29,7 +29,7 @@ export const IndexPatternsMissingPromptComponent = () => {
               values={{
                 defaultIndex: (
                   <a
-                    href={`${kibanaBasePath}#/management/kibana/settings`}
+                    href={`${kibanaBasePath}/management/kibana/settings`}
                     rel="noopener noreferrer"
                     target="_blank"
                   >
@@ -61,7 +61,7 @@ export const IndexPatternsMissingPromptComponent = () => {
       }
       actions={
         <EuiButton
-          href={`${kibanaBasePath}#/management/kibana/indexPatterns`}
+          href={`${kibanaBasePath}/management/kibana/indexPatterns`}
           color="primary"
           target="_blank"
           fill

From 0f18123b83787e736f84194e50537a2dfbcb26da Mon Sep 17 00:00:00 2001
From: Paul Tavares <56442535+paul-tavares@users.noreply.github.com>
Date: Thu, 30 Jul 2020 13:21:12 -0400
Subject: [PATCH 06/11] [SECURITY_SOLUTION][ENDPOINT] Fix Endpoint Host page
 sometimes incorrectly showing onboarding UI (#73222)

* Fix incorrectly showing the onboarding message on hosts

* Allow loading of the Details even if list load failed

* Some test fixes

* Fix missing import

* refactor UT for the policy list view

* Refactor more UT

* remove commented out code

* Fix some failing tests following cherry-picks

* start work on mock host list apis

* Remove extra code that came from cherry-pick

* more tests fixed

* All test pass

* Refactoring ++ cleanup

* Remove unused import
---
 .../common/endpoint/generate_data.ts          | 105 +++++++++-
 .../pages/endpoint_hosts/store/action.ts      |   6 +
 .../pages/endpoint_hosts/store/index.test.ts  |   1 +
 .../pages/endpoint_hosts/store/middleware.ts  |  42 +++-
 .../store/mock_host_result_list.ts            | 148 +++++++++++++-
 .../pages/endpoint_hosts/store/reducer.ts     |   7 +
 .../pages/endpoint_hosts/store/selectors.ts   |   6 +
 .../management/pages/endpoint_hosts/types.ts  |   2 +
 .../pages/endpoint_hosts/view/index.test.tsx  | 192 +++++++++++-------
 .../pages/endpoint_hosts/view/index.tsx       |  17 +-
 .../policy/store/policy_list/index.test.ts    |   1 +
 .../policy/store/policy_list/middleware.ts    |   1 +
 .../policy_list/mock_policy_result_list.ts    |  40 ----
 .../store/policy_list/services/ingest.test.ts |   6 +-
 .../store/policy_list/services/ingest.ts      |   2 +-
 .../store/policy_list/test_mock_utils.ts      | 162 ++++++---------
 .../pages/policy/view/policy_details.test.tsx |   8 +-
 .../pages/policy/view/policy_list.test.tsx    |  46 ++---
 18 files changed, 526 insertions(+), 266 deletions(-)
 delete mode 100644 x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/mock_policy_result_list.ts

diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
index 9a92270fc9c14d..aa3f0bf287fcae 100644
--- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts
@@ -8,16 +8,26 @@ import seedrandom from 'seedrandom';
 import {
   AlertEvent,
   EndpointEvent,
+  EndpointStatus,
   Host,
   HostMetadata,
-  OSFields,
   HostPolicyResponse,
   HostPolicyResponseActionStatus,
+  OSFields,
   PolicyData,
-  EndpointStatus,
 } from './types';
 import { factory as policyFactory } from './models/policy_config';
 import { parentEntityId } from './models/event';
+import {
+  GetAgentConfigsResponseItem,
+  GetPackagesResponse,
+} from '../../../ingest_manager/common/types/rest_spec';
+import {
+  AgentConfigStatus,
+  EsAssetReference,
+  InstallationStatus,
+  KibanaAssetReference,
+} from '../../../ingest_manager/common/types/models';
 
 export type Event = AlertEvent | EndpointEvent;
 /**
@@ -1062,6 +1072,97 @@ export class EndpointDocGenerator {
     };
   }
 
+  /**
+   * Generate an Agent Configuration (ingest)
+   */
+  public generateAgentConfig(): GetAgentConfigsResponseItem {
+    return {
+      id: this.seededUUIDv4(),
+      name: 'Agent Config',
+      status: AgentConfigStatus.Active,
+      description: 'Some description',
+      namespace: 'default',
+      monitoring_enabled: ['logs', 'metrics'],
+      revision: 2,
+      updated_at: '2020-07-22T16:36:49.196Z',
+      updated_by: 'elastic',
+      package_configs: ['852491f0-cc39-11ea-bac2-cdbf95b4b41a'],
+      agents: 0,
+    };
+  }
+
+  /**
+   * Generate an EPM Package for Endpoint
+   */
+  public generateEpmPackage(): GetPackagesResponse['response'][0] {
+    return {
+      name: 'endpoint',
+      title: 'Elastic Endpoint',
+      version: '0.5.0',
+      description: 'This is the Elastic Endpoint package.',
+      type: 'solution',
+      download: '/epr/endpoint/endpoint-0.5.0.tar.gz',
+      path: '/package/endpoint/0.5.0',
+      icons: [
+        {
+          src: '/package/endpoint/0.5.0/img/logo-endpoint-64-color.svg',
+          size: '16x16',
+          type: 'image/svg+xml',
+        },
+      ],
+      status: 'installed' as InstallationStatus,
+      savedObject: {
+        type: 'epm-packages',
+        id: 'endpoint',
+        attributes: {
+          installed_kibana: [
+            { id: '826759f0-7074-11ea-9bc8-6b38f4d29a16', type: 'dashboard' },
+            { id: '1cfceda0-728b-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
+            { id: '1e525190-7074-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
+            { id: '55387750-729c-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
+            { id: '92b1edc0-706a-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
+            { id: 'a3a3bd10-706b-11ea-9bc8-6b38f4d29a16', type: 'map' },
+          ] as KibanaAssetReference[],
+          installed_es: [
+            { id: 'logs-endpoint.alerts', type: 'index_template' },
+            { id: 'events-endpoint', type: 'index_template' },
+            { id: 'logs-endpoint.events.file', type: 'index_template' },
+            { id: 'logs-endpoint.events.library', type: 'index_template' },
+            { id: 'metrics-endpoint.metadata', type: 'index_template' },
+            { id: 'metrics-endpoint.metadata_mirror', type: 'index_template' },
+            { id: 'logs-endpoint.events.network', type: 'index_template' },
+            { id: 'metrics-endpoint.policy', type: 'index_template' },
+            { id: 'logs-endpoint.events.process', type: 'index_template' },
+            { id: 'logs-endpoint.events.registry', type: 'index_template' },
+            { id: 'logs-endpoint.events.security', type: 'index_template' },
+            { id: 'metrics-endpoint.telemetry', type: 'index_template' },
+          ] as EsAssetReference[],
+          es_index_patterns: {
+            alerts: 'logs-endpoint.alerts-*',
+            events: 'events-endpoint-*',
+            file: 'logs-endpoint.events.file-*',
+            library: 'logs-endpoint.events.library-*',
+            metadata: 'metrics-endpoint.metadata-*',
+            metadata_mirror: 'metrics-endpoint.metadata_mirror-*',
+            network: 'logs-endpoint.events.network-*',
+            policy: 'metrics-endpoint.policy-*',
+            process: 'logs-endpoint.events.process-*',
+            registry: 'logs-endpoint.events.registry-*',
+            security: 'logs-endpoint.events.security-*',
+            telemetry: 'metrics-endpoint.telemetry-*',
+          },
+          name: 'endpoint',
+          version: '0.5.0',
+          internal: false,
+          removable: false,
+        },
+        references: [],
+        updated_at: '2020-06-24T14:41:23.098Z',
+        version: 'Wzc0LDFd',
+      },
+    };
+  }
+
   /**
    * Generates a Host Policy response message
    */
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts
index 621fab2e4ee113..4a4326d5b29193 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/action.ts
@@ -81,6 +81,11 @@ interface ServerReturnedHostNonExistingPolicies {
   payload: HostState['nonExistingPolicies'];
 }
 
+interface ServerReturnedHostExistValue {
+  type: 'serverReturnedHostExistValue';
+  payload: boolean;
+}
+
 export type HostAction =
   | ServerReturnedHostList
   | ServerFailedToReturnHostList
@@ -92,6 +97,7 @@ export type HostAction =
   | ServerFailedToReturnPoliciesForOnboarding
   | UserSelectedEndpointPolicy
   | ServerCancelledHostListLoading
+  | ServerReturnedHostExistValue
   | ServerCancelledPolicyItemsLoading
   | ServerReturnedEndpointPackageInfo
   | ServerReturnedHostNonExistingPolicies;
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts
index b6e18506b61113..8ff4ad5a043b5f 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/index.test.ts
@@ -51,6 +51,7 @@ describe('HostList store concerns', () => {
         policyItemsLoading: false,
         endpointPackageInfo: undefined,
         nonExistingPolicies: {},
+        hostsExist: true,
       });
     });
 
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts
index edeca5659ee38c..74bebf211258ae 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/middleware.ts
@@ -4,7 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { HttpSetup } from 'kibana/public';
+import { HttpStart } from 'kibana/public';
 import { HostInfo, HostResultList } from '../../../../../common/endpoint/types';
 import { GetPolicyListResponse } from '../../policy/types';
 import { ImmutableMiddlewareFactory } from '../../../../common/store';
@@ -28,6 +28,8 @@ export const hostMiddlewareFactory: ImmutableMiddlewareFactory<HostState> = (cor
   return ({ getState, dispatch }) => (next) => async (action) => {
     next(action);
     const state = getState();
+
+    // Host list
     if (
       action.type === 'userChangedUrl' &&
       isOnHostPage(state) &&
@@ -89,6 +91,19 @@ export const hostMiddlewareFactory: ImmutableMiddlewareFactory<HostState> = (cor
       // No hosts, so we should check to see if there are policies for onboarding
       if (hostResponse && hostResponse.hosts.length === 0) {
         const http = coreStart.http;
+
+        // The original query to the list could have had an invalid param (ex. invalid page_size),
+        // so we check first if hosts actually do exist before pulling in data for the onboarding
+        // messages.
+        if (await doHostsExist(http)) {
+          return;
+        }
+
+        dispatch({
+          type: 'serverReturnedHostExistValue',
+          payload: false,
+        });
+
         try {
           const policyDataResponse: GetPolicyListResponse = await sendGetEndpointSpecificPackageConfigs(
             http,
@@ -119,6 +134,8 @@ export const hostMiddlewareFactory: ImmutableMiddlewareFactory<HostState> = (cor
         });
       }
     }
+
+    // Host Details
     if (action.type === 'userChangedUrl' && hasSelectedHost(state) === true) {
       dispatch({
         type: 'serverCancelledPolicyItemsLoading',
@@ -160,7 +177,6 @@ export const hostMiddlewareFactory: ImmutableMiddlewareFactory<HostState> = (cor
             type: 'serverFailedToReturnHostList',
             payload: error,
           });
-          return;
         }
       } else {
         dispatch({
@@ -217,7 +233,7 @@ export const hostMiddlewareFactory: ImmutableMiddlewareFactory<HostState> = (cor
 };
 
 const getNonExistingPoliciesForHostsList = async (
-  http: HttpSetup,
+  http: HttpStart,
   hosts: HostResultList['hosts'],
   currentNonExistingPolicies: HostState['nonExistingPolicies']
 ): Promise<HostState['nonExistingPolicies'] | undefined> => {
@@ -274,3 +290,23 @@ const getNonExistingPoliciesForHostsList = async (
 
   return nonExisting;
 };
+
+const doHostsExist = async (http: HttpStart): Promise<boolean> => {
+  try {
+    return (
+      (
+        await http.post<HostResultList>('/api/endpoint/metadata', {
+          body: JSON.stringify({
+            paging_properties: [{ page_index: 0 }, { page_size: 1 }],
+          }),
+        })
+      ).hosts.length !== 0
+    );
+  } catch (error) {
+    // eslint-disable-next-line no-console
+    console.error(`error while trying to check if hosts exist`);
+    // eslint-disable-next-line no-console
+    console.error(error);
+  }
+  return false;
+};
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/mock_host_result_list.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/mock_host_result_list.ts
index 05af1ee062de6f..355c2bb5c19fc8 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/mock_host_result_list.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/mock_host_result_list.ts
@@ -4,8 +4,27 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { HostInfo, HostResultList, HostStatus } from '../../../../../common/endpoint/types';
+import { HttpStart } from 'kibana/public';
+import {
+  GetHostPolicyResponse,
+  HostInfo,
+  HostPolicyResponse,
+  HostResultList,
+  HostStatus,
+} from '../../../../../common/endpoint/types';
 import { EndpointDocGenerator } from '../../../../../common/endpoint/generate_data';
+import {
+  INGEST_API_AGENT_CONFIGS,
+  INGEST_API_EPM_PACKAGES,
+  INGEST_API_PACKAGE_CONFIGS,
+} from '../../policy/store/policy_list/services/ingest';
+import {
+  GetAgentConfigsResponse,
+  GetPackagesResponse,
+} from '../../../../../../ingest_manager/common/types/rest_spec';
+import { GetPolicyListResponse } from '../../policy/types';
+
+const generator = new EndpointDocGenerator('seed');
 
 export const mockHostResultList: (options?: {
   total?: number;
@@ -26,7 +45,6 @@ export const mockHostResultList: (options?: {
 
   const hosts = [];
   for (let index = 0; index < actualCountToReturn; index++) {
-    const generator = new EndpointDocGenerator('seed');
     hosts.push({
       metadata: generator.generateHostMetadata(),
       host_status: HostStatus.ERROR,
@@ -45,9 +63,133 @@ export const mockHostResultList: (options?: {
  * returns a mocked API response for retrieving a single host metadata
  */
 export const mockHostDetailsApiResult = (): HostInfo => {
-  const generator = new EndpointDocGenerator('seed');
   return {
     metadata: generator.generateHostMetadata(),
     host_status: HostStatus.ERROR,
   };
 };
+
+/**
+ * Mock API handlers used by the Endpoint Host list. It also sets up a list of
+ * API handlers for Host details based on a list of Host results.
+ */
+const hostListApiPathHandlerMocks = ({
+  hostsResults = mockHostResultList({ total: 3 }).hosts,
+  epmPackages = [generator.generateEpmPackage()],
+  endpointPackageConfigs = [],
+  policyResponse = generator.generatePolicyResponse(),
+}: {
+  /** route handlers will be setup for each individual host in this array */
+  hostsResults?: HostResultList['hosts'];
+  epmPackages?: GetPackagesResponse['response'];
+  endpointPackageConfigs?: GetPolicyListResponse['items'];
+  policyResponse?: HostPolicyResponse;
+} = {}) => {
+  const apiHandlers = {
+    // endpoint package info
+    [INGEST_API_EPM_PACKAGES]: (): GetPackagesResponse => {
+      return {
+        response: epmPackages,
+        success: true,
+      };
+    },
+
+    // host list
+    '/api/endpoint/metadata': (): HostResultList => {
+      return {
+        hosts: hostsResults,
+        request_page_size: 10,
+        request_page_index: 0,
+        total: hostsResults?.length || 0,
+      };
+    },
+
+    // Do policies referenced in host list exist
+    // just returns 1 single agent config that includes all of the packageConfig IDs provided
+    [INGEST_API_AGENT_CONFIGS]: (): GetAgentConfigsResponse => {
+      const agentConfig = generator.generateAgentConfig();
+      (agentConfig.package_configs as string[]).push(
+        ...endpointPackageConfigs.map((packageConfig) => packageConfig.id)
+      );
+      return {
+        items: [agentConfig],
+        total: 10,
+        success: true,
+        perPage: 10,
+        page: 1,
+      };
+    },
+
+    // Policy Response
+    '/api/endpoint/policy_response': (): GetHostPolicyResponse => {
+      return { policy_response: policyResponse };
+    },
+
+    // List of Policies (package configs) for onboarding
+    [INGEST_API_PACKAGE_CONFIGS]: (): GetPolicyListResponse => {
+      return {
+        items: endpointPackageConfigs,
+        page: 1,
+        perPage: 10,
+        total: endpointPackageConfigs?.length,
+        success: true,
+      };
+    },
+  };
+
+  // Build a GET route handler for each host details based on the list of Hosts passed on input
+  if (hostsResults) {
+    hostsResults.forEach((host) => {
+      // @ts-ignore
+      apiHandlers[`/api/endpoint/metadata/${host.metadata.host.id}`] = () => host;
+    });
+  }
+
+  return apiHandlers;
+};
+
+/**
+ * Sets up mock impelementations in support of the Hosts list view
+ *
+ * @param mockedHttpService
+ * @param hostsResults
+ * @param pathHandlersOptions
+ */
+export const setHostListApiMockImplementation: (
+  mockedHttpService: jest.Mocked<HttpStart>,
+  apiResponses?: Parameters<typeof hostListApiPathHandlerMocks>[0]
+) => void = (
+  mockedHttpService,
+  { hostsResults = mockHostResultList({ total: 3 }).hosts, ...pathHandlersOptions } = {}
+) => {
+  const apiHandlers = hostListApiPathHandlerMocks({ ...pathHandlersOptions, hostsResults });
+
+  mockedHttpService.post
+    .mockImplementation(async (...args) => {
+      throw new Error(`un-expected call to http.post: ${args}`);
+    })
+    // First time called, return list of hosts
+    .mockImplementationOnce(async () => {
+      return apiHandlers['/api/endpoint/metadata']();
+    });
+
+  // If the hosts list results is zero, then mock the second call to `/metadata` to return
+  // empty list - indicating there are no hosts currently present on the system
+  if (!hostsResults.length) {
+    mockedHttpService.post.mockImplementationOnce(async () => {
+      return apiHandlers['/api/endpoint/metadata']();
+    });
+  }
+
+  // Setup handling of GET requests
+  mockedHttpService.get.mockImplementation(async (...args) => {
+    const [path] = args;
+    if (typeof path === 'string') {
+      if (apiHandlers[path]) {
+        return apiHandlers[path]();
+      }
+    }
+
+    throw new Error(`MOCK: api request does not have a mocked handler: ${path}`);
+  });
+};
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts
index 7f68baa4b85bdc..e54f7df4d4f75a 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/reducer.ts
@@ -29,6 +29,7 @@ export const initialHostListState: Immutable<HostState> = {
   policyItemsLoading: false,
   endpointPackageInfo: undefined,
   nonExistingPolicies: {},
+  hostsExist: true,
 };
 
 /* eslint-disable-next-line complexity */
@@ -125,6 +126,11 @@ export const hostListReducer: ImmutableReducer<HostState, AppAction> = (
       ...state,
       endpointPackageInfo: action.payload,
     };
+  } else if (action.type === 'serverReturnedHostExistValue') {
+    return {
+      ...state,
+      hostsExist: action.payload,
+    };
   } else if (action.type === 'userChangedUrl') {
     const newState: Immutable<HostState> = {
       ...state,
@@ -181,6 +187,7 @@ export const hostListReducer: ImmutableReducer<HostState, AppAction> = (
       error: undefined,
       detailsError: undefined,
       policyResponseError: undefined,
+      hostsExist: true,
     };
   }
   return state;
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts
index 6e0823a920413f..ca006f21c29ac2 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/store/selectors.ts
@@ -203,3 +203,9 @@ export const policyResponseStatus: (state: Immutable<HostState>) => string = cre
 export const nonExistingPolicies: (
   state: Immutable<HostState>
 ) => Immutable<HostState['nonExistingPolicies']> = (state) => state.nonExistingPolicies;
+
+/**
+ * Return boolean that indicates whether hosts exist
+ * @param state
+ */
+export const hostsExist: (state: Immutable<HostState>) => boolean = (state) => state.hostsExist;
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts
index 582a59cfd7605c..6c949e9700b9a0 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/types.ts
@@ -52,6 +52,8 @@ export interface HostState {
   endpointPackageInfo?: GetPackagesResponse['response'][0];
   /** tracks the list of policies IDs used in Host metadata that may no longer exist */
   nonExistingPolicies: Record<string, boolean>;
+  /** Tracks whether hosts exist and helps control if onboarding should be visible */
+  hostsExist: boolean;
 }
 
 /**
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx
index 9d49c8705affe2..3e00a5cc33db1d 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.test.tsx
@@ -8,18 +8,22 @@ import React from 'react';
 import * as reactTestingLibrary from '@testing-library/react';
 
 import { HostList } from './index';
-import { mockHostDetailsApiResult, mockHostResultList } from '../store/mock_host_result_list';
-import { mockPolicyResultList } from '../../policy/store/policy_list/mock_policy_result_list';
+import {
+  mockHostDetailsApiResult,
+  mockHostResultList,
+  setHostListApiMockImplementation,
+} from '../store/mock_host_result_list';
 import { AppContextTestRender, createAppRootMockRenderer } from '../../../../common/mock/endpoint';
 import {
   HostInfo,
+  HostPolicyResponse,
   HostPolicyResponseActionStatus,
   HostPolicyResponseAppliedAction,
   HostStatus,
 } from '../../../../../common/endpoint/types';
 import { EndpointDocGenerator } from '../../../../../common/endpoint/generate_data';
-import { AppAction } from '../../../../common/store/actions';
 import { POLICY_STATUS_TO_HEALTH_COLOR, POLICY_STATUS_TO_TEXT } from './host_constants';
+import { mockPolicyResultList } from '../../policy/store/policy_list/test_mock_utils';
 
 jest.mock('../../../../common/components/link_to');
 
@@ -35,6 +39,9 @@ describe('when on the hosts page', () => {
     const mockedContext = createAppRootMockRenderer();
     ({ history, store, coreStart, middlewareSpy } = mockedContext);
     render = () => mockedContext.render(<HostList />);
+    reactTestingLibrary.act(() => {
+      history.push('/hosts');
+    });
   });
 
   it('should NOT display timeline', async () => {
@@ -43,35 +50,29 @@ describe('when on the hosts page', () => {
     expect(timelineFlyout).toBeNull();
   });
 
-  it('should show the empty state when there are no hosts or polices', async () => {
-    const renderResult = render();
-    // Initially, there are no hosts or policies, so we prompt to add policies first.
-    const table = await renderResult.findByTestId('emptyPolicyTable');
-    expect(table).not.toBeNull();
-  });
-
-  describe('when there are policies, but no hosts', () => {
+  describe('when there are no hosts or polices', () => {
     beforeEach(() => {
-      reactTestingLibrary.act(() => {
-        const hostListData = mockHostResultList({ total: 0 });
-        coreStart.http.get.mockReturnValue(Promise.resolve(hostListData));
-        const hostAction: AppAction = {
-          type: 'serverReturnedHostList',
-          payload: hostListData,
-        };
-        store.dispatch(hostAction);
+      setHostListApiMockImplementation(coreStart.http, {
+        hostsResults: [],
+      });
+    });
 
-        jest.clearAllMocks();
+    it('should show the empty state when there are no hosts or polices', async () => {
+      const renderResult = render();
+      await reactTestingLibrary.act(async () => {
+        await middlewareSpy.waitForAction('serverReturnedPoliciesForOnboarding');
+      });
+      // Initially, there are no hosts or policies, so we prompt to add policies first.
+      const table = await renderResult.findByTestId('emptyPolicyTable');
+      expect(table).not.toBeNull();
+    });
+  });
 
-        const policyListData = mockPolicyResultList({ total: 3 });
-        coreStart.http.get.mockReturnValue(Promise.resolve(policyListData));
-        const policyAction: AppAction = {
-          type: 'serverReturnedPoliciesForOnboarding',
-          payload: {
-            policyItems: policyListData.items,
-          },
-        };
-        store.dispatch(policyAction);
+  describe('when there are policies, but no hosts', () => {
+    beforeEach(async () => {
+      setHostListApiMockImplementation(coreStart.http, {
+        hostsResults: [],
+        endpointPackageConfigs: mockPolicyResultList({ total: 3 }).items,
       });
     });
     afterEach(() => {
@@ -80,18 +81,27 @@ describe('when on the hosts page', () => {
 
     it('should show the no hosts empty state', async () => {
       const renderResult = render();
+      await reactTestingLibrary.act(async () => {
+        await middlewareSpy.waitForAction('serverReturnedPoliciesForOnboarding');
+      });
       const emptyHostsTable = await renderResult.findByTestId('emptyHostsTable');
       expect(emptyHostsTable).not.toBeNull();
     });
 
     it('should display the onboarding steps', async () => {
       const renderResult = render();
+      await reactTestingLibrary.act(async () => {
+        await middlewareSpy.waitForAction('serverReturnedPoliciesForOnboarding');
+      });
       const onboardingSteps = await renderResult.findByTestId('onboardingSteps');
       expect(onboardingSteps).not.toBeNull();
     });
 
     it('should show policy selection', async () => {
       const renderResult = render();
+      await reactTestingLibrary.act(async () => {
+        await middlewareSpy.waitForAction('serverReturnedPoliciesForOnboarding');
+      });
       const onboardingPolicySelect = await renderResult.findByTestId('onboardingPolicySelect');
       expect(onboardingPolicySelect).not.toBeNull();
     });
@@ -112,39 +122,54 @@ describe('when on the hosts page', () => {
       let firstPolicyID: string;
       beforeEach(() => {
         reactTestingLibrary.act(() => {
-          const hostListData = mockHostResultList({ total: 4 });
-          firstPolicyID = hostListData.hosts[0].metadata.Endpoint.policy.applied.id;
+          const hostListData = mockHostResultList({ total: 4 }).hosts;
+
+          firstPolicyID = hostListData[0].metadata.Endpoint.policy.applied.id;
+
           [HostStatus.ERROR, HostStatus.ONLINE, HostStatus.OFFLINE, HostStatus.UNENROLLING].forEach(
             (status, index) => {
-              hostListData.hosts[index] = {
-                metadata: hostListData.hosts[index].metadata,
+              hostListData[index] = {
+                metadata: hostListData[index].metadata,
                 host_status: status,
               };
             }
           );
-          hostListData.hosts.forEach((item, index) => {
+          hostListData.forEach((item, index) => {
             generatedPolicyStatuses[index] = item.metadata.Endpoint.policy.applied.status;
           });
-          const action: AppAction = {
-            type: 'serverReturnedHostList',
-            payload: hostListData,
-          };
-          store.dispatch(action);
+
+          // Make sure that the first policy id in the host result is not set as non-existent
+          const ingestPackageConfigs = mockPolicyResultList({ total: 1 }).items;
+          ingestPackageConfigs[0].id = firstPolicyID;
+
+          setHostListApiMockImplementation(coreStart.http, {
+            hostsResults: hostListData,
+            endpointPackageConfigs: ingestPackageConfigs,
+          });
         });
       });
 
       it('should display rows in the table', async () => {
         const renderResult = render();
+        await reactTestingLibrary.act(async () => {
+          await middlewareSpy.waitForAction('serverReturnedHostList');
+        });
         const rows = await renderResult.findAllByRole('row');
         expect(rows).toHaveLength(5);
       });
       it('should show total', async () => {
         const renderResult = render();
+        await reactTestingLibrary.act(async () => {
+          await middlewareSpy.waitForAction('serverReturnedHostList');
+        });
         const total = await renderResult.findByTestId('hostListTableTotal');
         expect(total.textContent).toEqual('4 Hosts');
       });
       it('should display correct status', async () => {
         const renderResult = render();
+        await reactTestingLibrary.act(async () => {
+          await middlewareSpy.waitForAction('serverReturnedHostList');
+        });
         const hostStatuses = await renderResult.findAllByTestId('rowHostStatus');
 
         expect(hostStatuses[0].textContent).toEqual('Error');
@@ -168,6 +193,9 @@ describe('when on the hosts page', () => {
 
       it('should display correct policy status', async () => {
         const renderResult = render();
+        await reactTestingLibrary.act(async () => {
+          await middlewareSpy.waitForAction('serverReturnedHostList');
+        });
         const policyStatuses = await renderResult.findAllByTestId('rowPolicyStatus');
 
         policyStatuses.forEach((status, index) => {
@@ -184,6 +212,9 @@ describe('when on the hosts page', () => {
 
       it('should display policy name as a link', async () => {
         const renderResult = render();
+        await reactTestingLibrary.act(async () => {
+          await middlewareSpy.waitForAction('serverReturnedHostList');
+        });
         const firstPolicyName = (await renderResult.findAllByTestId('policyNameCellLink'))[0];
         expect(firstPolicyName).not.toBeNull();
         expect(firstPolicyName.getAttribute('href')).toContain(`policy/${firstPolicyID}`);
@@ -192,17 +223,10 @@ describe('when on the hosts page', () => {
       describe('when the user clicks the first hostname in the table', () => {
         let renderResult: reactTestingLibrary.RenderResult;
         beforeEach(async () => {
-          const hostDetailsApiResponse = mockHostDetailsApiResult();
-
-          coreStart.http.get.mockReturnValue(Promise.resolve(hostDetailsApiResponse));
-          reactTestingLibrary.act(() => {
-            store.dispatch({
-              type: 'serverReturnedHostDetails',
-              payload: hostDetailsApiResponse,
-            });
-          });
-
           renderResult = render();
+          await reactTestingLibrary.act(async () => {
+            await middlewareSpy.waitForAction('serverReturnedHostList');
+          });
           const hostNameLinks = await renderResult.findAllByTestId('hostnameCellLink');
           if (hostNameLinks.length) {
             reactTestingLibrary.fireEvent.click(hostNameLinks[0]);
@@ -221,9 +245,11 @@ describe('when on the hosts page', () => {
   describe('when there is a selected host in the url', () => {
     let hostDetails: HostInfo;
     let agentId: string;
-    const dispatchServerReturnedHostPolicyResponse = (
+    let renderAndWaitForData: () => Promise<ReturnType<AppContextTestRender['render']>>;
+
+    const createPolicyResponse = (
       overallStatus: HostPolicyResponseActionStatus = HostPolicyResponseActionStatus.success
-    ) => {
+    ): HostPolicyResponse => {
       const policyResponse = docGenerator.generatePolicyResponse();
       const malwareResponseConfigurations =
         policyResponse.Endpoint.policy.applied.response.configurations.malware;
@@ -269,21 +295,28 @@ describe('when on the hosts page', () => {
       policyResponse.Endpoint.policy.applied.actions.push(unknownAction);
       malwareResponseConfigurations.concerned_actions.push(unknownAction.name);
 
+      return policyResponse;
+    };
+
+    const dispatchServerReturnedHostPolicyResponse = (
+      overallStatus: HostPolicyResponseActionStatus = HostPolicyResponseActionStatus.success
+    ) => {
       reactTestingLibrary.act(() => {
         store.dispatch({
           type: 'serverReturnedHostPolicyResponse',
           payload: {
-            policy_response: policyResponse,
+            policy_response: createPolicyResponse(overallStatus),
           },
         });
       });
     };
 
-    beforeEach(() => {
+    beforeEach(async () => {
       const {
         host_status,
         metadata: { host, ...details },
       } = mockHostDetailsApiResult();
+
       hostDetails = {
         host_status,
         metadata: {
@@ -297,34 +330,37 @@ describe('when on the hosts page', () => {
 
       agentId = hostDetails.metadata.elastic.agent.id;
 
-      coreStart.http.get.mockReturnValue(Promise.resolve(hostDetails));
+      const policy = docGenerator.generatePolicyPackageConfig();
+      policy.id = hostDetails.metadata.Endpoint.policy.applied.id;
 
-      reactTestingLibrary.act(() => {
-        history.push({
-          ...history.location,
-          search: '?selected_host=1',
-        });
+      setHostListApiMockImplementation(coreStart.http, {
+        hostsResults: [hostDetails],
+        endpointPackageConfigs: [policy],
       });
+
       reactTestingLibrary.act(() => {
-        store.dispatch({
-          type: 'serverReturnedHostDetails',
-          payload: hostDetails,
-        });
+        history.push('/hosts?selected_host=1');
       });
+
+      renderAndWaitForData = async () => {
+        const renderResult = render();
+        await middlewareSpy.waitForAction('serverReturnedHostDetails');
+        return renderResult;
+      };
     });
     afterEach(() => {
       jest.clearAllMocks();
     });
 
-    it('should show the flyout', () => {
-      const renderResult = render();
+    it('should show the flyout', async () => {
+      const renderResult = await renderAndWaitForData();
       return renderResult.findByTestId('hostDetailsFlyout').then((flyout) => {
         expect(flyout).not.toBeNull();
       });
     });
 
     it('should display policy name value as a link', async () => {
-      const renderResult = render();
+      const renderResult = await renderAndWaitForData();
       const policyDetailsLink = await renderResult.findByTestId('policyDetailsValue');
       expect(policyDetailsLink).not.toBeNull();
       expect(policyDetailsLink.getAttribute('href')).toEqual(
@@ -333,10 +369,7 @@ describe('when on the hosts page', () => {
     });
 
     it('should update the URL when policy name link is clicked', async () => {
-      const policyItem = mockPolicyResultList({ total: 1 }).items[0];
-      coreStart.http.get.mockReturnValue(Promise.resolve({ item: policyItem }));
-
-      const renderResult = render();
+      const renderResult = await renderAndWaitForData();
       const policyDetailsLink = await renderResult.findByTestId('policyDetailsValue');
       const userChangedUrlChecker = middlewareSpy.waitForAction('userChangedUrl');
       reactTestingLibrary.act(() => {
@@ -349,7 +382,7 @@ describe('when on the hosts page', () => {
     });
 
     it('should display policy status value as a link', async () => {
-      const renderResult = render();
+      const renderResult = await renderAndWaitForData();
       const policyStatusLink = await renderResult.findByTestId('policyStatusValue');
       expect(policyStatusLink).not.toBeNull();
       expect(policyStatusLink.getAttribute('href')).toEqual(
@@ -358,7 +391,7 @@ describe('when on the hosts page', () => {
     });
 
     it('should update the URL when policy status link is clicked', async () => {
-      const renderResult = render();
+      const renderResult = await renderAndWaitForData();
       const policyStatusLink = await renderResult.findByTestId('policyStatusValue');
       const userChangedUrlChecker = middlewareSpy.waitForAction('userChangedUrl');
       reactTestingLibrary.act(() => {
@@ -371,7 +404,7 @@ describe('when on the hosts page', () => {
     });
 
     it('should display Success overall policy status', async () => {
-      const renderResult = render();
+      const renderResult = await renderAndWaitForData();
       reactTestingLibrary.act(() => {
         dispatchServerReturnedHostPolicyResponse(HostPolicyResponseActionStatus.success);
       });
@@ -385,7 +418,7 @@ describe('when on the hosts page', () => {
     });
 
     it('should display Warning overall policy status', async () => {
-      const renderResult = render();
+      const renderResult = await renderAndWaitForData();
       reactTestingLibrary.act(() => {
         dispatchServerReturnedHostPolicyResponse(HostPolicyResponseActionStatus.warning);
       });
@@ -399,7 +432,7 @@ describe('when on the hosts page', () => {
     });
 
     it('should display Failed overall policy status', async () => {
-      const renderResult = render();
+      const renderResult = await renderAndWaitForData();
       reactTestingLibrary.act(() => {
         dispatchServerReturnedHostPolicyResponse(HostPolicyResponseActionStatus.failure);
       });
@@ -413,7 +446,7 @@ describe('when on the hosts page', () => {
     });
 
     it('should display Unknown overall policy status', async () => {
-      const renderResult = render();
+      const renderResult = await renderAndWaitForData();
       reactTestingLibrary.act(() => {
         dispatchServerReturnedHostPolicyResponse('' as HostPolicyResponseActionStatus);
       });
@@ -428,7 +461,7 @@ describe('when on the hosts page', () => {
 
     it('should include the link to reassignment in Ingest', async () => {
       coreStart.application.getUrlForApp.mockReturnValue('/app/ingestManager');
-      const renderResult = render();
+      const renderResult = await renderAndWaitForData();
       const linkToReassign = await renderResult.findByTestId('hostDetailsLinkToIngest');
       expect(linkToReassign).not.toBeNull();
       expect(linkToReassign.textContent).toEqual('Reassign Configuration');
@@ -440,7 +473,7 @@ describe('when on the hosts page', () => {
     describe('when link to reassignment in Ingest is clicked', () => {
       beforeEach(async () => {
         coreStart.application.getUrlForApp.mockReturnValue('/app/ingestManager');
-        const renderResult = render();
+        const renderResult = await renderAndWaitForData();
         const linkToReassign = await renderResult.findByTestId('hostDetailsLinkToIngest');
         reactTestingLibrary.act(() => {
           reactTestingLibrary.fireEvent.click(linkToReassign);
@@ -461,13 +494,14 @@ describe('when on the hosts page', () => {
           }
           throw new Error(`POST to '${requestOptions.path}' does not have a mock response!`);
         });
-        renderResult = render();
+        renderResult = await renderAndWaitForData();
         const policyStatusLink = await renderResult.findByTestId('policyStatusValue');
         const userChangedUrlChecker = middlewareSpy.waitForAction('userChangedUrl');
         reactTestingLibrary.act(() => {
           reactTestingLibrary.fireEvent.click(policyStatusLink);
         });
         await userChangedUrlChecker;
+        await middlewareSpy.waitForAction('serverReturnedHostPolicyResponse');
         reactTestingLibrary.act(() => {
           dispatchServerReturnedHostPolicyResponse();
         });
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
index 2692f7791b7c05..58442ab417b606 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
@@ -89,6 +89,7 @@ export const HostList = () => {
     selectedPolicyId,
     policyItemsLoading,
     endpointPackageVersion,
+    hostsExist,
   } = useHostSelector(selector);
   const { formatUrl, search } = useFormatUrl(SecurityPageName.administration);
 
@@ -329,7 +330,7 @@ export const HostList = () => {
   }, [formatUrl, queryParams, search]);
 
   const renderTableOrEmptyState = useMemo(() => {
-    if (!loading && listData && listData.length > 0) {
+    if (hostsExist) {
       return (
         <EuiBasicTable
           data-test-subj="hostListTable"
@@ -338,6 +339,7 @@ export const HostList = () => {
           error={listError?.message}
           pagination={paginationSetup}
           onChange={onTableChange}
+          loading={loading}
         />
       );
     } else if (!policyItemsLoading && policyItems && policyItems.length > 0) {
@@ -356,19 +358,20 @@ export const HostList = () => {
       );
     }
   }, [
-    listData,
+    loading,
+    hostsExist,
+    policyItemsLoading,
     policyItems,
+    listData,
     columns,
-    loading,
+    listError?.message,
     paginationSetup,
     onTableChange,
-    listError?.message,
-    handleCreatePolicyClick,
     handleDeployEndpointsClick,
-    handleSelectableOnChange,
     selectedPolicyId,
+    handleSelectableOnChange,
     selectionOptions,
-    policyItemsLoading,
+    handleCreatePolicyClick,
   ]);
 
   return (
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/index.test.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/index.test.ts
index 8203aae244f246..6ee6a4232f7cfb 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/index.test.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/index.test.ts
@@ -143,6 +143,7 @@ describe('policy list store concerns', () => {
       isLoading: false,
       isDeleting: false,
       deleteStatus: undefined,
+      endpointPackageInfo: undefined,
       pageIndex: 0,
       pageSize: 10,
       total: 0,
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/middleware.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/middleware.ts
index b4e1da4e43da32..6fe555113617d9 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/middleware.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/middleware.ts
@@ -29,6 +29,7 @@ export const policyListMiddlewareFactory: ImmutableMiddlewareFactory<PolicyListS
     next(action);
 
     const state = getState();
+
     if (
       (action.type === 'userChangedUrl' && isOnPolicyListPage(state)) ||
       action.type === 'serverDeletedPolicy'
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/mock_policy_result_list.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/mock_policy_result_list.ts
deleted file mode 100644
index 7043903466ad8b..00000000000000
--- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/mock_policy_result_list.ts
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-
-import { GetPolicyListResponse } from '../../types';
-import { EndpointDocGenerator } from '../../../../../../common/endpoint/generate_data';
-
-export const mockPolicyResultList: (options?: {
-  total?: number;
-  request_page_size?: number;
-  request_page_index?: number;
-}) => GetPolicyListResponse = (options = {}) => {
-  const {
-    total = 1,
-    request_page_size: requestPageSize = 10,
-    request_page_index: requestPageIndex = 0,
-  } = options;
-
-  // Skip any that are before the page we're on
-  const numberToSkip = requestPageSize * requestPageIndex;
-
-  // total - numberToSkip is the count of non-skipped ones, but return no more than a pageSize, and no less than 0
-  const actualCountToReturn = Math.max(Math.min(total - numberToSkip, requestPageSize), 0);
-
-  const policies = [];
-  for (let index = 0; index < actualCountToReturn; index++) {
-    const generator = new EndpointDocGenerator('seed');
-    policies.push(generator.generatePolicyPackageConfig());
-  }
-  const mock: GetPolicyListResponse = {
-    items: policies,
-    total,
-    page: requestPageIndex,
-    perPage: requestPageSize,
-    success: true,
-  };
-  return mock;
-};
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/services/ingest.test.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/services/ingest.test.ts
index 7daa500ef18844..83cd8558306a0e 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/services/ingest.test.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/services/ingest.test.ts
@@ -12,7 +12,7 @@ import {
 } from './ingest';
 import { httpServiceMock } from '../../../../../../../../../../src/core/public/mocks';
 import { PACKAGE_CONFIG_SAVED_OBJECT_TYPE } from '../../../../../../../../ingest_manager/common';
-import { apiPathMockResponseProviders } from '../test_mock_utils';
+import { policyListApiPathHandlers } from '../test_mock_utils';
 
 describe('ingest service', () => {
   let http: ReturnType<typeof httpServiceMock.createStartContract>;
@@ -61,7 +61,9 @@ describe('ingest service', () => {
 
   describe('sendGetEndpointSecurityPackage()', () => {
     it('should query EPM with category=security', async () => {
-      http.get.mockReturnValue(apiPathMockResponseProviders[INGEST_API_EPM_PACKAGES]());
+      http.get.mockReturnValue(
+        Promise.resolve(policyListApiPathHandlers()[INGEST_API_EPM_PACKAGES]())
+      );
       await sendGetEndpointSecurityPackage(http);
       expect(http.get).toHaveBeenCalledWith('/api/ingest_manager/epm/packages', {
         query: { category: 'security' },
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/services/ingest.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/services/ingest.ts
index c6e6146f4d5e4b..266faf9eae32c9 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/services/ingest.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/services/ingest.ts
@@ -20,7 +20,7 @@ import { NewPolicyData } from '../../../../../../../common/endpoint/types';
 
 const INGEST_API_ROOT = `/api/ingest_manager`;
 export const INGEST_API_PACKAGE_CONFIGS = `${INGEST_API_ROOT}/package_configs`;
-const INGEST_API_AGENT_CONFIGS = `${INGEST_API_ROOT}/agent_configs`;
+export const INGEST_API_AGENT_CONFIGS = `${INGEST_API_ROOT}/agent_configs`;
 const INGEST_API_FLEET = `${INGEST_API_ROOT}/fleet`;
 const INGEST_API_FLEET_AGENT_STATUS = `${INGEST_API_FLEET}/agent-status`;
 export const INGEST_API_EPM_PACKAGES = `${INGEST_API_ROOT}/epm/packages`;
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/test_mock_utils.ts b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/test_mock_utils.ts
index b5c67cc2c20140..3c9d5fde9b826b 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/test_mock_utils.ts
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/store/policy_list/test_mock_utils.ts
@@ -5,122 +5,84 @@
  */
 
 import { HttpStart } from 'kibana/public';
-import { INGEST_API_PACKAGE_CONFIGS, INGEST_API_EPM_PACKAGES } from './services/ingest';
+import { INGEST_API_EPM_PACKAGES, INGEST_API_PACKAGE_CONFIGS } from './services/ingest';
 import { EndpointDocGenerator } from '../../../../../../common/endpoint/generate_data';
 import { GetPolicyListResponse } from '../../types';
-import {
-  KibanaAssetReference,
-  EsAssetReference,
-  GetPackagesResponse,
-  InstallationStatus,
-} from '../../../../../../../ingest_manager/common';
+import { GetPackagesResponse } from '../../../../../../../ingest_manager/common';
 
 const generator = new EndpointDocGenerator('policy-list');
 
-/**
- * a list of API paths response mock providers
- */
-export const apiPathMockResponseProviders = {
-  [INGEST_API_EPM_PACKAGES]: () =>
-    Promise.resolve<GetPackagesResponse>({
-      response: [
-        {
-          name: 'endpoint',
-          title: 'Elastic Endpoint',
-          version: '0.5.0',
-          description: 'This is the Elastic Endpoint package.',
-          type: 'solution',
-          download: '/epr/endpoint/endpoint-0.5.0.tar.gz',
-          path: '/package/endpoint/0.5.0',
-          icons: [
-            {
-              src: '/package/endpoint/0.5.0/img/logo-endpoint-64-color.svg',
-              size: '16x16',
-              type: 'image/svg+xml',
-            },
-          ],
-          status: 'installed' as InstallationStatus,
-          savedObject: {
-            type: 'epm-packages',
-            id: 'endpoint',
-            attributes: {
-              installed_kibana: [
-                { id: '826759f0-7074-11ea-9bc8-6b38f4d29a16', type: 'dashboard' },
-                { id: '1cfceda0-728b-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
-                { id: '1e525190-7074-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
-                { id: '55387750-729c-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
-                { id: '92b1edc0-706a-11ea-9bc8-6b38f4d29a16', type: 'visualization' },
-                { id: 'a3a3bd10-706b-11ea-9bc8-6b38f4d29a16', type: 'map' },
-              ] as KibanaAssetReference[],
-              installed_es: [
-                { id: 'logs-endpoint.alerts', type: 'index_template' },
-                { id: 'events-endpoint', type: 'index_template' },
-                { id: 'logs-endpoint.events.file', type: 'index_template' },
-                { id: 'logs-endpoint.events.library', type: 'index_template' },
-                { id: 'metrics-endpoint.metadata', type: 'index_template' },
-                { id: 'metrics-endpoint.metadata_mirror', type: 'index_template' },
-                { id: 'logs-endpoint.events.network', type: 'index_template' },
-                { id: 'metrics-endpoint.policy', type: 'index_template' },
-                { id: 'logs-endpoint.events.process', type: 'index_template' },
-                { id: 'logs-endpoint.events.registry', type: 'index_template' },
-                { id: 'logs-endpoint.events.security', type: 'index_template' },
-                { id: 'metrics-endpoint.telemetry', type: 'index_template' },
-              ] as EsAssetReference[],
-              es_index_patterns: {
-                alerts: 'logs-endpoint.alerts-*',
-                events: 'events-endpoint-*',
-                file: 'logs-endpoint.events.file-*',
-                library: 'logs-endpoint.events.library-*',
-                metadata: 'metrics-endpoint.metadata-*',
-                metadata_mirror: 'metrics-endpoint.metadata_mirror-*',
-                network: 'logs-endpoint.events.network-*',
-                policy: 'metrics-endpoint.policy-*',
-                process: 'logs-endpoint.events.process-*',
-                registry: 'logs-endpoint.events.registry-*',
-                security: 'logs-endpoint.events.security-*',
-                telemetry: 'metrics-endpoint.telemetry-*',
-              },
-              name: 'endpoint',
-              version: '0.5.0',
-              internal: false,
-              removable: false,
-            },
-            references: [],
-            updated_at: '2020-06-24T14:41:23.098Z',
-            version: 'Wzc0LDFd',
-          },
-        },
-      ],
-      success: true,
-    }),
-};
-
 /**
  * It sets the mock implementation on the necessary http methods to support the policy list view
  * @param mockedHttpService
- * @param responseItems
+ * @param totalPolicies
  */
 export const setPolicyListApiMockImplementation = (
   mockedHttpService: jest.Mocked<HttpStart>,
-  responseItems: GetPolicyListResponse['items'] = [generator.generatePolicyPackageConfig()]
+  totalPolicies: number = 1
 ): void => {
-  mockedHttpService.get.mockImplementation((...args) => {
+  const policyApiHandlers = policyListApiPathHandlers(totalPolicies);
+
+  mockedHttpService.get.mockImplementation(async (...args) => {
     const [path] = args;
     if (typeof path === 'string') {
-      if (path === INGEST_API_PACKAGE_CONFIGS) {
-        return Promise.resolve<GetPolicyListResponse>({
-          items: responseItems,
-          total: 10,
-          page: 1,
-          perPage: 10,
-          success: true,
-        });
-      }
-
-      if (apiPathMockResponseProviders[path]) {
-        return apiPathMockResponseProviders[path]();
+      if (policyApiHandlers[path]) {
+        return policyApiHandlers[path]();
       }
     }
     return Promise.reject(new Error(`MOCK: unknown policy list api: ${path}`));
   });
 };
+
+/**
+ * Returns the response body for a call to get the list of Policies
+ * @param options
+ */
+export const mockPolicyResultList: (options?: {
+  total?: number;
+  request_page_size?: number;
+  request_page_index?: number;
+}) => GetPolicyListResponse = (options = {}) => {
+  const {
+    total = 1,
+    request_page_size: requestPageSize = 10,
+    request_page_index: requestPageIndex = 0,
+  } = options;
+
+  // Skip any that are before the page we're on
+  const numberToSkip = requestPageSize * requestPageIndex;
+
+  // total - numberToSkip is the count of non-skipped ones, but return no more than a pageSize, and no less than 0
+  const actualCountToReturn = Math.max(Math.min(total - numberToSkip, requestPageSize), 0);
+
+  const policies = [];
+  for (let index = 0; index < actualCountToReturn; index++) {
+    policies.push(generator.generatePolicyPackageConfig());
+  }
+  const mock: GetPolicyListResponse = {
+    items: policies,
+    total,
+    page: requestPageIndex,
+    perPage: requestPageSize,
+    success: true,
+  };
+  return mock;
+};
+
+/**
+ * Returns an object comprised of the API path as the key along with a function that
+ * returns that API's result value
+ */
+export const policyListApiPathHandlers = (totalPolicies: number = 1) => {
+  return {
+    [INGEST_API_PACKAGE_CONFIGS]: () => {
+      return mockPolicyResultList({ total: totalPolicies });
+    },
+    [INGEST_API_EPM_PACKAGES]: (): GetPackagesResponse => {
+      return {
+        response: [generator.generateEpmPackage()],
+        success: true,
+      };
+    },
+  };
+};
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.test.tsx
index 03ab32dcb2b66b..c81ffb0060c888 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.test.tsx
@@ -11,7 +11,7 @@ import { PolicyDetails } from './policy_details';
 import { EndpointDocGenerator } from '../../../../../common/endpoint/generate_data';
 import { AppContextTestRender, createAppRootMockRenderer } from '../../../../common/mock/endpoint';
 import { getPolicyDetailPath, getHostListPath } from '../../../common/routing';
-import { apiPathMockResponseProviders } from '../store/policy_list/test_mock_utils';
+import { policyListApiPathHandlers } from '../store/policy_list/test_mock_utils';
 
 jest.mock('../../../../common/components/link_to');
 
@@ -80,6 +80,8 @@ describe('Policy Details', () => {
       policyPackageConfig = generator.generatePolicyPackageConfig();
       policyPackageConfig.id = '1';
 
+      const policyListApiHandlers = policyListApiPathHandlers();
+
       http.get.mockImplementation((...args) => {
         const [path] = args;
         if (typeof path === 'string') {
@@ -103,9 +105,9 @@ describe('Policy Details', () => {
 
           // Get package data
           // Used in tests that route back to the list
-          if (apiPathMockResponseProviders[path]) {
+          if (policyListApiHandlers[path]) {
             asyncActions = asyncActions.then(async () => sleep());
-            return apiPathMockResponseProviders[path]();
+            return Promise.resolve(policyListApiHandlers[path]());
           }
         }
 
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_list.test.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_list.test.tsx
index e35c97698f5cbf..97eaceff91e9c4 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_list.test.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_list.test.tsx
@@ -5,12 +5,9 @@
  */
 
 import React from 'react';
-import * as reactTestingLibrary from '@testing-library/react';
-
 import { PolicyList } from './index';
-import { mockPolicyResultList } from '../store/policy_list/mock_policy_result_list';
 import { AppContextTestRender, createAppRootMockRenderer } from '../../../../common/mock/endpoint';
-import { AppAction } from '../../../../common/store/actions';
+import { setPolicyListApiMockImplementation } from '../store/policy_list/test_mock_utils';
 
 jest.mock('../../../../common/components/link_to');
 
@@ -18,11 +15,12 @@ jest.mock('../../../../common/components/link_to');
 describe.skip('when on the policies page', () => {
   let render: () => ReturnType<AppContextTestRender['render']>;
   let history: AppContextTestRender['history'];
-  let store: AppContextTestRender['store'];
+  let coreStart: AppContextTestRender['coreStart'];
+  let middlewareSpy: AppContextTestRender['middlewareSpy'];
 
   beforeEach(() => {
     const mockedContext = createAppRootMockRenderer();
-    ({ history, store } = mockedContext);
+    ({ history, coreStart, middlewareSpy } = mockedContext);
     render = () => mockedContext.render(<PolicyList />);
   });
 
@@ -46,34 +44,30 @@ describe.skip('when on the policies page', () => {
 
   describe('when list data loads', () => {
     let firstPolicyID: string;
-    beforeEach(() => {
-      reactTestingLibrary.act(() => {
-        history.push('/policy');
-        reactTestingLibrary.act(() => {
-          const policyListData = mockPolicyResultList({ total: 3 });
-          firstPolicyID = policyListData.items[0].id;
-          const action: AppAction = {
-            type: 'serverReturnedPolicyListData',
-            payload: {
-              policyItems: policyListData.items,
-              total: policyListData.total,
-              pageSize: policyListData.perPage,
-              pageIndex: policyListData.page,
-            },
-          };
-          store.dispatch(action);
-        });
-      });
+    const renderList = async () => {
+      const renderResult = render();
+      history.push('/policy');
+      await Promise.all([
+        middlewareSpy
+          .waitForAction('serverReturnedPolicyListData')
+          .then((action) => (firstPolicyID = action.payload.policyItems[0].id)),
+        // middlewareSpy.waitForAction('serverReturnedAgentConfigListData'),
+      ]);
+      return renderResult;
+    };
+
+    beforeEach(async () => {
+      setPolicyListApiMockImplementation(coreStart.http, 3);
     });
 
     it('should display rows in the table', async () => {
-      const renderResult = render();
+      const renderResult = await renderList();
       const rows = await renderResult.findAllByRole('row');
       expect(rows).toHaveLength(4);
     });
 
     it('should display policy name value as a link', async () => {
-      const renderResult = render();
+      const renderResult = await renderList();
       const policyNameLink = (await renderResult.findAllByTestId('policyNameLink'))[0];
       expect(policyNameLink).not.toBeNull();
       expect(policyNameLink.getAttribute('href')).toContain(`policy/${firstPolicyID}`);

From 111e8758907383baea03ccefc647fc7a2c8c6e7f Mon Sep 17 00:00:00 2001
From: Spencer <email@spalger.com>
Date: Thu, 30 Jul 2020 10:53:44 -0700
Subject: [PATCH 07/11] [kbn/optimizer] restore x-pack bundle banner (#73767)

Co-authored-by: spalger <spalger@users.noreply.github.com>
---
 .../mock_repo/x-pack/baz/kibana.json          |  4 +++
 .../mock_repo/x-pack/baz/public/index.ts      | 21 ++++++++++++
 .../kbn-optimizer/src/common/bundle.test.ts   |  2 ++
 packages/kbn-optimizer/src/common/bundle.ts   | 14 ++++++++
 .../basic_optimization.test.ts.snap           | 32 +++++++++++++++++
 .../basic_optimization.test.ts                | 34 ++++++++++++++-----
 .../src/optimizer/get_plugin_bundles.test.ts  | 23 +++++++++++++
 .../src/optimizer/get_plugin_bundles.ts       |  6 ++++
 .../src/worker/webpack.config.ts              |  1 +
 src/dev/precommit_hook/casing_check_config.js |  1 +
 10 files changed, 129 insertions(+), 9 deletions(-)
 create mode 100644 packages/kbn-optimizer/src/__fixtures__/mock_repo/x-pack/baz/kibana.json
 create mode 100644 packages/kbn-optimizer/src/__fixtures__/mock_repo/x-pack/baz/public/index.ts

diff --git a/packages/kbn-optimizer/src/__fixtures__/mock_repo/x-pack/baz/kibana.json b/packages/kbn-optimizer/src/__fixtures__/mock_repo/x-pack/baz/kibana.json
new file mode 100644
index 00000000000000..10602d2e7981a7
--- /dev/null
+++ b/packages/kbn-optimizer/src/__fixtures__/mock_repo/x-pack/baz/kibana.json
@@ -0,0 +1,4 @@
+{
+  "id": "baz",
+  "ui": true
+}
diff --git a/packages/kbn-optimizer/src/__fixtures__/mock_repo/x-pack/baz/public/index.ts b/packages/kbn-optimizer/src/__fixtures__/mock_repo/x-pack/baz/public/index.ts
new file mode 100644
index 00000000000000..7313de07be04cf
--- /dev/null
+++ b/packages/kbn-optimizer/src/__fixtures__/mock_repo/x-pack/baz/public/index.ts
@@ -0,0 +1,21 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+// eslint-disable-next-line no-console
+console.log('plugin in an x-pack dir');
diff --git a/packages/kbn-optimizer/src/common/bundle.test.ts b/packages/kbn-optimizer/src/common/bundle.test.ts
index 6197a084858548..b8f9b94379f200 100644
--- a/packages/kbn-optimizer/src/common/bundle.test.ts
+++ b/packages/kbn-optimizer/src/common/bundle.test.ts
@@ -48,6 +48,7 @@ it('creates cache keys', () => {
         "/foo/bar/c": 789,
       },
       "spec": Object {
+        "banner": undefined,
         "contextDir": "/foo/bar",
         "id": "bar",
         "manifestPath": undefined,
@@ -80,6 +81,7 @@ it('parses bundles from JSON specs', () => {
   expect(bundles).toMatchInlineSnapshot(`
     Array [
       Bundle {
+        "banner": undefined,
         "cache": BundleCache {
           "path": "/foo/bar/target/.kbn-optimizer-cache",
           "state": undefined,
diff --git a/packages/kbn-optimizer/src/common/bundle.ts b/packages/kbn-optimizer/src/common/bundle.ts
index a354da7a21521f..25b37ace09a8fb 100644
--- a/packages/kbn-optimizer/src/common/bundle.ts
+++ b/packages/kbn-optimizer/src/common/bundle.ts
@@ -43,6 +43,8 @@ export interface BundleSpec {
   readonly sourceRoot: string;
   /** Absolute path to the directory where output should be written */
   readonly outputDir: string;
+  /** Banner that should be written to all bundle JS files */
+  readonly banner?: string;
   /** Absolute path to a kibana.json manifest file, if omitted we assume there are not dependenices */
   readonly manifestPath?: string;
 }
@@ -64,6 +66,8 @@ export class Bundle {
   public readonly sourceRoot: BundleSpec['sourceRoot'];
   /** Absolute path to the output directory for this bundle */
   public readonly outputDir: BundleSpec['outputDir'];
+  /** Banner that should be written to all bundle JS files */
+  public readonly banner: BundleSpec['banner'];
   /**
    * Absolute path to a manifest file with "requiredBundles" which will be
    * used to allow bundleRefs from this bundle to the exports of another bundle.
@@ -81,6 +85,7 @@ export class Bundle {
     this.sourceRoot = spec.sourceRoot;
     this.outputDir = spec.outputDir;
     this.manifestPath = spec.manifestPath;
+    this.banner = spec.banner;
 
     this.cache = new BundleCache(Path.resolve(this.outputDir, '.kbn-optimizer-cache'));
   }
@@ -112,6 +117,7 @@ export class Bundle {
       sourceRoot: this.sourceRoot,
       outputDir: this.outputDir,
       manifestPath: this.manifestPath,
+      banner: this.banner,
     };
   }
 
@@ -220,6 +226,13 @@ export function parseBundles(json: string) {
           }
         }
 
+        const { banner } = spec;
+        if (banner !== undefined) {
+          if (!(typeof banner === 'string')) {
+            throw new Error('`bundles[]` must have a string `banner` property');
+          }
+        }
+
         return new Bundle({
           type,
           id,
@@ -227,6 +240,7 @@ export function parseBundles(json: string) {
           contextDir,
           sourceRoot,
           outputDir,
+          banner,
           manifestPath,
         });
       }
diff --git a/packages/kbn-optimizer/src/integration_tests/__snapshots__/basic_optimization.test.ts.snap b/packages/kbn-optimizer/src/integration_tests/__snapshots__/basic_optimization.test.ts.snap
index 109188e163d06f..5f44d8068e694f 100644
--- a/packages/kbn-optimizer/src/integration_tests/__snapshots__/basic_optimization.test.ts.snap
+++ b/packages/kbn-optimizer/src/integration_tests/__snapshots__/basic_optimization.test.ts.snap
@@ -4,6 +4,7 @@ exports[`builds expected bundles, saves bundle counts to metadata: OptimizerConf
 OptimizerConfig {
   "bundles": Array [
     Bundle {
+      "banner": undefined,
       "cache": BundleCache {
         "path": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/bar/target/public/.kbn-optimizer-cache,
         "state": undefined,
@@ -19,6 +20,7 @@ OptimizerConfig {
       "type": "plugin",
     },
     Bundle {
+      "banner": undefined,
       "cache": BundleCache {
         "path": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/foo/target/public/.kbn-optimizer-cache,
         "state": undefined,
@@ -33,6 +35,24 @@ OptimizerConfig {
       "sourceRoot": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo,
       "type": "plugin",
     },
+    Bundle {
+      "banner": "/*! Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements.
+ * Licensed under the Elastic License; you may not use this file except in compliance with the Elastic License. */
+",
+      "cache": BundleCache {
+        "path": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/x-pack/baz/target/public/.kbn-optimizer-cache,
+        "state": undefined,
+      },
+      "contextDir": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/x-pack/baz,
+      "id": "baz",
+      "manifestPath": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/x-pack/baz/kibana.json,
+      "outputDir": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/x-pack/baz/target/public,
+      "publicDirNames": Array [
+        "public",
+      ],
+      "sourceRoot": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo,
+      "type": "plugin",
+    },
   ],
   "cache": true,
   "dist": false,
@@ -60,6 +80,13 @@ OptimizerConfig {
       "isUiPlugin": false,
       "manifestPath": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/nested/baz/kibana.json,
     },
+    Object {
+      "directory": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/x-pack/baz,
+      "extraPublicDirs": Array [],
+      "id": "baz",
+      "isUiPlugin": true,
+      "manifestPath": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/x-pack/baz/kibana.json,
+    },
   ],
   "profileWebpack": false,
   "repoRoot": <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo,
@@ -73,6 +100,11 @@ OptimizerConfig {
 
 exports[`prepares assets for distribution: bar bundle 1`] = `"(function(modules){var installedModules={};function __webpack_require__(moduleId){if(installedModules[moduleId]){return installedModules[moduleId].exports}var module=installedModules[moduleId]={i:moduleId,l:false,exports:{}};modules[moduleId].call(module.exports,module,module.exports,__webpack_require__);module.l=true;return module.exports}__webpack_require__.m=modules;__webpack_require__.c=installedModules;__webpack_require__.d=function(exports,name,getter){if(!__webpack_require__.o(exports,name)){Object.defineProperty(exports,name,{enumerable:true,get:getter})}};__webpack_require__.r=function(exports){if(typeof Symbol!==\\"undefined\\"&&Symbol.toStringTag){Object.defineProperty(exports,Symbol.toStringTag,{value:\\"Module\\"})}Object.defineProperty(exports,\\"__esModule\\",{value:true})};__webpack_require__.t=function(value,mode){if(mode&1)value=__webpack_require__(value);if(mode&8)return value;if(mode&4&&typeof value===\\"object\\"&&value&&value.__esModule)return value;var ns=Object.create(null);__webpack_require__.r(ns);Object.defineProperty(ns,\\"default\\",{enumerable:true,value:value});if(mode&2&&typeof value!=\\"string\\")for(var key in value)__webpack_require__.d(ns,key,function(key){return value[key]}.bind(null,key));return ns};__webpack_require__.n=function(module){var getter=module&&module.__esModule?function getDefault(){return module[\\"default\\"]}:function getModuleExports(){return module};__webpack_require__.d(getter,\\"a\\",getter);return getter};__webpack_require__.o=function(object,property){return Object.prototype.hasOwnProperty.call(object,property)};__webpack_require__.p=\\"\\";return __webpack_require__(__webpack_require__.s=5)})([function(module,exports,__webpack_require__){\\"use strict\\";var isOldIE=function isOldIE(){var memo;return function memorize(){if(typeof memo===\\"undefined\\"){memo=Boolean(window&&document&&document.all&&!window.atob)}return memo}}();var getTarget=function getTarget(){var memo={};return function memorize(target){if(typeof memo[target]===\\"undefined\\"){var styleTarget=document.querySelector(target);if(window.HTMLIFrameElement&&styleTarget instanceof window.HTMLIFrameElement){try{styleTarget=styleTarget.contentDocument.head}catch(e){styleTarget=null}}memo[target]=styleTarget}return memo[target]}}();var stylesInDom=[];function getIndexByIdentifier(identifier){var result=-1;for(var i=0;i<stylesInDom.length;i++){if(stylesInDom[i].identifier===identifier){result=i;break}}return result}function modulesToDom(list,options){var idCountMap={};var identifiers=[];for(var i=0;i<list.length;i++){var item=list[i];var id=options.base?item[0]+options.base:item[0];var count=idCountMap[id]||0;var identifier=\\"\\".concat(id,\\" \\").concat(count);idCountMap[id]=count+1;var index=getIndexByIdentifier(identifier);var obj={css:item[1],media:item[2],sourceMap:item[3]};if(index!==-1){stylesInDom[index].references++;stylesInDom[index].updater(obj)}else{stylesInDom.push({identifier:identifier,updater:addStyle(obj,options),references:1})}identifiers.push(identifier)}return identifiers}function insertStyleElement(options){var style=document.createElement(\\"style\\");var attributes=options.attributes||{};if(typeof attributes.nonce===\\"undefined\\"){var nonce=true?__webpack_require__.nc:undefined;if(nonce){attributes.nonce=nonce}}Object.keys(attributes).forEach((function(key){style.setAttribute(key,attributes[key])}));if(typeof options.insert===\\"function\\"){options.insert(style)}else{var target=getTarget(options.insert||\\"head\\");if(!target){throw new Error(\\"Couldn't find a style target. This probably means that the value for the 'insert' parameter is invalid.\\")}target.appendChild(style)}return style}function removeStyleElement(style){if(style.parentNode===null){return false}style.parentNode.removeChild(style)}var replaceText=function replaceText(){var textStore=[];return function replace(index,replacement){textStore[index]=replacement;return textStore.filter(Boolean).join(\\"\\\\n\\")}}();function applyToSingletonTag(style,index,remove,obj){var css=remove?\\"\\":obj.media?\\"@media \\".concat(obj.media,\\" {\\").concat(obj.css,\\"}\\"):obj.css;if(style.styleSheet){style.styleSheet.cssText=replaceText(index,css)}else{var cssNode=document.createTextNode(css);var childNodes=style.childNodes;if(childNodes[index]){style.removeChild(childNodes[index])}if(childNodes.length){style.insertBefore(cssNode,childNodes[index])}else{style.appendChild(cssNode)}}}function applyToTag(style,options,obj){var css=obj.css;var media=obj.media;var sourceMap=obj.sourceMap;if(media){style.setAttribute(\\"media\\",media)}else{style.removeAttribute(\\"media\\")}if(sourceMap&&btoa){css+=\\"\\\\n/*# sourceMappingURL=data:application/json;base64,\\".concat(btoa(unescape(encodeURIComponent(JSON.stringify(sourceMap)))),\\" */\\")}if(style.styleSheet){style.styleSheet.cssText=css}else{while(style.firstChild){style.removeChild(style.firstChild)}style.appendChild(document.createTextNode(css))}}var singleton=null;var singletonCounter=0;function addStyle(obj,options){var style;var update;var remove;if(options.singleton){var styleIndex=singletonCounter++;style=singleton||(singleton=insertStyleElement(options));update=applyToSingletonTag.bind(null,style,styleIndex,false);remove=applyToSingletonTag.bind(null,style,styleIndex,true)}else{style=insertStyleElement(options);update=applyToTag.bind(null,style,options);remove=function remove(){removeStyleElement(style)}}update(obj);return function updateStyle(newObj){if(newObj){if(newObj.css===obj.css&&newObj.media===obj.media&&newObj.sourceMap===obj.sourceMap){return}update(obj=newObj)}else{remove()}}}module.exports=function(list,options){options=options||{};if(!options.singleton&&typeof options.singleton!==\\"boolean\\"){options.singleton=isOldIE()}list=list||[];var lastIdentifiers=modulesToDom(list,options);return function update(newList){newList=newList||[];if(Object.prototype.toString.call(newList)!==\\"[object Array]\\"){return}for(var i=0;i<lastIdentifiers.length;i++){var identifier=lastIdentifiers[i];var index=getIndexByIdentifier(identifier);stylesInDom[index].references--}var newLastIdentifiers=modulesToDom(newList,options);for(var _i=0;_i<lastIdentifiers.length;_i++){var _identifier=lastIdentifiers[_i];var _index=getIndexByIdentifier(_identifier);if(stylesInDom[_index].references===0){stylesInDom[_index].updater();stylesInDom.splice(_index,1)}}lastIdentifiers=newLastIdentifiers}}},function(module,exports,__webpack_require__){\\"use strict\\";module.exports=function(useSourceMap){var list=[];list.toString=function toString(){return this.map((function(item){var content=cssWithMappingToString(item,useSourceMap);if(item[2]){return\\"@media \\".concat(item[2],\\" {\\").concat(content,\\"}\\")}return content})).join(\\"\\")};list.i=function(modules,mediaQuery,dedupe){if(typeof modules===\\"string\\"){modules=[[null,modules,\\"\\"]]}var alreadyImportedModules={};if(dedupe){for(var i=0;i<this.length;i++){var id=this[i][0];if(id!=null){alreadyImportedModules[id]=true}}}for(var _i=0;_i<modules.length;_i++){var item=[].concat(modules[_i]);if(dedupe&&alreadyImportedModules[item[0]]){continue}if(mediaQuery){if(!item[2]){item[2]=mediaQuery}else{item[2]=\\"\\".concat(mediaQuery,\\" and \\").concat(item[2])}}list.push(item)}};return list};function cssWithMappingToString(item,useSourceMap){var content=item[1]||\\"\\";var cssMapping=item[3];if(!cssMapping){return content}if(useSourceMap&&typeof btoa===\\"function\\"){var sourceMapping=toComment(cssMapping);var sourceURLs=cssMapping.sources.map((function(source){return\\"/*# sourceURL=\\".concat(cssMapping.sourceRoot||\\"\\").concat(source,\\" */\\")}));return[content].concat(sourceURLs).concat([sourceMapping]).join(\\"\\\\n\\")}return[content].join(\\"\\\\n\\")}function toComment(sourceMap){var base64=btoa(unescape(encodeURIComponent(JSON.stringify(sourceMap))));var data=\\"sourceMappingURL=data:application/json;charset=utf-8;base64,\\".concat(base64);return\\"/*# \\".concat(data,\\" */\\")}},function(module,exports,__webpack_require__){\\"use strict\\";module.exports=function(url,options){if(!options){options={}}url=url&&url.__esModule?url.default:url;if(typeof url!==\\"string\\"){return url}if(/^['\\"].*['\\"]$/.test(url)){url=url.slice(1,-1)}if(options.hash){url+=options.hash}if(/[\\"'() \\\\t\\\\n]/.test(url)||options.needQuotes){return'\\"'.concat(url.replace(/\\"/g,'\\\\\\\\\\"').replace(/\\\\n/g,\\"\\\\\\\\n\\"),'\\"')}return url}},function(module,exports){module.exports=\\"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxMDAiIGhlaWdodD0iMTAwIiB2ZXJzaW9uPSIxLjEiPjxjaXJjbGUgY3g9IjUwIiBjeT0iNTAiIHI9IjI1Ii8+PC9zdmc+\\"},function(module,__webpack_exports__,__webpack_require__){__webpack_require__.r(__webpack_exports__);var ns=__kbnBundles__.get(\\"plugin/foo/public\\");Object.defineProperties(__webpack_exports__,Object.getOwnPropertyDescriptors(ns))},function(module,__webpack_exports__,__webpack_require__){\\"use strict\\";__webpack_require__.r(__webpack_exports__);var _node_modules_val_loader_dist_cjs_js_key_bar_kbn_ui_shared_deps_public_path_module_creator_js__WEBPACK_IMPORTED_MODULE_0__=__webpack_require__(6);var _node_modules_val_loader_dist_cjs_js_key_bar_kbn_ui_shared_deps_public_path_module_creator_js__WEBPACK_IMPORTED_MODULE_0___default=__webpack_require__.n(_node_modules_val_loader_dist_cjs_js_key_bar_kbn_ui_shared_deps_public_path_module_creator_js__WEBPACK_IMPORTED_MODULE_0__);__kbnBundles__.define(\\"plugin/bar/public\\",__webpack_require__,25)},function(module,exports,__webpack_require__){__webpack_require__.p=window.__kbnPublicPath__[\\"bar\\"]},function(module,exports,__webpack_require__){switch(window.__kbnThemeTag__){case\\"v7dark\\":return __webpack_require__(8);case\\"v7light\\":return __webpack_require__(10);case\\"v8dark\\":return __webpack_require__(12);case\\"v8light\\":return __webpack_require__(14)}},function(module,exports,__webpack_require__){var api=__webpack_require__(0);var content=__webpack_require__(9);content=content.__esModule?content.default:content;if(typeof content===\\"string\\"){content=[[module.i,content,\\"\\"]]}var options={};options.insert=\\"head\\";options.singleton=false;var update=api(content,options);var exported=content.locals?content.locals:{};module.exports=exported},function(module,exports,__webpack_require__){var ___CSS_LOADER_API_IMPORT___=__webpack_require__(1);var ___CSS_LOADER_GET_URL_IMPORT___=__webpack_require__(2);var ___CSS_LOADER_URL_IMPORT_0___=__webpack_require__(3);exports=___CSS_LOADER_API_IMPORT___(false);var ___CSS_LOADER_URL_REPLACEMENT_0___=___CSS_LOADER_GET_URL_IMPORT___(___CSS_LOADER_URL_IMPORT_0___);exports.push([module.i,\\"p {\\\\n  background-color: rebeccapurple; }\\\\n\\\\nbody {\\\\n  width: 10;\\\\n  background-image: url(\\"+___CSS_LOADER_URL_REPLACEMENT_0___+\\"); }\\\\n\\",\\"\\"]);module.exports=exports},function(module,exports,__webpack_require__){var api=__webpack_require__(0);var content=__webpack_require__(11);content=content.__esModule?content.default:content;if(typeof content===\\"string\\"){content=[[module.i,content,\\"\\"]]}var options={};options.insert=\\"head\\";options.singleton=false;var update=api(content,options);var exported=content.locals?content.locals:{};module.exports=exported},function(module,exports,__webpack_require__){var ___CSS_LOADER_API_IMPORT___=__webpack_require__(1);var ___CSS_LOADER_GET_URL_IMPORT___=__webpack_require__(2);var ___CSS_LOADER_URL_IMPORT_0___=__webpack_require__(3);exports=___CSS_LOADER_API_IMPORT___(false);var ___CSS_LOADER_URL_REPLACEMENT_0___=___CSS_LOADER_GET_URL_IMPORT___(___CSS_LOADER_URL_IMPORT_0___);exports.push([module.i,\\"p {\\\\n  background-color: rebeccapurple; }\\\\n\\\\nbody {\\\\n  width: 11;\\\\n  background-image: url(\\"+___CSS_LOADER_URL_REPLACEMENT_0___+\\"); }\\\\n\\",\\"\\"]);module.exports=exports},function(module,exports,__webpack_require__){var api=__webpack_require__(0);var content=__webpack_require__(13);content=content.__esModule?content.default:content;if(typeof content===\\"string\\"){content=[[module.i,content,\\"\\"]]}var options={};options.insert=\\"head\\";options.singleton=false;var update=api(content,options);var exported=content.locals?content.locals:{};module.exports=exported},function(module,exports,__webpack_require__){var ___CSS_LOADER_API_IMPORT___=__webpack_require__(1);var ___CSS_LOADER_GET_URL_IMPORT___=__webpack_require__(2);var ___CSS_LOADER_URL_IMPORT_0___=__webpack_require__(3);exports=___CSS_LOADER_API_IMPORT___(false);var ___CSS_LOADER_URL_REPLACEMENT_0___=___CSS_LOADER_GET_URL_IMPORT___(___CSS_LOADER_URL_IMPORT_0___);exports.push([module.i,\\"p {\\\\n  background-color: rebeccapurple; }\\\\n\\\\nbody {\\\\n  width: 12;\\\\n  background-image: url(\\"+___CSS_LOADER_URL_REPLACEMENT_0___+\\"); }\\\\n\\",\\"\\"]);module.exports=exports},function(module,exports,__webpack_require__){var api=__webpack_require__(0);var content=__webpack_require__(15);content=content.__esModule?content.default:content;if(typeof content===\\"string\\"){content=[[module.i,content,\\"\\"]]}var options={};options.insert=\\"head\\";options.singleton=false;var update=api(content,options);var exported=content.locals?content.locals:{};module.exports=exported},function(module,exports,__webpack_require__){var ___CSS_LOADER_API_IMPORT___=__webpack_require__(1);var ___CSS_LOADER_GET_URL_IMPORT___=__webpack_require__(2);var ___CSS_LOADER_URL_IMPORT_0___=__webpack_require__(3);exports=___CSS_LOADER_API_IMPORT___(false);var ___CSS_LOADER_URL_REPLACEMENT_0___=___CSS_LOADER_GET_URL_IMPORT___(___CSS_LOADER_URL_IMPORT_0___);exports.push([module.i,\\"p {\\\\n  background-color: rebeccapurple; }\\\\n\\\\nbody {\\\\n  width: 13;\\\\n  background-image: url(\\"+___CSS_LOADER_URL_REPLACEMENT_0___+\\"); }\\\\n\\",\\"\\"]);module.exports=exports},function(module,exports,__webpack_require__){switch(window.__kbnThemeTag__){case\\"v7dark\\":return __webpack_require__(17);case\\"v7light\\":return __webpack_require__(19);case\\"v8dark\\":return __webpack_require__(21);case\\"v8light\\":return __webpack_require__(23)}},function(module,exports,__webpack_require__){var api=__webpack_require__(0);var content=__webpack_require__(18);content=content.__esModule?content.default:content;if(typeof content===\\"string\\"){content=[[module.i,content,\\"\\"]]}var options={};options.insert=\\"head\\";options.singleton=false;var update=api(content,options);var exported=content.locals?content.locals:{};module.exports=exported},function(module,exports,__webpack_require__){var ___CSS_LOADER_API_IMPORT___=__webpack_require__(1);exports=___CSS_LOADER_API_IMPORT___(false);exports.push([module.i,\\"body {\\\\n  color: green; }\\\\n\\",\\"\\"]);module.exports=exports},function(module,exports,__webpack_require__){var api=__webpack_require__(0);var content=__webpack_require__(20);content=content.__esModule?content.default:content;if(typeof content===\\"string\\"){content=[[module.i,content,\\"\\"]]}var options={};options.insert=\\"head\\";options.singleton=false;var update=api(content,options);var exported=content.locals?content.locals:{};module.exports=exported},function(module,exports,__webpack_require__){var ___CSS_LOADER_API_IMPORT___=__webpack_require__(1);exports=___CSS_LOADER_API_IMPORT___(false);exports.push([module.i,\\"body {\\\\n  color: green; }\\\\n\\",\\"\\"]);module.exports=exports},function(module,exports,__webpack_require__){var api=__webpack_require__(0);var content=__webpack_require__(22);content=content.__esModule?content.default:content;if(typeof content===\\"string\\"){content=[[module.i,content,\\"\\"]]}var options={};options.insert=\\"head\\";options.singleton=false;var update=api(content,options);var exported=content.locals?content.locals:{};module.exports=exported},function(module,exports,__webpack_require__){var ___CSS_LOADER_API_IMPORT___=__webpack_require__(1);exports=___CSS_LOADER_API_IMPORT___(false);exports.push([module.i,\\"body {\\\\n  color: green; }\\\\n\\",\\"\\"]);module.exports=exports},function(module,exports,__webpack_require__){var api=__webpack_require__(0);var content=__webpack_require__(24);content=content.__esModule?content.default:content;if(typeof content===\\"string\\"){content=[[module.i,content,\\"\\"]]}var options={};options.insert=\\"head\\";options.singleton=false;var update=api(content,options);var exported=content.locals?content.locals:{};module.exports=exported},function(module,exports,__webpack_require__){var ___CSS_LOADER_API_IMPORT___=__webpack_require__(1);exports=___CSS_LOADER_API_IMPORT___(false);exports.push([module.i,\\"body {\\\\n  color: green; }\\\\n\\",\\"\\"]);module.exports=exports},function(module,__webpack_exports__,__webpack_require__){\\"use strict\\";__webpack_require__.r(__webpack_exports__);var styles=__webpack_require__(7);var public_0=__webpack_require__(16);var public_=__webpack_require__(4);function barLibFn(){return\\"bar\\"}__webpack_require__.d(__webpack_exports__,\\"barLibFn\\",(function(){return barLibFn}));__webpack_require__.d(__webpack_exports__,\\"fooLibFn\\",(function(){return public_[\\"fooLibFn\\"]}))}]);"`;
 
+exports[`prepares assets for distribution: baz bundle 1`] = `
+"/*! Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements.
+ * Licensed under the Elastic License; you may not use this file except in compliance with the Elastic License. */(function(modules){var installedModules={};function __webpack_require__(moduleId){if(installedModules[moduleId]){return installedModules[moduleId].exports}var module=installedModules[moduleId]={i:moduleId,l:false,exports:{}};modules[moduleId].call(module.exports,module,module.exports,__webpack_require__);module.l=true;return module.exports}__webpack_require__.m=modules;__webpack_require__.c=installedModules;__webpack_require__.d=function(exports,name,getter){if(!__webpack_require__.o(exports,name)){Object.defineProperty(exports,name,{enumerable:true,get:getter})}};__webpack_require__.r=function(exports){if(typeof Symbol!==\\"undefined\\"&&Symbol.toStringTag){Object.defineProperty(exports,Symbol.toStringTag,{value:\\"Module\\"})}Object.defineProperty(exports,\\"__esModule\\",{value:true})};__webpack_require__.t=function(value,mode){if(mode&1)value=__webpack_require__(value);if(mode&8)return value;if(mode&4&&typeof value===\\"object\\"&&value&&value.__esModule)return value;var ns=Object.create(null);__webpack_require__.r(ns);Object.defineProperty(ns,\\"default\\",{enumerable:true,value:value});if(mode&2&&typeof value!=\\"string\\")for(var key in value)__webpack_require__.d(ns,key,function(key){return value[key]}.bind(null,key));return ns};__webpack_require__.n=function(module){var getter=module&&module.__esModule?function getDefault(){return module[\\"default\\"]}:function getModuleExports(){return module};__webpack_require__.d(getter,\\"a\\",getter);return getter};__webpack_require__.o=function(object,property){return Object.prototype.hasOwnProperty.call(object,property)};__webpack_require__.p=\\"\\";return __webpack_require__(__webpack_require__.s=0)})([function(module,__webpack_exports__,__webpack_require__){\\"use strict\\";__webpack_require__.r(__webpack_exports__);var _node_modules_val_loader_dist_cjs_js_key_baz_kbn_ui_shared_deps_public_path_module_creator_js__WEBPACK_IMPORTED_MODULE_0__=__webpack_require__(1);var _node_modules_val_loader_dist_cjs_js_key_baz_kbn_ui_shared_deps_public_path_module_creator_js__WEBPACK_IMPORTED_MODULE_0___default=__webpack_require__.n(_node_modules_val_loader_dist_cjs_js_key_baz_kbn_ui_shared_deps_public_path_module_creator_js__WEBPACK_IMPORTED_MODULE_0__);__kbnBundles__.define(\\"plugin/baz/public\\",__webpack_require__,2)},function(module,exports,__webpack_require__){__webpack_require__.p=window.__kbnPublicPath__[\\"baz\\"]},function(module,exports){console.log(\\"plugin in an x-pack dir\\")}]);"
+`;
+
 exports[`prepares assets for distribution: foo async bundle 1`] = `"(window[\\"foo_bundle_jsonpfunction\\"]=window[\\"foo_bundle_jsonpfunction\\"]||[]).push([[1],{3:function(module,__webpack_exports__,__webpack_require__){\\"use strict\\";__webpack_require__.r(__webpack_exports__);__webpack_require__.d(__webpack_exports__,\\"foo\\",(function(){return foo}));function foo(){}}}]);"`;
 
 exports[`prepares assets for distribution: foo bundle 1`] = `"(function(modules){function webpackJsonpCallback(data){var chunkIds=data[0];var moreModules=data[1];var moduleId,chunkId,i=0,resolves=[];for(;i<chunkIds.length;i++){chunkId=chunkIds[i];if(Object.prototype.hasOwnProperty.call(installedChunks,chunkId)&&installedChunks[chunkId]){resolves.push(installedChunks[chunkId][0])}installedChunks[chunkId]=0}for(moduleId in moreModules){if(Object.prototype.hasOwnProperty.call(moreModules,moduleId)){modules[moduleId]=moreModules[moduleId]}}if(parentJsonpFunction)parentJsonpFunction(data);while(resolves.length){resolves.shift()()}}var installedModules={};var installedChunks={0:0};function jsonpScriptSrc(chunkId){return __webpack_require__.p+\\"foo.chunk.\\"+chunkId+\\".js\\"}function __webpack_require__(moduleId){if(installedModules[moduleId]){return installedModules[moduleId].exports}var module=installedModules[moduleId]={i:moduleId,l:false,exports:{}};modules[moduleId].call(module.exports,module,module.exports,__webpack_require__);module.l=true;return module.exports}__webpack_require__.e=function requireEnsure(chunkId){var promises=[];var installedChunkData=installedChunks[chunkId];if(installedChunkData!==0){if(installedChunkData){promises.push(installedChunkData[2])}else{var promise=new Promise((function(resolve,reject){installedChunkData=installedChunks[chunkId]=[resolve,reject]}));promises.push(installedChunkData[2]=promise);var script=document.createElement(\\"script\\");var onScriptComplete;script.charset=\\"utf-8\\";script.timeout=120;if(__webpack_require__.nc){script.setAttribute(\\"nonce\\",__webpack_require__.nc)}script.src=jsonpScriptSrc(chunkId);var error=new Error;onScriptComplete=function(event){script.onerror=script.onload=null;clearTimeout(timeout);var chunk=installedChunks[chunkId];if(chunk!==0){if(chunk){var errorType=event&&(event.type===\\"load\\"?\\"missing\\":event.type);var realSrc=event&&event.target&&event.target.src;error.message=\\"Loading chunk \\"+chunkId+\\" failed.\\\\n(\\"+errorType+\\": \\"+realSrc+\\")\\";error.name=\\"ChunkLoadError\\";error.type=errorType;error.request=realSrc;chunk[1](error)}installedChunks[chunkId]=undefined}};var timeout=setTimeout((function(){onScriptComplete({type:\\"timeout\\",target:script})}),12e4);script.onerror=script.onload=onScriptComplete;document.head.appendChild(script)}}return Promise.all(promises)};__webpack_require__.m=modules;__webpack_require__.c=installedModules;__webpack_require__.d=function(exports,name,getter){if(!__webpack_require__.o(exports,name)){Object.defineProperty(exports,name,{enumerable:true,get:getter})}};__webpack_require__.r=function(exports){if(typeof Symbol!==\\"undefined\\"&&Symbol.toStringTag){Object.defineProperty(exports,Symbol.toStringTag,{value:\\"Module\\"})}Object.defineProperty(exports,\\"__esModule\\",{value:true})};__webpack_require__.t=function(value,mode){if(mode&1)value=__webpack_require__(value);if(mode&8)return value;if(mode&4&&typeof value===\\"object\\"&&value&&value.__esModule)return value;var ns=Object.create(null);__webpack_require__.r(ns);Object.defineProperty(ns,\\"default\\",{enumerable:true,value:value});if(mode&2&&typeof value!=\\"string\\")for(var key in value)__webpack_require__.d(ns,key,function(key){return value[key]}.bind(null,key));return ns};__webpack_require__.n=function(module){var getter=module&&module.__esModule?function getDefault(){return module[\\"default\\"]}:function getModuleExports(){return module};__webpack_require__.d(getter,\\"a\\",getter);return getter};__webpack_require__.o=function(object,property){return Object.prototype.hasOwnProperty.call(object,property)};__webpack_require__.p=\\"\\";__webpack_require__.oe=function(err){console.error(err);throw err};var jsonpArray=window[\\"foo_bundle_jsonpfunction\\"]=window[\\"foo_bundle_jsonpfunction\\"]||[];var oldJsonpFunction=jsonpArray.push.bind(jsonpArray);jsonpArray.push=webpackJsonpCallback;jsonpArray=jsonpArray.slice();for(var i=0;i<jsonpArray.length;i++)webpackJsonpCallback(jsonpArray[i]);var parentJsonpFunction=oldJsonpFunction;return __webpack_require__(__webpack_require__.s=0)})([function(module,__webpack_exports__,__webpack_require__){\\"use strict\\";__webpack_require__.r(__webpack_exports__);var _node_modules_val_loader_dist_cjs_js_key_foo_kbn_ui_shared_deps_public_path_module_creator_js__WEBPACK_IMPORTED_MODULE_0__=__webpack_require__(1);var _node_modules_val_loader_dist_cjs_js_key_foo_kbn_ui_shared_deps_public_path_module_creator_js__WEBPACK_IMPORTED_MODULE_0___default=__webpack_require__.n(_node_modules_val_loader_dist_cjs_js_key_foo_kbn_ui_shared_deps_public_path_module_creator_js__WEBPACK_IMPORTED_MODULE_0__);__kbnBundles__.define(\\"plugin/foo/public\\",__webpack_require__,2)},function(module,exports,__webpack_require__){__webpack_require__.p=window.__kbnPublicPath__[\\"foo\\"]},function(module,__webpack_exports__,__webpack_require__){\\"use strict\\";__webpack_require__.r(__webpack_exports__);function fooLibFn(){return\\"foo\\"}var ext=\\"TRUE\\";__webpack_require__.d(__webpack_exports__,\\"getFoo\\",(function(){return getFoo}));__webpack_require__.d(__webpack_exports__,\\"fooLibFn\\",(function(){return fooLibFn}));__webpack_require__.d(__webpack_exports__,\\"ext\\",(function(){return ext}));function asyncGeneratorStep(gen,resolve,reject,_next,_throw,key,arg){try{var info=gen[key](arg);var value=info.value}catch(error){reject(error);return}if(info.done){resolve(value)}else{Promise.resolve(value).then(_next,_throw)}}function _asyncToGenerator(fn){return function(){var self=this,args=arguments;return new Promise((function(resolve,reject){var gen=fn.apply(self,args);function _next(value){asyncGeneratorStep(gen,resolve,reject,_next,_throw,\\"next\\",value)}function _throw(err){asyncGeneratorStep(gen,resolve,reject,_next,_throw,\\"throw\\",err)}_next(undefined)}))}}function getFoo(){return _getFoo.apply(this,arguments)}function _getFoo(){_getFoo=_asyncToGenerator(regeneratorRuntime.mark((function _callee(){return regeneratorRuntime.wrap((function _callee$(_context){while(1){switch(_context.prev=_context.next){case 0:_context.next=2;return __webpack_require__.e(1).then(__webpack_require__.bind(null,3));case 2:return _context.abrupt(\\"return\\",_context.sent);case 3:case\\"end\\":return _context.stop()}}}),_callee)})));return _getFoo.apply(this,arguments)}}]);"`;
diff --git a/packages/kbn-optimizer/src/integration_tests/basic_optimization.test.ts b/packages/kbn-optimizer/src/integration_tests/basic_optimization.test.ts
index 716dd5e3edbc1b..2d0d60da1e4a06 100644
--- a/packages/kbn-optimizer/src/integration_tests/basic_optimization.test.ts
+++ b/packages/kbn-optimizer/src/integration_tests/basic_optimization.test.ts
@@ -66,7 +66,7 @@ afterAll(async () => {
 it('builds expected bundles, saves bundle counts to metadata', async () => {
   const config = OptimizerConfig.create({
     repoRoot: MOCK_REPO_DIR,
-    pluginScanDirs: [Path.resolve(MOCK_REPO_DIR, 'plugins')],
+    pluginScanDirs: [Path.resolve(MOCK_REPO_DIR, 'plugins'), Path.resolve(MOCK_REPO_DIR, 'x-pack')],
     maxWorkerCount: 1,
     dist: false,
   });
@@ -100,7 +100,7 @@ it('builds expected bundles, saves bundle counts to metadata', async () => {
       (msg.event?.type === 'bundle cached' || msg.event?.type === 'bundle not cached') &&
       msg.state.phase === 'initializing'
   );
-  assert('produce two bundle cache events while initializing', bundleCacheStates.length === 2);
+  assert('produce three bundle cache events while initializing', bundleCacheStates.length === 3);
 
   const initializedStates = msgs.filter((msg) => msg.state.phase === 'initialized');
   assert('produce at least one initialized event', initializedStates.length >= 1);
@@ -110,17 +110,17 @@ it('builds expected bundles, saves bundle counts to metadata', async () => {
 
   const runningStates = msgs.filter((msg) => msg.state.phase === 'running');
   assert(
-    'produce two or three "running" states',
-    runningStates.length === 2 || runningStates.length === 3
+    'produce three to five "running" states',
+    runningStates.length >= 3 && runningStates.length <= 5
   );
 
   const bundleNotCachedEvents = msgs.filter((msg) => msg.event?.type === 'bundle not cached');
-  assert('produce two "bundle not cached" events', bundleNotCachedEvents.length === 2);
+  assert('produce three "bundle not cached" events', bundleNotCachedEvents.length === 3);
 
   const successStates = msgs.filter((msg) => msg.state.phase === 'success');
   assert(
-    'produce one or two "compiler success" states',
-    successStates.length === 1 || successStates.length === 2
+    'produce one to three "compiler success" states',
+    successStates.length >= 1 && successStates.length <= 3
   );
 
   const otherStates = msgs.filter(
@@ -175,12 +175,26 @@ it('builds expected bundles, saves bundle counts to metadata', async () => {
       <absolute path>/packages/kbn-ui-shared-deps/public_path_module_creator.js,
     ]
   `);
+
+  const baz = config.bundles.find((b) => b.id === 'baz')!;
+  expect(baz).toBeTruthy();
+  baz.cache.refresh();
+  expect(baz.cache.getModuleCount()).toBe(3);
+
+  expect(baz.cache.getReferencedFiles()).toMatchInlineSnapshot(`
+    Array [
+      <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/x-pack/baz/kibana.json,
+      <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/x-pack/baz/public/index.ts,
+      <absolute path>/packages/kbn-optimizer/target/worker/entry_point_creator.js,
+      <absolute path>/packages/kbn-ui-shared-deps/public_path_module_creator.js,
+    ]
+  `);
 });
 
 it('uses cache on second run and exist cleanly', async () => {
   const config = OptimizerConfig.create({
     repoRoot: MOCK_REPO_DIR,
-    pluginScanDirs: [Path.resolve(MOCK_REPO_DIR, 'plugins')],
+    pluginScanDirs: [Path.resolve(MOCK_REPO_DIR, 'plugins'), Path.resolve(MOCK_REPO_DIR, 'x-pack')],
     maxWorkerCount: 1,
     dist: false,
   });
@@ -202,6 +216,7 @@ it('uses cache on second run and exist cleanly', async () => {
       "initializing",
       "initializing",
       "initializing",
+      "initializing",
       "initialized",
       "success",
     ]
@@ -211,7 +226,7 @@ it('uses cache on second run and exist cleanly', async () => {
 it('prepares assets for distribution', async () => {
   const config = OptimizerConfig.create({
     repoRoot: MOCK_REPO_DIR,
-    pluginScanDirs: [Path.resolve(MOCK_REPO_DIR, 'plugins')],
+    pluginScanDirs: [Path.resolve(MOCK_REPO_DIR, 'plugins'), Path.resolve(MOCK_REPO_DIR, 'x-pack')],
     maxWorkerCount: 1,
     dist: true,
   });
@@ -224,6 +239,7 @@ it('prepares assets for distribution', async () => {
     'foo async bundle'
   );
   expectFileMatchesSnapshotWithCompression('plugins/bar/target/public/bar.plugin.js', 'bar bundle');
+  expectFileMatchesSnapshotWithCompression('x-pack/baz/target/public/baz.plugin.js', 'baz bundle');
 });
 
 /**
diff --git a/packages/kbn-optimizer/src/optimizer/get_plugin_bundles.test.ts b/packages/kbn-optimizer/src/optimizer/get_plugin_bundles.test.ts
index a70cfc759dd55b..a823f66cf767b8 100644
--- a/packages/kbn-optimizer/src/optimizer/get_plugin_bundles.test.ts
+++ b/packages/kbn-optimizer/src/optimizer/get_plugin_bundles.test.ts
@@ -48,12 +48,20 @@ it('returns a bundle for core and each plugin', () => {
           extraPublicDirs: [],
           manifestPath: '/outside/of/repo/plugins/baz/kibana.json',
         },
+        {
+          directory: '/repo/x-pack/plugins/box',
+          id: 'box',
+          isUiPlugin: true,
+          extraPublicDirs: [],
+          manifestPath: '/repo/x-pack/plugins/box/kibana.json',
+        },
       ],
       '/repo'
     ).map((b) => b.toSpec())
   ).toMatchInlineSnapshot(`
     Array [
       Object {
+        "banner": undefined,
         "contextDir": <absolute path>/plugins/foo,
         "id": "foo",
         "manifestPath": <absolute path>/plugins/foo/kibana.json,
@@ -65,6 +73,7 @@ it('returns a bundle for core and each plugin', () => {
         "type": "plugin",
       },
       Object {
+        "banner": undefined,
         "contextDir": "/outside/of/repo/plugins/baz",
         "id": "baz",
         "manifestPath": "/outside/of/repo/plugins/baz/kibana.json",
@@ -75,6 +84,20 @@ it('returns a bundle for core and each plugin', () => {
         "sourceRoot": <absolute path>,
         "type": "plugin",
       },
+      Object {
+        "banner": "/*! Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements.
+     * Licensed under the Elastic License; you may not use this file except in compliance with the Elastic License. */
+    ",
+        "contextDir": <absolute path>/x-pack/plugins/box,
+        "id": "box",
+        "manifestPath": <absolute path>/x-pack/plugins/box/kibana.json,
+        "outputDir": <absolute path>/x-pack/plugins/box/target/public,
+        "publicDirNames": Array [
+          "public",
+        ],
+        "sourceRoot": <absolute path>,
+        "type": "plugin",
+      },
     ]
   `);
 });
diff --git a/packages/kbn-optimizer/src/optimizer/get_plugin_bundles.ts b/packages/kbn-optimizer/src/optimizer/get_plugin_bundles.ts
index 04ab992addeec1..9350b9464242af 100644
--- a/packages/kbn-optimizer/src/optimizer/get_plugin_bundles.ts
+++ b/packages/kbn-optimizer/src/optimizer/get_plugin_bundles.ts
@@ -24,6 +24,8 @@ import { Bundle } from '../common';
 import { KibanaPlatformPlugin } from './kibana_platform_plugins';
 
 export function getPluginBundles(plugins: KibanaPlatformPlugin[], repoRoot: string) {
+  const xpackDirSlash = Path.resolve(repoRoot, 'x-pack') + Path.sep;
+
   return plugins
     .filter((p) => p.isUiPlugin)
     .map(
@@ -36,6 +38,10 @@ export function getPluginBundles(plugins: KibanaPlatformPlugin[], repoRoot: stri
           contextDir: p.directory,
           outputDir: Path.resolve(p.directory, 'target/public'),
           manifestPath: p.manifestPath,
+          banner: p.directory.startsWith(xpackDirSlash)
+            ? `/*! Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements.\n` +
+              ` * Licensed under the Elastic License; you may not use this file except in compliance with the Elastic License. */\n`
+            : undefined,
         })
     );
 }
diff --git a/packages/kbn-optimizer/src/worker/webpack.config.ts b/packages/kbn-optimizer/src/worker/webpack.config.ts
index 271ad49aee351c..3d62ed16368696 100644
--- a/packages/kbn-optimizer/src/worker/webpack.config.ts
+++ b/packages/kbn-optimizer/src/worker/webpack.config.ts
@@ -72,6 +72,7 @@ export function getWebpackConfig(bundle: Bundle, bundleRefs: BundleRefs, worker:
       new CleanWebpackPlugin(),
       new DisallowedSyntaxPlugin(),
       new BundleRefsPlugin(bundle, bundleRefs),
+      ...(bundle.banner ? [new webpack.BannerPlugin({ banner: bundle.banner, raw: true })] : []),
     ],
 
     module: {
diff --git a/src/dev/precommit_hook/casing_check_config.js b/src/dev/precommit_hook/casing_check_config.js
index 864bf7515053c6..404ad671746815 100644
--- a/src/dev/precommit_hook/casing_check_config.js
+++ b/src/dev/precommit_hook/casing_check_config.js
@@ -105,6 +105,7 @@ export const IGNORE_DIRECTORY_GLOBS = [
   'test/functional/fixtures/es_archiver/visualize_source-filters',
   'packages/kbn-pm/src/utils/__fixtures__/*',
   'x-pack/dev-tools',
+  'packages/kbn-optimizer/src/__fixtures__/mock_repo/x-pack',
 ];
 
 /**

From 1e067b1608adc89cf647f47a24bcecde2d3e99fe Mon Sep 17 00:00:00 2001
From: Jonathan Buttner <56361221+jonathan-buttner@users.noreply.github.com>
Date: Thu, 30 Jul 2020 14:01:29 -0400
Subject: [PATCH 08/11] [Security Solution][Resolver] Adding resolver backend
 docs (#73726)

* Adding resolver backend docs

* Adding more clarity around ancestry array limit

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 .../common/endpoint/types.ts                  |   2 +
 .../endpoint/routes/resolver/docs/README.md   | 216 ++++++++++++++++++
 .../resolver/docs/resolver_tree_ancestry.png  | Bin 0 -> 19926 bytes
 .../docs/resolver_tree_children_loop.png      | Bin 0 -> 40224 bytes
 .../resolver_tree_children_pagination.png     | Bin 0 -> 32477 bytes
 ...er_tree_children_pagination_with_after.png | Bin 0 -> 32398 bytes
 .../docs/resolver_tree_children_simple.png    | Bin 0 -> 22889 bytes
 .../resolver/utils/ancestry_query_handler.ts  |  24 +-
 .../endpoint/routes/resolver/utils/tree.ts    |  33 +--
 9 files changed, 242 insertions(+), 33 deletions(-)
 create mode 100644 x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/README.md
 create mode 100644 x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_ancestry.png
 create mode 100644 x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_loop.png
 create mode 100644 x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_pagination.png
 create mode 100644 x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_pagination_with_after.png
 create mode 100644 x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_simple.png

diff --git a/x-pack/plugins/security_solution/common/endpoint/types.ts b/x-pack/plugins/security_solution/common/endpoint/types.ts
index a982f9ffe8f21f..1c24e1abe5a57e 100644
--- a/x-pack/plugins/security_solution/common/endpoint/types.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/types.ts
@@ -104,6 +104,8 @@ export interface ResolverChildNode extends ResolverLifecycleNode {
    *
    * string: Indicates this is a leaf node and it can be used to continue querying for additional descendants
    * using this node's entity_id
+   *
+   * For more information see the resolver docs on pagination [here](../../server/endpoint/routes/resolver/docs/README.md#L129)
    */
   nextChild?: string | null;
 }
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/README.md b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/README.md
new file mode 100644
index 00000000000000..1c0692db344c4f
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/README.md
@@ -0,0 +1,216 @@
+# Resolver Backend
+
+This readme will describe the backend implementation for resolver.
+
+## Ancestry Array
+
+The ancestry array is an array of entity_ids. This array is included with each event sent by the elastic endpoint
+and defines the ancestors of a particular process. The array is formatted such that [0] of the array contains the direct
+parent of the process. [1] of the array contains the grandparent of the process. For example if Process A spawned process
+B which spawned process C. Process C's array would be [B,A].
+
+The presence of the ancestry array makes querying ancestors and children for a process more efficient.
+
+## Ancestry Array Limit
+
+The ancestry array is currently limited to 20 values. The exact limit should not be relied on though.
+
+## Ancestors
+
+To query for ancestors of a process leveraging the ancestry array, we first retrieve the lifecycle events for the event_id
+passed in. Once we have the origin node we can check to see if the document has the `process.Ext.ancestry` array. If
+it does we can perform a search for the values in the array. This will retrieve all the ancestors for the process of interest
+up to the limit of the ancestry array. Since the array is capped at 20, if the request is asking for more than 20
+ancestors we will have to examine the most distant ancestor that has been retrieved and use its ancestry array to retrieve
+the next set of results to fulfill the request.
+
+### Pagination
+
+After the backend gathers the results for an ancestry query, it will set a pagination cursor depending on the results from ES.
+
+If the number of ancestors we have gathered is equal to the size in the request we don't know if ES has more results or not. So we will set `nextAncestor` to the entity_id of the most distant ancestor retrieved.
+
+If the request asked for 10 and we only found 8 from ES, we know for sure that there aren't anymore results. In this case we will set `nextAncestor` to `null`.
+
+### Code
+
+The code for handling the ancestor logic is in [here](../utils/ancestry_query_handler.ts)
+
+### Ancestors Multiple Queries Example
+
+![alt text](./resolver_tree_ancestry.png 'Retrieve ancestors')
+
+For this example let's assume that the _ancestry array limit_ is 2. The process of interest is A (the entity_id of a node is the character in the circle). Process A has an ancestry array of `[3,2]`, its parent has an ancestry array of `[2,1]` etc. Here is the execution of a request for 3 ancestors for entity_id A.
+
+**Request:** `GET /resolver/A/ancestry?ancestors=3`
+
+1. Retrieve lifecycle events for entity_id `A`
+2. Retrieve `A`'s start event's ancestry array
+   1. In the event that the node of interest does not have an ancestry array, the entity id of it's parent will be used, essentially an ancestry array of length 1, [3] in the example here
+3. `A`'s ancestry array is `[3,2]`, query for the lifecycle events for processes with `entity_id` 3 or 2
+4. Check to see if we have retrieved enough ancestors to fulfill the request (we have not, we only received 2 nodes of the 3 that were requested)
+5. We haven't so use the most distant ancestor in our result set (process 2)
+6. Use process 2's ancestry array to query for the next set of results to fulfill the request
+7. Process 2's ancestry array is `[1]` so repeat the process in steps 3-4 and retrieve process with entity_id 1. This fulfills the request so we can return the results for the lifecycle events of A, 3, 2, and 1.
+
+If process 2 had an ancestry array of `[1,0]` we know that we only need 1 more process to fulfill the request so we can truncate the array to `[1]` instead of searching for all the entries in the array.
+
+More generically: In the event where our request stops at the x (non-final) position in an ancestry array, we won't search all items in the array, just those up to the x position. The next-cursor will be set to the last ancestor received since there might be more data.
+
+The `nextAncestor` cursor will be set to `1` in this scenario because we retrieved all 3 ancestors from ES but we don't know if ES has anymore.
+
+## Descendants
+
+We can also leverage the ancestry array to query for the descendants of a process. The basic query for the descendants of a process is: _find all processes where their ancestry array contains a particular entity_id_. The results of this query will be sorted in ascending order by the timestamp field. I will try to outline a couple different scenarios for retrieving descendants using the ancestry array below.
+
+### Start events vs all lifecycle events
+
+There are two parts to querying for descendant process nodes. When a request comes in for 7 process nodes we need to communicate to ES that we want all of the lifecycle nodes for 7 processes. We could use a query that retrieves all lifecycle events (start, end, etc) but the issue with this is that we need to indicate a `size` in our ES query. If we set the `size` to 7, we will only get 7 lifecycle events. These events could be start, end, or already_running events. It doesn't guarantee that we get all of the lifecycle events for 7 process nodes.
+
+Instead we can first query for 7 start events, which guarantees that we will have 7 unique process descendants and then we can gather all those entity_ids and do another query for all the lifecycle events for those 7 processes. The downside here is that you have to do two queries to retrieve all the lifecycle events. Optimizations can be made for the first query for the start events by reducing the `_source` that ES returns to only include the `entity_id` and `ancestry`. This will reduce the amount of data that ES has to send back and speed up the query.
+
+### Scenario Background
+
+In the scenarios below let's assume the _ancestry array limit_ is 2. The times next to the nodes are the time the node was spawned. The value in red indicates that the process terminated at the time in red.
+
+Let's also ignore the fact that retrieving the lifecycle events for a descendant actually takes two queries. Let's assume that it's taken care of, and when we say "query for lifecycle events" we get all the lifecycle events back for the descendants using the algorithm described in the [previous section](#start-events-vs-all-lifecycle-events)
+
+### Simple Scenario
+
+For reference the time based order of the being nodes being spawned in this scenario is: A -> B -> C -> E -> F -> G -> H.
+
+![alt text](./resolver_tree_children_simple.png 'Descendants Simple Scenario')
+
+**Request:** `GET /resolver/A/children?children=6`
+
+For this scenario we will retrieve all the lifecycle events for 6 descendants of the process with entity_id `A`. As shown in the diagram above ES has 6 descendants for A so the response to this request will be: `[B, C, E, F, G, H]` because the results are sorted in ascending ordering based on the `timestamp` field which is when the process was started.
+
+### Looping Scenario
+
+For reference the time based order of the being nodes being spawned in this scenario is: A -> B -> C -> D -> E -> F -> G -> J -> K -> H.
+
+![alt text](./resolver_tree_children_loop.png 'Descendants Looping Scenario')
+
+**Request:** `GET /resolver/A/children?children=9`
+
+In this scenario the request is for more descendants than can be retrieved using a single querying with the entity_id `A`. This is because the ancestry array for the descendants in the red section do not have `A` in their ancestry array. So when we query for all process nodes that have `A` in their ancestry array we won't receive D, J, or K.
+
+Like in the previous scenario, for the first query we will receive `[B, C, E, F, G, H]`. What we want to do next is use a subset of that response that will get us 3 more descendants to fulfill the request for a total of 9.
+
+We _could_ use `B` and `G` to do this (mostly `B`) but the problem is that when we query for descendants that have `B` or `G` in their ancestry array we will get back some duplicates that we have already received before. For example if we use `B` and `G` we'd get `[C, D, E, F, J, K, H]` but this isn't efficient because we have already received `[E, F, G, H]` from the previous query.
+
+What we want to do is use the most distant descendants from `A` to make the next query to retrieve the last 3 process nodes to fulfill the request. Those would be `[C, E, F, H]`. So our next query will be: _find all process nodes where their ancestry array contains C or E or F or H_. This query can be limited to a size of 3 so that we will only receive `[D, J, K]`.
+
+We have now received all the nodes for the request and we can return the results as `[B, C, E, F, G, H, D, J, K]`.
+
+### Important Caveats
+
+#### Ordering
+
+In the previous example the final results are not sorted based on timestamp in ascending order. This is because we had to perform multiple queries to retrieve all the results. The backend will not return the results in sorted order.
+
+#### Tie breaks on timestamp
+
+In the previous example we saw that J and K had the same timestamp of `12:13 pm`. The reason they were returned in the order `[J, K]` is because the `event.id` field is used to break ties like this. The `event.id` field is unique for a particular event and an increasing value per ECS's guidelines. Therefore J comes before K because it has an `event.id` of 1 vs 2.
+
+#### Finding the most distant descendants
+
+In the previous scenario we saw that we needed to use the most distant descendants from a particular node. To determine if a node is a most distant descendant we can use the ancestry array. Nodes C, E, F, and H all have `A` as their last entry in the ancestry array. This indicates that they are a distant descendant that should be used in the next query. There's one problem with this approach. In a mostly impossible scenario where the node of interest (A) does not have any ancestors, its direct children will also have `A` as the last entry in their ancestry array.
+
+This edge case will likely never be encountered but we'll try to solve it anyway. To get around this as we iterate over the results from our first query (`[B, C, E, F, G, H]`) we can bucket the ones that have `A` as the last entry in their ancestry array. We bucket the results based on the length of their ancestry array (basically a `Map<number, Set<string>>`). So after bucketing our results will look like:
+
+```javascript
+{
+  1: [B, G]
+  2: [C, E, F, H]
+}
+```
+
+While we are iterating we also keep track of the largest ancestry array that we have seen. In our scenario that will be a size of 2. Then to determine the distant descendants we simply get the nodes that had the largest ancestry array length. In this scenario that'd be `[C, E, F, H]`.
+
+### Handling Pagination
+
+#### Pagination Cursor Values
+
+There are 3 possible states for the pagination cursor for a child node and 2 possible states for the pagination cursor for the node of interest (the node that we are using in the API request).
+
+Potential cursors for the node of interest:
+**a string cursor:** a cursor that can be used to skip the previous set of results. The cursor is a base64 version of a json object with `event.id` and `timestamp` of the last process's start event that was received.
+**null:** indicates that no more results can be received using this process's entity_id
+
+Potential cursors for descendants of the node of interest (these apply to the results of a request):
+**a string cursor:** a cursor that can be used to skip the previous set of results. The cursor is a base64 version of a json object with `event.id` and `timestamp` of the last process's start event that was received. This cursor should be used in conjunction with using this process's entity_id for a query.
+**undefined:** the node may contain additional children, but we are not aware. To find out, perform additional queries on the node of interest that original returned these results or move down the tree to a descendant of this node to query for more descendants.
+**null:** We have found all possible direct children for this node. There may be more descendants but not direct children for this node.
+
+#### Pagination Examples
+
+For reference the time based order of the being nodes being spawned in this scenario is: A -> B -> C -> D -> G -> F -> H -> E -> J -> K.
+
+![alt text](./resolver_tree_children_pagination.png 'Descendants Pagination Scenario')
+
+Handling pagination for the children API in a little tricky. Let's consider this scenario:
+
+**Request:** `GET /resolver/A/children?children=3`
+
+Let's use the diagram above to show the relationship between processes and the data in ES. The response for the request for 3 children is `[B, C, G]`. More process nodes exist in ES so it would be helpful to indicate in the response that there is more data and a way to skip `[B, C, G]` to get the next set of data. A cursor can be set on the response for `A` to point to the last process node in the response which can be sent in another request to retrieve the next set of data. This cursor will contain information from `G` because it has the latest timestamp (in ascending order).
+
+If another request was made using the returned cursor like the following:
+
+**Request:** `GET /resolver/A/children?children=5&after=<cursor from previous request>`
+
+For reference the time based order of the being nodes being spawned in this scenario is: A -> B -> C -> D -> G -> F -> H -> E -> J -> K (the same as above).
+
+![alt text](./resolver_tree_children_pagination_with_after.png 'Descendants Pagination Scenario Part 2')
+
+For this request we will do a query for _find all process nodes where their ancestry array has entity_id `A` and use the cursor to skip old results_. The response for this request is `[F, H, E, K]`. The request actually asked for 5 nodes but there was only 4 in ES so only 4 were returned.
+
+The odd thing about this response is that it did not receive D and J. The problem is that the backend does not have any concept of C in this second request because it was received in the previous one. It will be skipped based on the pagination cursor returned previously.
+
+This example highlights a scenario where it is not easy for the backend to go back and continue to get the descendants for C because of the limitation of the ancestry array.
+
+#### Pagination cursor for descendant nodes
+
+Let's go back to the first request where we got `[B, C, G]`. How could we go about getting the rest of the children for `B`? We have two ways of solving this. First we could determine what the last descendant we had received of `B` and use that as the cursor when returning all the results for this request. That is actually kind of difficult.
+
+For reference the time based order of the being nodes being spawned in this scenario is: A -> B -> C -> D -> G -> F -> H -> E -> J -> K (the same as above).
+
+![alt text](./resolver_tree_children_pagination.png 'Descendants Pagination Scenario')
+
+Let's imagine for a moment that the _ancestry array limit_ is 3 instead of 2. Taking our previous request we would instead get `[B, C, D]` because D started before G. In this case the last descendant for `B` is actually `D` and not `C`. This gets complicated because we'd have to keep track of which descendant was the last (time wise) one for each intermediate process node. In this example we'd need to find the last descendant for both `B` and `C`. We'd have to track the descendants for each process node and build a map to quickly be able to retrieve the last descendant.
+
+Instead of doing that we could also continue to get the immediate children of `B` by doing another request for `A` like was shown in previous example when using the after cursor. This would guarantee that all children (first level descendants of a node) had been retrieved.
+
+For reference the time based order of the being nodes being spawned in this scenario is: A -> B -> C -> D -> G -> F -> H -> E -> J -> K (the same as above).
+
+![alt text](./resolver_tree_children_pagination_with_after.png 'Descendants Pagination Scenario Part 2')
+
+To get to the response shown in the diagram above (the blue nodes is the response) a request was made for 3 nodes which returned `[B, C, D]` and then another request was made using the returned cursor for `A` to get an additional 4 nodes `[F, H, E, K]`. Let's assume that the request looked like:
+
+**Request:** `GET /resolver/A/children?children=5&after=<cursor from previous request>`
+
+So 5 nodes were actually asked for. After `[F, H, E]` are returned during the first query to ES, we will use the most distant children (also `[F, H, E]`) and make another request for any nodes that have F or H or E in their ancestry array. Only a single node satisfies that query which returns `K`. Therefore we can know with certainty that E, F, and H have no more children because ES only returned K instead of K and one more node (since we requested a total of 5). With this knowledge we can mark A, E, F, H's pagination cursors in a way to communicate that they have no more descendants.
+
+The way the backend communicates this is by marking the cursor as null.
+
+If the request was actually for only 4 children like:
+
+**Request:** `GET /resolver/A/children?children=4&after=<cursor from previous request>`
+
+Then we wouldn't know for sure whether ES had more results than K. But what we can know is that `A` does not have any more descendants that we can retrieve in a single query using its ancestry array. We have received all nodes where `A` is in their ancestry array when we made the second query for nodes E, F, and H and received `K`. Therefore at the moment when we received `[F, H, E]` we can mark `A`'s cursor as null.
+
+When we make the next query for any nodes that have F or H or E in their ancestry array and get back K, this satisfies our size of only needing one more node (4 total). At this point we don't know for sure if E, F, or H have more descendants. Since we don't know we will mark E, F, and H's cursors to point to K.
+
+#### Undefined Pagination
+
+For reference the time based order of the being nodes being spawned in this scenario is: A -> B -> C -> D -> E -> F -> G -> J -> K -> H. (Not the same as above).
+
+For this scenario let's assume ES has the data in the diagram below. Let's say the request looks like:
+
+**Request:** `GET /resolver/A/children?children=6`
+
+![alt text](./resolver_tree_children_loop.png 'Descendants Looping Scenario')
+
+The result for this request will be `[B, C, E, F, G, H]`. Since the request was looking for 6 nodes and we got that amount the cursor for `A` will be set to the last one: `H`. The cursors for the intermediate nodes `B` and `G` will be undefined. This is because we don't know if `B` or `G` have more children but `A` can be used to determine that. We also don't know if C, E, F, or H have more descendants so their cursor will also be marked as undefined. If we wanted to know if C had more descendants we can simply issue a new request like `GET /resolver/C/children` to get its descendants and we won't receive and duplicates because we never received D, J or K.
+
+If we want to know if `B` has more children we can issue another request using the cursor set for `A`.
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_ancestry.png b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_ancestry.png
new file mode 100644
index 0000000000000000000000000000000000000000..a2636c7cd38cb515849ede721f4e4d24a851241a
GIT binary patch
literal 19926
zcmeFZ2T)X969otc1W|$_NphAvLk<#$A?FMN!Z5&)a~PruNEo6b3L;82AR;IrAP5K|
zf|5kZK><mEl9Su>`+fiBP_<iIwN+asFyXy-@4L7A^y$<6Of)jkJbjY+Bnb)0X>Bc(
z2?+@)H~i$1lffrxb(>NoBxGuV8diZ`p)NR2ED5iK`rlW)NO3oxfIwae6fY9#=<6%$
zjB|ALck~Jn^~MImNASIuk2B5%hjspY3{o5^E+Q^1A|Y;uK=MkcO31-4BvMpbLeA#z
z@s6%o?|&{RB`OXV5YTtT;JgEU0^BbAJpvo(==%3+Mg}70fzlYP1>Q*x6@m_tR1-J&
zdrUCaKLF?B{r510gs6ll;_nxMVZPYEpE_fMaTqM|Qwa^Yp?_u$1LFRfE6x~!3DHLc
zWBmfGg8iIi4b_58{$9k}(d(a!7{PQ!{&Q&w4Jiv>XLD)&5VVmv!rR$XPFhvQ%~S#(
z;1()t<R2hys4wF$E$Lybt)Yg|_Vx3C^+5;w$$6qts^SK|&PZu3M_(yjGYx%hDINIA
z8S8^WxTE#qrIDeA49Z(J#NFH+-dP1}c^hdOIg4xAcuAwoWTiaZth7B$E!AAn21Y19
zKUGIK$X8cK*G<P+!$(fv%R?Wn9g24KvoR3Yw9qm3#G8bmP~J`k))*;&Lm#ZOxw)FS
zv6{c9IK~g_8YpLOV(p_X?P=lSD&=F2wzhKf^bNqdXi8bC>X>Qh1q4`l80dRQNr(El
z;&pud+_5N0oVmFaHq1OQR3gYrS0czt-B80@LkEYE4U&`bHMElUa^^*<Y5L2!OFJ8y
zYx+sR{2YyNo}O3?%GAOjEW}DzM%PpoBkhGVcL_7KKpAQ3OR4JyxFK+XNLl9)M@Q9A
zM_of5J!c~yBu>LRz}iYG)E_RXEv09r<`RO#q5@FT-UzsPOLbFYM`IZe)eu)p8-JM)
ze4wGRp1X#PwVA4!k+rs~tg#iwBh<-2*T>Y{(jd^%1n;XJq^@Iwx4@XGxnj+Nv?Scb
z(Q1;xni_#JL8hjfrZ{hmpO<?WBFNa=+SpUdSlUqoqhX3t)A0#1*U(qhf@wHum^-2T
zjkTOK5JpB}VKT<L7Uo_yuyJbe4{xIHYTzb|57gDvwDi|>F|e`-F$?vQF)<-7iiMtm
zO^^&0;U*c33zYM>adyMwr7dM_B;*2|&@ytKa=J2jX$x6HCn*UdBTZ+#OrW<DLSM^W
zHOxZXCD299&qQ3;(a%FO1eVk+)YHZsE{YEDM>(mgTD$5>A*{TuRL!OIU?ddA&DYw(
z3~lCW8sryZ;^U?&jSs_`i-#I%c<BWiqRg<4GGXe07=K596Q969e}tu{zN@6Tt3{Y5
z-Xv5mOx;K;RMtttz{@Jo&nlQWoEj1%A?IdeBL#0Pt#tiNw7iTh{LIWSHs~-_T}w$r
zoQH9stcDxXUtil-)xriPX`*eWqod_3sf+M4c2qYsvyp*Q@v>S7C!1g$BQre{e|M~-
zp@qLS0;Ol|tB=$%m9fzl4|Fy+uvFJ^)iTk;2TMqSof+%kHN4PjR#JY55Ca<ta~bad
zq_=gLk*|xpCqh$BR~G9o8DfA4*7I_c6c5yru@3e$!&rqmdii4=Wdq#(kimK`_z*2G
zq&Uo7P21nhRo%%LreZ4Ys*XiltLhrK2I!zX3_>;3tmI@R%$)UP%&|5>#uC9`b!cN#
zBRMs3i@+cWoFPIME+FA=VP)VOq-iK)=#SBJ4njIv%HcfC<mB7|Crre(4DlAu+9;%f
z9Nr8kqoHa<+^jJ8F_8>&R&!KGg14&$;B+P2#eFd$+UkaylAgFwKO<|bzqf%j0(L~&
z)67IR1RbE`<l-I>;BKIX(87j<N@4>-C2bIL7#Xallao2Z+1l9KS4vYB1-k==r6Vh?
zi*)z!)|5tgSO)r-t6CXrIQjT!S^2sU?ZHP+T29qd*2q##6Jf0vB&V+-V}Vig5I3}R
z({;BNw=(zh3zjz4b%jIKC8TUDZH$fF^!)t7qySyiG&FSa@W&qqzod18<xDUdlJL?v
zfQYOT>TqxWqUnF272f|7E+jPGJoE@9A>km=MyZ;G-d)ZMGol+BZ!&z?YpXH4!611Q
zUx$qgFJAG`aY7wa3zd4$RbZJ?keJx(hVs>&X5(@%K&RACU!}Z%|H$)1t|Ou`Pg-L*
zl4Gt?KCkl;AY1>vcTGX0RsN!0|Ir9#bHl9uvHr-OJDU%(`%9TZOVn;%^{~I5zVwR4
zFJO*iA-7Xj2B)Y>!<t^^!^a)G!opK8s(Eitb@WE*FZ1~Kj*o=b7Y;98QmAF0W8vr6
z7&<4Q6ij#S!JE(srIT5miDf$3XOH!gKGZX4o0%6dizO@kvPJIvw9B{0@5ocu(KJiy
zm6`{H@z)wXhZhs>99-1dPb<_BJ=^F<ew8NM68ErnF`6aYrCTMnLum?Y7B)w9CMqYb
zK%K3?@*W5Ia?$E!6wiJ&iI}cVY)0>ms}XHIcjB@iUMR4<1>epV3o{|AnmYQ=4@n6X
z^4HaA1=;c8k5gQAb9fhJ9bXzYB*|U){yDNu?hgmPnEa|+ew%!E+vD&pn+t_CJ{h(1
zn(|WI<Z51mrkUxr+ohj71%@zUNmQ&fjmTrF)jr-VU#@$cxHxd5_wn8qjl^DfuaGJY
zs$;V6$&WJpc6t-xDXYBENSYR<Abh-6x*aR_OObjlyH~D*V&Fjr2YJdGQtEhyDc`Rf
z#&N>O9|}d&Hm)914HSme@l(F2AH?*Xbq!Tnkv4yvKVh?_HMUD@L*a@h#acmju_%)&
z{~Cu9)%VKmbXI0ze3<uMXkqhK*#c7MFzC2o_5I0Xz4o=f+cb=r+W9c8_2&Wt$#vxI
zjQ)mkPTyJh^<GwepY^hRNvE!K$Vfo!S3KYh7Iuh-<!;HoAWMUku^hzGEl$UF%oU=1
z^sc&zxfK#py@nGG4|X32+NEAO*lYC|voR~~svOy15N{XvT4KCA+;~=5e~+GkK;f4d
z8uZc%xc$OjS1llu4qZ;3KB`8eXrzJO8?|t{{O2%zetz;#{B4fUBgwg2JQqlb=aJ#@
z=?e=^&+|l1e$3M_f5q}JivKdk@yblJcZ*hlgjP@x0<$lBv%}s!P~rHL>$B*r^YOVk
z(^abZm%B3GUM4thTw-WrU2Fd`)hgckIo|fL_!8N}r%(GNAB1MyjQKqgRs4$3qt7h1
zo2E;%oOsK*8ZN+yvD!U2#WMDcO`4wmGJ$i>jQmmG_uKM#Nk+_<Iwv`*r`9QHrw&u$
zwx_Ih&J<ALV-RHRj8XZ@)Qj|@B$!i}>(m~Bww2@dR*DA-;_a&`t!@$0^Jf|7e>ip$
ze#l18bEJA(rPXqekNzso7WM6VsbQO!D|ycuMWfc6Nho^t>b4uEJ2L7nBXwdb6}?_w
z(p^)|y9so^XChN!q(36La!g(huW#ly1-$haZ%>crd(yj%B|Cl<5r3T`dksbt&ixvC
zVm3EpPP}jQ6ai7pEyc;nL>n6;$<O^ZL(}dnY>^|zk@P$z<+0^2Fm;my1K;2GN_nm!
z;)5s|e36e7ltr2=dKVSNoIBqspN)S(IXe@5`gBIfE*+1&{FkQpr$ZL(PHb8&lfeXG
zzOpsZ4!JMRbtZ5eE0SZfqon+v>c3#X?(KdOhG4PZgC!MsP1D^So^uzh?em{)1GEfR
zOWjUqN8}qu_1k-*#X)@RTN;0&4w@OSnOQQJ*x8A<e`<12-v8AqY*svE&ut?fBnbNg
zzu!BFzQoyP5XjY3a&Gii-Q*E(e>PwLvlb`j{6bSn)RZsaImLKoUT*&U;?Z`-)IW8J
zxei+bZX?f&_3xE5rt_*76kgM{zg`*gy<*$*6Ti;yvAc6Ih<J(cQ4O3>Cao%Yf*Sg1
zRdmeIs~0+#l*7qxEPHYe4r=rv92E6x2@|v3$1$fUUTdy_fr4>v@An%T(=lDCXXwE!
ztvV7-*jP=GzmStXny~cgGSU3mnf6(a?rr&03u||{r{&x$=5fp{KW$MbE7Z;YrAb-o
zU?RHJrz>Bl+Pvo2KjWwP`Hxu8X`q`uCsm4nDBNl~e{myo$Z_Rn5`wtmJ?!!cj{@cR
z3;&#VYU!3aFG~Y{e_o_(_HFWIpA9+t;$pRe!a|-qd)b&=;nK#zIj=qo9`36&ce4GN
zp2o#-?bP}drllzAYF{0lpuVGeC6rTlwnWI;4DLf=t}v(J+Gl$XCR&t2@l!&ZXfoe_
zUh{q)p@eN2O_JxwTT7C{R+E><fW^jIs35t>)r8=nV-L=y6UeWAI;n*|rs{T_hnqC)
zwl7ofbt;bCPo&@Ooz!?VL9r5Gd+NJ3%`!!1MoiIe9ykkedCo`e(n_?aUAuCRZ7U-E
z%Xe;audB{H94DCumpQ{-(iC7c<}2_4+=LM;oC(9I1!<v=sKL;KoJ<ttaDdr$I3Q0O
z&8ZO5JcyHSCoqzp#bDNZ`&-2+DdEqx#7YG5L(9^y<YO;P*Povmrs&jCk$*)v^3uCK
z^t?ylkG|tn!NIE=8yZ$tjNkm_baZt|Ns5b$)4RTtQ&L__OQS}Q3>SC|J-vO|<Jygp
znk4%ZYT+DA6k3{Dy*uhB5P_dKgl{V_ym|8`^!IGadj(pOfq?-I0Ri%WygbLlAEh=M
z3$AL4Fzr5CtYnwpnI}qBD*paRF;c0lwl<ViPHrpiy>ss(I)RcnuS~+qr3AE(ogGRO
z?T%90ILky!8u^fpm*Hcwy`>rpT&5tsw>>|)<$K{cdB8+m+=QN22=YBS)z$S@YQH~+
zk*cU7Eo*Bg{Er2$#ipNk_~jX3M>;Q_OUjsaVZ?dIUu=5i1aJf|$-qmCYZToim`c?y
zdw7Z5zslV1@=fc~X$4;VSmMh#XOv`T-f!ddsO<+a!#Md@>=7}2x(q0vqXo;b?fQMT
zmX@ogRV5}C7G#kR&DNzkhN&`Xdj*suq>dXK8y{IH`F{6eIK6>Gv<Tjo#_MQjf?G4J
zmm?N;;l7JmTHGBbr-q9fK4;ZJwa}=e@l?!3l~Jg2{fG!fB?$y=qdxf*fS1lO&oRRB
zfVq=p42O3VIw({XUM7!A$36p7;BEhE#VspqrSf9cP(_7=FO``WKSI-@hBUcR+L>qt
zarIztg9s}VvIMk?(f#@F?jm-t0;dk1SYxzxbgr5SYM7gwKOWlH-S7zfIc~T9k~22W
zxri^IDdz}yoAlxS*{dO**TIh<6ivH)lk4p&5ha@0oAKA?(^}fvSL*8(PMtpehOzar
zWrfWPC5<IdPv7Clnt3l2`H4=g)AsMNmkDn={m#gUKrDeE^4u8#5v434<;|}<5{PHf
z(d$2ls0~tY_=*VAng8(rc0Ip+E<Y-%@cif2sXvF*L>JL@(bEie6X$>7=Md35`w>?s
z|M5yih0o)n%Fs0@D;t}Z=4O>b<gd-m_}t{G`KF7UEIiy&p*LwhUJNL?ZQ;MB$cVXp
z5yu6?`ug8J2DkP3L%^FubMNhUlRvlLzutVM>0-peh`IZT@9VH{en;fmaX=`D2gglI
zU*a0UajrajCZ6&R^XKq@Im=i}i@e?1Hu-SmY>O%^Gep8S09B*O$*K^dZEp#aVF+ha
zyKZ*M{_4PchrQi@v>t-oo#}`J+Baiv14uqUQNdobk2>!W0gmBiQ~KuU2{qAd4-{L@
ztqeWB)^tN9+Jg}O*lVy2ZxmhzXiC5u<n7fgF0mVBiFQz0BO|2uue|MVYK_g{uH7;J
z@zXi*@RO={BtWv&`dG;5T%Cjdo94rVk!pj;_4Qg>X4~`nU1dc@$09e@QGdoLrZ|{h
zTs3PtYgOY*8kH-<0Fj8Zw|6Qveo0t)#-QHfW6%|t{%Pl%5u@3**?>!<cjtWb-=_CI
z`>52PAWPESMNSfLZIy7C`*#H#@?2)Vl%$N#eVcg=l;Ov1G2~SP2*|8m*?zyHb7d?S
zu|*r2=-u6dKP$1m>4X84pGT7b@<`%qCB|QC9nUJCH9xL48<k@}4n$(dk^VhKjMI6J
zN-Hq1nX$F8ma#mG)=q+}Ef&_p^4ih0Xm!0>4^@aN9VrRE-iH+iRdr#2&P$gnS<bMs
zp4!=-;loxx>M36gbBG?CMfQCglcc6j8|GF$9f&_R?``86<2;~~#Krv|?hpoa(N{{A
zrlQZpILm&7cXH+UGV9Ear7QpT_O=^r3Dt(g!ZtWs>L)t|1b#q(G^-%Wv%K8TC9VFi
zi6<BlVX^GtLs}!DeN%JuIJS%Ug#UWy$S{DQ7I<e`Q<E~^*M8GIR@O|~2W_2Rwuq1(
z7Sh2M<sRkznDjgal+SrJD<TMdI6;keaw>?y8(;ME^V=RB094_Oy$(P$Sun?GWpkUd
zjBya-;+_N~s-T8~Q;~<ez<4&|;2hU+eAbIc6x7t$yJRL3#_3Tb5T0^S4uTri)^}oF
z;pE@GeJegcV)-vf@c^C{W<Pxz^ByOEF?<uH;YpbHQmJNz>sdcHh--0aBPV^)FaFsf
z;>z9rQdEUP@5^*T0(~7b^QkdvC7S)4<+Zhp#1jn|6U!tZ9+?$L&T_36o1kK^Q*sro
z_Ln+-s-YH~o*#Hp1>c5FNn(-0@l+ZS5e;Y_ItGRlRh;UR`x}-8Ln$;2nY3?m8GQ^R
zT%4|k_4JUFlQ%C8RfJKLJ$iKV@bJ+0-o^9zxl|9LP{$tiX`@j><inMx&uXTqZLN$s
zx_X`V@$rd`jaA{h@c_(RWtlt$dFK=-C+8|a!t%R}`QE}4d|yZUx!GdR@Nlbf-wmEf
z$?6FZ?`dZ)xkmP&;<b_zlPpc-#)hN38w~(zYxmbX@uZwNvCb&+c&86OSB;Km(sD9F
z1g3`5#UaGAYoTK=gH<TO&l`vX5%6<W70I;?D}L;nGivn;oJ!W2FbRN9a|-V5#Q)g^
zCV30zeM;^l<&4+W&MqGX8xa)CJmY&fQel>DJlY@^%EHQvf0MWg?87Kavp1twal$%?
ziTBT|Bam1YFx+)xhpCufprnfZ&}|NRQh0d5m#qZIlZH>goXx%2H`K0tq#eWt8s0m(
z^WFg^Cfln7lYYdthh<uE(6+Qglh91bl7b&-h$%ieAYLr=f-ZW%@`f2bEq`Hy`U#`y
zXub85G{e*|gShFL*YAGIw>h9I*c6+KttC(uB!5q;-988@!|x|F5lA?;nw99-M#b>F
z<je8SsOq-UX^pkP^CV)l7dpvF&d`gr=~_RZ&*H3x&F^J_#8~UnKDQ68RC+Jun>34(
zrt2qZhbbXqrs`Ie6fR6%`wYNyZ@l)3+0gd_%cM^R;4P*_uS7el3e;Yp2FeH|lRq|&
zw0$^a%etUlV440&6b^_Kym8hK_j%nSu}qtZ^hK#>Vlw@7e20Cnkggl-W`U^8=1<k>
z0`@^ADN}89(l@rzG#G7Wg~FjhPoK8&S8OfVeD-r^y8P9*#djt+x9)2`<}G?oAi2LV
zrG7~vf(EixwaqS*QKf~H=aVXmNvUngMaO#2Uw2c`LgytjXj6pJu_nSdqw)(W0}i*i
z79MNA`>pt{o;?HYY$mhS-=7}cMv1I(ppp5=)H|W~rcQgtwry*#?o0jU(}$N{QhIzo
zad|NRfmMUlNoDW)m>2auj)yOGQ3^2#K0FiopjG`MOVnsEX>twPaihfOi8XtSa`tk|
z_;C;4rM)`AgQgTnHm7Ih)Mqy-Pp0C3<3AI8Lc6pE8$vf2L>)xl_S|5ydUlbl{#w=K
zIpdi7U2kh|?~ptk%IBV$)%`XanR4|Pb3tA+<Jrbju?xiagj}%<{EVEai;~Kx?@pl_
zbeAnZnG1hmyJp8PK@<IgF00~EoXM5<y|sj=<F#pHSMFH7l40W)9dFwa+RAXS5ZO&r
zb0f<%?%=GbX706Inc0rZwR*+RwxVj8VZN=>uVW;~e8X7Bfa!B+$>i$S2vq6B*~SMH
zjvP!umkRn;rhG${;2V`&woflemEE=ID!adp2)_5BdHfSg5uM`MMpX(&PNtxU%-{Kr
zK5kU-P20wFN6soi2bV=iMSYw8IP)WYEL0SK^bByZvfms+p{e>E{ZnVd^i5ymq}@B`
zUA~&`S4+^lns#aUh!=Rl#gtl1bt>H~S-i8A`>UgGw%DR8nRvHn%2?`nqZ7xqP$TNd
zg}cP1+0Znl%{JzWy-u=v)42KV;%ZtQFTRy#S{1o4daP|!&FI5vKP(+%z|kvyH5xvr
z)GleE+d99Dkf(Z$saLvp39R;=W>Ik9!E@70t0TEizW10sZ<nBQnw|57K;aFB3U2Y0
z)cGv_Y9cmpaBRLr#|=CoI8}^ls0iC}bBzP~EKEoL;1hLqpDhT!fqZ4XNf*8SPNPEj
zfn7SmJ>7Vn&XJ)%!@9^WFM@mexo`0*#kU=5nyk?B?w9o|T7oNP)rT*mZy<MZuBXOc
z^E0a;AH7*KMO-FKp{$<FV~x{uLf8q2yM{d-S9u>#ibv^O!!ET)B%XWxXJGqfRk8!7
z_o<bmbKtj8so1XfD4)w}dmK!-QbI7>YOCfSNj255(}x$E8ErRNG~i|5Nj9fBQe|0#
zJc@QkdSPqccbl!5I)3Yy7V+*f>AkRL+rPKZ^`6frI{Bkcw=oOq{qPt>;COcPQk5e)
zdD`48b_{>zj%f1zi6N3kyzZ2E)Jai?hs)AugAuG24qu#xRHLn^s?ZhVCd5I)4zHnW
z&T@;j?0TKJytcz2&g7oxFyws{b4pp{&uRXTd>o3>XZh4c9FYSiMoi~!4qYzvVLqvQ
z&&>d>VCcfNA%D>WElJf`hGi<B2qqyQK3G3v8QEgLHpuW27?1n~>f_&~7-fE(hkP90
z>g_oi#`tI6H6iT~7rUe&Hg!INlz@P*-UYGVda{3%fUrv2H7p!CNuJiR6s8N*IkdwE
zMn1C}d3sVZnkn_Vy@`#*Tx8;Xq|SxVc<`Z|3}YQ{xy|_5ghR|(fJB(b#)3%P!58h(
zxyLg3>T{74F0uy+^F@jVsHB}MwAvv4q`7kN7n(;eeVeTqe|DaLxTM$EJHN>#>I%e`
zP*BSFb6aFq_)_n@zZy7E1KG-(uUd^3y?CZ_xx0F;F*Mz3NOybmbB`_NcO~#OENROE
zrR|b3^T~F`7SWP`-~LGsR}k^MLVqTm%|Z_E+&(4V?khRp&?g`8(_+eL;k58!(8WWn
zBngA_(1YKvk1f`)s+a`hu04MdN67q@KOItW^K<9C`_$3Ud?A{H>wMMcGmU>EU!|Kg
zvwk1Q^M*Zow%bA<y|PJ$Io0{~r#B6D;^{HWDcvz?Uu2SQ^iY$Sr2IJof<>O~X?4%1
zd9#RhLvGMb9@o%;HNcXB&9#i?M|&B)e3@<x7N^MlYmga{c_Sm-h%e=nRyBENSr`*`
zA`I*=>UMo>?yc~elLSPBLI4~8dFp)A(f!GHbg*TM_myRuR*cg}c3D9}`95BLwP)|l
zc3x`hu*e>4+4D~Snk)iWzu+^O?MHYder-Wac;viTC}-j(b?1B@VOGQ@Q6xN7kTy5?
zEY(cueM_GUY6Z^k1n@~3O;12fQJu@o2wFV8zQ=qyq3)ch>!_-~f!q_#gA?*Ub<?fa
z2{(G1RZ9|d8se{Y^h~lJoLc)y+MaTYmq!PLtLHx(+UEbrPIq8Ea)d){JBhoPJT|lX
zJZXaC&nc2=30>dmY5m@4XSF>}rp6n_n57M>_U{A*MrWs|l97Y)cB5Md1|5E-W(351
zgV@wc#06*P&9CC#ha6`EP;FQ#8~UM%8mHO~w{O|zU}4%-W2eFYE>HChdi9|@dKfqn
zk8d^+h~Nv*uJI>>V)?pr5p!5^^pu(osam1w`AAQmy&m1WuLF<MW>;l|*CgdWP49&X
zXuTKp`bCxV@@!TVb^W#Nu~}D=XO~BK@p&{4fSx%%6ymPz>SKPIwI9bG(zbeohz4I+
z?~353i0ntp>PX8>FKjb~<<BJhTc4jxh*N6t8k%SKzO8m*QPQnhrx+yi8h-&rc7)~1
zBhf;P@eX;C&mVfeVKO4Cy5biy8KUG6#N@TrbXC`qJ;~m;AQEVs+4qR{$fZ;7jO@_4
zshyl+5uE>}TQ{%HeTm?*3t}q&!k$L371Q{aJZ0LOQCOy-2C?hEpIUtzj}*bbp;&I~
z`onTqI(Onrb^qDp-+ww+<4XDA{hw>44zcrCp6VM*(}Kd|tfj9AFSmPD+(o8B<f%H;
zM7d;<#c#2#q9rp{?=)B_>%KVddI$X+Kl-Y%c-yFgnh~>Y^eBxwFnp$QWlTft{DU#i
zjrxLDgjt_@9{iOTtZz+wgF4DC2t*I@^Xvul%5?iJ=*@3QP2OWTQ@@mRxpEO7xcE6G
zJP>@=d+e2C#-e<07urqcca0qv6YfkqBjEIm(g`$=6Bx#}rm{L{t3kRuWHF@<sOy<T
z2g0v!=k`@ujD@e$H0s4}sw4ZvH?WfZSX!9|SJ#Z*Oou-zHQqlDw#w!&3J2SX;qQ<W
z?ZI)OOY6<g=#^zjq@X}_NFYj6Blb}`LGn~**)86t!z)ki>U)i8A0T<SPpcyz@s@6%
zYnO`}nOe{wiU+NM7EG+Gr&}8|gd8Q@g_U*&j^TGBFXN<6!JpO6Qod(QQuMzWD%waV
z`U|qNh_QmXM55Cz&5{Exr>BxFYA61Fob>hU*F*{HlBgyQxBM>he<o@zp;OR9PwgC)
zXLZ3l=o_hGH&x)q@>J0s>SB(oG!h?jn@IlGqL!#=fTNT91M`X~zBWkH9dj~!hr9RO
zi%m=WF{)vEH+qLAy5qmkS!fv;%<|qZ$-I4=Jo%&W+A=}zZ?2OOkJCZx_u4z(yla<a
z--zcH6tv+!^C&-Hj_W~bY1+-vlf8>N2}fZCKtbPFmlL$3mJ3v5nfSP)y@(B5@ux2`
zxv(<PB$kjscR@%<y~4hcChxWoJ}>blamk7JajW$SA}Br}xl6v=fvn5%Gk~eZk8<i^
zlvxD*6EDv=2_tSMoY%GAi7=x)H(MaeH+ZnwYJyoOUGrQD9zUl1Duws(bG-^#r*_47
z<8fsv4?!#z`>DU5q49LWOGt4f-^=tztC*SH^nGc}>H6{B+v=Y`L~UIm@sXSio#(ZR
z^5(sZ4Q=}{dgRbmG<lpab`^*;*(o-sl7AI0y>5|zl&{z`;f+_tLk^EjEft{e=FK_&
z={4#diKn3_rpf}>*T|`;=zE0Sc{n&osAl*Q|7O<%&E6lfttxj7i*a=!k5~JDO{`X~
zT_(nX2#MC?xZ}$|<Ffyey2j|voqN;UOKb9w4*s3x(^GMDd@#ItG-jy6p-|!U`~;|M
z54CLGs4po_p6GZe0r3M!&du46_iE?>iJwLOL4@vVOin=P_D#pt;}<(fC&UTCzDBmp
zgM)+VI>q9WlCjsXpD?&9OUlj7ZDsx9(5be(oRunHRtSHdmZ%eDtbWnEed<MQr%@Lf
z@)iEK93#f}AW}$XImU;P5d(}y6MT$o`Z;mCKmGKGQRSPxUFCax>(kO<;R8l#f4Z09
zEFFN%5uS>SxxrympVoX&AraT39FBenw2t-QZFybg{bo7~6kKy#MjQ_Jg8Qs9)~~;z
zp~0O!q_f8&ypd#bc{znWyPQ5!nS&@Uk-?qabf%-t2HE8ZcV;baZaM%27xocqt}X9#
zO1q`B#PIDQ^RqQcDi>A+BA&64{k0(5i?x<4-L}<dj-I&V@AG*(cvdmuVk8wvdoxS|
zZjGMk6wr`w54Y4t9mp#xDjM0@b?XNN1(iqM!KhvtUOXO?o=)>cj=*qG^B;|iYy(>)
zdy*LV^}Ake93dctgGOQo8up&CZLr7M>CMgBrtMNcdHqa7bw`2eLTUlT&$|ggjw>{O
zG>E-vDQ;n7ia@?Q=3m!f-dC1esF`*ZL3Z8Z?(PMy8=c~A&mR7(2bPHy+MPInl8f22
zl()^wnBdAgV#ItHwpHm;s8G_KLk(_nnIM&JY_KLocXNmXZGWttQ8B{6Z*gxvAAS4B
zbFEMKA3wIH&~Bdk-V?7=Dlr`}6hA+|V)S9d;G*z_3s<7@Ul;t@{Ex<U|1}{s?h-JT
zasI+uT&LXk(O!ey4b4ws4oC8~cyF(7Y;Aw95qY+~pG<}{iLm74&Yz?lt$vxFQ9Ss}
zLYG@eD7ij?m9_k9Wtwn#eBwW1<F#F+&U;bd4Ndzm<8ojA)B-_OtGhn!h3zJ=Itc{R
zXoS~IV~;cfn_?(QBI-zZcz8qTn%eS)B)vS6C}R!4v|#PTTY^s!x%AIK76XS@SAnM<
ztNQ5vCo_Ee?zBO@iNDa~?w*Bs`(@yy;9Avaba|so;DVXg#TxIir2F?dctPVT+QgH-
zav5OaV0x&EVYp%HFSH8eWYq2%k@aqWaDpYYSAM?Raw}KHH~j+r!E>mC0&Q;4X4?6D
zqnA1$o7|@2^SHk0sGJAk=1sa6LzJJ!s(VNP^N2ad&bNK^+}n4_zH&2ETXMWLM=Vd~
zC)m3jr=+ilO-n1je53f^UI4?#MVw|0jg4!C%^_zg{6H>eIT2yl8nx~=Md(Yi8u`-F
zFQ&FG%>^cp66k&5VF`r^a@TWGCjSemZmC00#mFe#*Tt9{1Sdv`apS*QI7*;$NP#in
z?%YXNdZ}s24kotOjs-QRIfX$yAXSgI;XojaW$Rb9E?r{zAp8XNuas{P`?dur*wm?3
zZuRRqQ{TQG>m7-uVI$TC`d^2jot=w(Zy9q=O-<cCY*p+Xx$1VFh{5weeiS}=q9;2d
zd1HFoY5k!7%D;-7Htfo$$ChGKgnm8z=F(Tu>&v_YL{U&T&`A_+GeYi~hekRTNs02z
zCEAA&6IWW1Gg;|J?d<H{7=BGkPVTL8H9TX?4+V`f)WVB!K=O{SRkT+V=0Du=g@H)>
zehfV6C(3lhFeNTgqw-&wuK$6{w)f{tf2%VIlPQ1hbcst<#U^(t9y@kya$|9*;h34Z
z`SIxJXxVPR_&aguHn_Qrj0})mHdi`&jbsVAu`6Tst?i$w#>dCWDJZV!@u_QTQ^X9@
zGGmcUYHDgkT*{DsNmS|D2_X>7O$&yud}0HM4J{inEle+Jmtsscv-U9Y!usC&Ta_8r
zPe1z^@^fxG-E0jNzVs^RU#Si~)+<C&!2AEWH1~g7+x!17@c)27`oFP=Zl}cl1Z?Nu
zW53*QU`Thf=|*o!-aUB#hx%R=Z9#U%Cwncl`x&;}L<}c`pYS&>|DP7Pz_Fx_d#}>@
z@E3Rb8pEmQH*Za=H!6Y3q5e=w>C<w`)~gVPM$gz_b)?DJdW3@-q}IeRh&xW5VZDB8
z;@}wx`$0cBgiazjY91-Hy=15os)*mX#RaSzpf%lcmw|W!93kE|s<V#&h5gIDPyZ*)
zBE_5<dll5mH562ko$|>W=I10cs|$oBZclMnITgag)v#oXX&?phwrP<1{@Op05~VE8
zMf+HKsYQ903Cb!@Y{h_?9PA7QUnm51Zhd}DM!a42)z&=cKb)H{2z&EC+3fyH9JP!x
zs1wl7ayU1RZc+xit`~2k)>NT-{l@<uWhb5vVi5#>b<bga@7JXc#~`*pn=z_d+&TEz
z$ZCLwtR^*ezAVA$TxLejfU^E$-OH#mki!zwTa(`_GWGXT1q=V@>|P3|hrXlnQ9OLy
z<ZoPIFga;+$xt(k7;Omw`}AK!?33*2iJ6$mja_8soN`R3kuD_QE`{~)YxWe92vpng
zj^hPcM9QBZ;eO=efzq>TW-|D*{mu037XowgPO{~6%uifzmyR1h)c+oe6>`p6%n#Zo
z={}5W_}qUFTiqc<Q^>-1UpHHn5&M(G!NDOmE>2Z6yRf>Nj>O2u=49QaR4DX8;iuVq
zz%6ij_}nJub({Uq%e{*#M6Forp->@Eb7<~yd>`Vg9AT0euqG!UQ1Rv_uBtL(u!L+8
zmxh#Q!&6+le%o<;|2VML_FNesv++cd`z0l0s;a8Kes?I(no`~+Pd?XZ5KD~5MNbKI
zAwA5Pw+qTda%JCG{OtU1?6r+2V-2utPx}jxcxC;cW)nG*Au{C%#RD#J*EjxI*+bGy
zysp^=mKEa(NlBj*Vi)E{>$D)UaP!uvt-m@m4NFWkZ6{D1q*oN5^sz!i#EF^pVj;ou
z@R^=gAe%QozndTZF055-GTIdFKtp>0%G>dfr*O(6EZ61FdQo?3=>sgECMFgvE-6BB
zhBlY%2kSj{u!BU^hM0WxV>9MA2uUBWzDOzeC3ENDF8A_PLTIkPI_pK0^fQZ=OyKfU
zPx|!&gMv8ggAM;%m1@Lq(eDpDd3ZA`OV!ZO;or{%CiMQ0LP@>lD>{x?Qty9VTJM<$
zg_+)%nFraIcj~fyZ%xrk1W<10*9qfuX<9%-Wfl)jxYNE%`$BqcZB1MXw4r|r>Ps6Z
zTSj*%W2=&x{etgZKhRXy_*;I9JyXciPAsU)R+VMM#E?Mr;`yhber<QgV(9J0R{1lg
zi}vftM_@*Fp~@Z>G87aP&#J1fp}4N3q?~@~Gm%<qnE$9zi6r!3SL#)N%pog8ed?U^
zHN&lQbWxXH#-H!fT6+Gd^}i_uFE1~Y$lKe=_zmyHmX`8EwHkqmA6_(T`}~>ey5Ze(
zjVa_%vt7Gi=lA&fZQD1_WxQK1>AMqlFB}<!mHr$7!3(k3RpBQ&uPEaayUYl_Zch|F
z4_=cIRlXknIn4X&uaH!b+<0({Ts~Vk^nhO2o&xOuMV#Ms8-;kgk+pTFepOA)^~%ah
z;<zIt=aofmMRt``{!_!xVcsmf->@mdxq+=7n~?=60yw|t*8n<D1p!M)Lvl((i$9W&
zAhsP>&a5Q<0dvBvRV=QhMa6Gt_maF>#6tGo($X?O-wyoT$js~*N$B3DNM>dx<Qu=f
zcMaN?azVB3S%6zpX%ngo+#;re@Y#F3biFM~>n1dD9gFRN30R<8(W%q_$p@f^@2=ko
z5M8aRdRal+Y}~o@2_N}44H%pb{q-%ePh7CZXTp0!9ykWsY3XzSW*ZS$Gb8)GTVIar
zS~!jt`49y|0s;g*b=9zPLX`cQLd_DmGf`(7og2G;1S%i<)*^s1qvR>&+Cf25YU=81
zU1CitTp4cPB+H@NxEr~f^bb8h`Wm?#v@8t((KdQAfL{3e;!oT2@7xC273#j1>gAS8
zMrhe~zUy<hdK{Z^=T72>4|>Hos2u~Jhdk70@D*uupZo29^OZ^N!u{v&`-S-r`UKKC
z4BxsH6Kukrzs=5)9X)!q7{|uO2FkOTnBnrqkwEAF&~VZTZlWi*`rnqy40un=oR<Xe
zATI#z@c#Wv;m!lY9%%nM76M}FOXX28I@zEFI%wT+baP8sSa2s2aH&Ef0Y9C?T=NQ2
zBM>Yl86WsngouZ95D@WL@AGS7g`_a*!EPZM3tC~l>6xuo{x^&sYjNr2#V<no$6rTM
zLPAuWJcLH0wG0g{!}F4W)u&Q-mZiMA5Ea*-{nS@|V0OH`<-1UghM1)t(GJ<!^DUAK
z3kr@reE3j6SlDxeHiHY8;<n!fD80XfLS*XE*QJii_-gdG2S5H_=JVAv2Y$ppn*=hz
z?6|kCw_2FuHRGwIT05&K{#$!5iTp`;_fBg{xKOR7wH0x2J*=SSc&{{^#n;>4uL;F>
z-<LQ(D8A3{g&gf2i6K@7Q8$XdS=_g*uy0{1y|cdb^(+t!jenYoy3gd@PR{r&-C|vu
zL14tCP<Dp>E7ByRc)zJw5?hX567z$luQyNw+CcRMGw{o7>+9=&o1U>8T=D^YERlb_
zV*=%+7OPh?d+D13dnxr2x@sh5n?a8OEM(3wf_y~}5|euC0F8?CoT9b|Ps>CL^F!Wp
zZLN6pQtBrp|6if`>2{amH0o!}vU`&b*51`_n5<ttJN$o#^;7jF3r;OOz*j_X&Q(gj
zqdZR~fTjTqeA`m|81ddwQAr9B2U#|wn<6<l-n8jiQ-VKZTAZ$Bzc>e~5K4d@7RrMs
zrZ6K16_b7DubQ>W$S`{ANSftqznQiwB{<ZBnDP>OG>!J{dMOR6sUcT*bgX^s%EV3t
zl*SR|jMrN!|63aO7guDj{EvjZ7?OY4(&*NItLeda8<Gk#OCLc!n%+B2)gJd^K90Yd
z9n`9mP!yah&8rklPPozgv{?`3K)abGhw6ZK!7??o;fu8=urI&m$0L)PY?5XelKxvZ
zmkoYEp7?ct-1!5^{a@x%x0X{F8jlcFRxUHg$~|lYzWZm2q~03!)_pxxF~!~^Y{3D1
zXES}b;mDp^RcNA?Hu|du_0+ixF}%h<)%K~Xop*IRMv+XU%|7-Qw0ffX@L2L?Vndsz
z$++p0jazH<#z&bt{ktk<BsKpnwNq_PdKP^*ueL{%JQET>`g}1k5Cw&=1h=Gb`>tQk
zz55v)RfT-zw?!enTasvxP*VWo)31CZb6TVL(N?XuF`C48{Suo2e|D0+9I*mOo8l)}
zdF*vYn0qp@{@z?*=lAXbEk`0AykpmS>|x89t*-Jj#&Au$!&8f??=>m}h~>(J-6tCc
zZ^yzv#@(PLxzr=9q4GiGzZLtaY;UeZckRa-0|n4z09DgtZR7NfeX+ry;?r$Ayo#Ir
zqLz}N#mhvh;_Jy7@sT0PK1?kFd=3=0RP>n2J8XBN7MAHkEUMJ=SZ4y1Y2!?@lO+YY
z?2$)ens1+9tq(O_Z|4AIcc5;qDUg!WFXtkci7qrqWE)=%(){*Lv}EKkk2ceIj%U%}
z+-H0jO};rFRDH`hxk+kG*I1H+J2(~N<k7*>&;gLv-&t(+eC|2gdqRfcg>zAYkFyf2
z9cOXOJ?x@zIzgVgbLZo;UYXM!Heai32CH?@Bt}-hj@4g7R`T<l(B3iB@KGW51+nHA
zHI({N_q0E4{$O#@qg|%_RtDF@q4#UKmM5w5yEUC{;^t55kV8>>#^1pHiu%-!)uPC?
zOWlqtHfK{hwKA3pPJB5VaZYzsZ05_38mf4r^+jeA%EwJj0_H#kR?8{4%$8~=(BiZu
zyF~Fi369UPxJs<!(}h`^r?f30!E~oPSS!D<2A;d#`kR(9<iwoB3itP2i6RDbuKHS?
zb@n)DP&M9z*C&5yWTl@|?ARgfkrV2#wNCAP@k5?fUM9pr_3ccRZW#4FG1Rde#s_p+
zimD&7>Q|eLV(hLkeTh&!-Lz!bJU!<3Wg+A^u{JRbmDAoXm9ln=KSEXw3RF#@JeMCk
z$Oj*HY5t=|3f1qo-O>&8Mef6T=$omu?QYo*$j=T}2{fo73&_v?fAhrxkAlK^AYutA
zDH=gRFVI8fRz7HSJbGy4GbfXA?8#;8Af(?kN{i>rDMoP;!+VOVINXI2gS?Z#3r?{q
zGD06_d&+s4oc$<cV_FtgR?aLP_=j+8IYviMKi!=x!zg~4gy#&!lP6DxpP_T0orlZJ
z?c<{xiD&tpRz~Ya=SYu|HNSgD9=^4r0lkg{0)Zn-XKl7Smu#Z^>C<>K!MFzxI6>I;
z1?tGi#B`z4_51rQ9`2LHiJ$J7^9NzgE?qj+&M0d4s;zsXAxwf16S}?Xc<pCNaWT}M
zo;(ru&dJVZV8p!Z=^;}=78vDF!VQ^NqM;2{KtQ0`A^PAriGYyMH5i19nr(DGq{5+z
zikh0b*hBy6)2A<fmWT<E{Ez4Tk<_OR2nY~wZ)Q{n)mdjz9=|RC(z>tjWJv}=;AV+>
zxJ8~MZ((fgG0)*@ilbzwpzRt$vHsJU&E*kBg<xSg*x$e9_uR+2Fyc-8_<Iw9b3LqW
zZEXVGX(=hd&+P5(Ar1dWlw}>etkjvHhLf*$9n`jC($Lfdk_CyL|L*{Qe_*s%j-FtS
z*m`sAM7kEwvznTYWCk&2JLUh$8I4f~%x4mh^_S?k!gge&r;~tC3+3~J-5`>f8#m5M
z`;4C=A+j^byI%zfUA=nsX6X7nZOrC{!m=`fh}AbIps|f?)c{STNt4&8X<!#z)&y7u
zcnakoMt8sK@4r#++sz0W$s5?z+8tuegWurT>Pn9_rl_ch#4R6y4kTO^!K?zqd=Nh#
z!0+wVR_fly@Q})6^bZwIra^5C!?S$l=u`sXl(Vbr%=fNro!?yC+?7smPi75G*kh|5
zTge)>#>3%ksQ!R}(zrF=${xMX8QlAKCU<20xWL9HzkiPddRtSwKl$dG-^PM@*5~E#
z-;alf?*(7rCfOdDI4lXQ9xBwNu1qev2?ugtyvVAV%JODyrUOXw*J&Rs5Nd%cn^{=A
ztc_CYlFowRI3*>`mVegFfkpctEa#l;EHjAOTbB9q<x6vWJNn112vg$?$6-hST6%h@
zq@|^;8bbX%k}v2;dyl?jWrdlBe|hG3?Tf~A=AAnf>gwt%W;R?I@O%jrZ=79Rq<0#D
zmS4z2%P<hf+xa~=GnXH2vA5^s@_V*hOGn3KZ?DRw`)Xk!rV6qZ0YOc_z#@H34Ve82
z%qa^Ci+A1K-%A`C@#jiPN=~mNeC`IH<jC$ammi+0@+9_MAHkf0&PCJ3Jts}BjLUnQ
z%kI(n&Zu5Dm|p^vXK{nZy&vvC8483_?Q3Btjl1)e*;TxDhMrho1B+>GZYKHq^(!Qu
z>h|_*B$Kc=R@H8_;Hl!?qp~2%UT%q{5V&yRO`bwXE!Jo3)o~#qAruPL42uD_Kt)AW
z8@}az<2wtOze{&cv830;>qth$P;p@q5x>c1(%RZu-vc6<PqwQMc3ho&Lo9DqRY`2=
z6$y?s`OT2=8QdiYv>`AejzG@(ZFbP-dPf@jOy>=L-=Ltl%1Q)GWpaA@YD<e6Npr2=
z3_RI#<qD~^*YL6Xn>GtAag>hE&c`qq%oE!hgCBZR`#Zm%RaRcf$e@kd{lTwyPw@_{
z#ihgDMKQg6CA;E9oYy(nBLb_!%g&wI+1Y2+)yItXhOGU%Jr)KY*7|=>>U%h3=@1EZ
ztkKa?@t_4W@2^*{9x3jZeA~o?v3eDFA?k3)6|%ChU*Gt;01Ky9R(c{gS62ZFs$4&|
z_Z92bZG_?RN6H$V!F>r#63<*evN19;5>XK9dm`R{#v8-InPC~)Qdt!yzkP$s(Ek2D
zv)A?a?{#3cARD|4vYu?<JPjmN2$%uMPd2X{Z~!MKr`646TPtg8Rj!QY?(Wmj)e1Hu
zDk@461D<7I50)`&@IV_)_ab2S15<5Xog-vt;s}IlzEY%k#J2DHkNy*Ue0)Ttf}5jZ
zV-wZcad&rbX7t#U|3JKH*awoIhi3&1<`zz({pieVLK@Z1=y#T_&`y6;{&PxQy%pUB
zTX+=k1qSfWF%x_X*R1;pBE_up`g|`ph-_}XT;5Uc?$Dc_kecf4xA)kh94z$QxpSlY
zQ00<N_aEyYCVIj4+RW%2t3t3qkZ*Z-PRTq?#KOP@@57f~Bd~5a_zlG|?a&5PTmKR8
zgqO*9n_p7$Kh;)HN+u^K|Bn>6%P^Dq;TJ-$_kZaYvsR06WoW@N4}9CF<wiG;j<TpM
zN4LBx6dgE6P$SdO&=}oMNJwzO-b_z#7OD3b64m0#M0e4!vs1(KeE$9bqABpiO3jCv
zjx;$YUVeVSXTO<t$DLo_tzJjS(TmwbfZALc8=2l*US8(R(5n3@>hPKcOlx$1cbQ~h
zoUr!$ck6R(mpH`Pm3I%l6@;9N7<F8yTH;1`Sy@@37&`da5^Q*2(rxhl`y^+Su?Vzk
zi%Uqff^E~Xu#C==_;(lo)%<SD_^=5J3&Z5ZjI^^b?(Qcsm>Klk#ppv8hyfBVA4rV$
z@;~+Tq~<zUih~#V_+GK*y8#bpuCE7re;un2k-1R#>620M17|2Yo^EG^f=MlQydkW$
zQviuPLqLFA&<D)*m~$bK&)+WR=Hx&TUwZrL^sx0oFiG=8J8=m7PweXHA;S5Xpp&Rx
zgYBJuX$&IFL$mjJ&o3YWGBRn4zst(Wy?OusWM^k5v$cbh6Bl5?`K5F<=f%(E0Pag)
zt4_~)eSLnMfM|RBmekE2oh{}7`ZUpsW`9mJIdCI&w6wsXXlZFl+$$O{Jlzt=%**TU
z6c7^wA#-V>DL?nm{!YLX>nbvUE^w(4pQbnzm+|g3e=y6H9P@)<K+WSAy&pNZrsdPQ
zg0O+}pE$)gy+5hk-{f4A^7uUYHkkojzb%IJXl<C3loU8554X7lY?0^J=NdR0ES5K<
z13a<0ukQ?l=p~wmu{nks8prVfwDaUgbF|FN=+-wj*1#21KU0&4**C-hCP9RK9jVaQ
z*O#7?^WKi+X}EEn9Fw_)1uUWycufL<@XcUElCzLO%wBT)qf*!}XW(6-VPPOwU0IBu
z{P81E#%H{FV1Nz;4>%ZQVL>0lY-VFKJiYnxt{gmsXYs`9ifxVe6jZlh!d5RmtqYfp
zjEza*o2Qo&iKq!cf61X7783BMT`FK!Pcd|r1mu~~j1jOhT2|K6fRrl(K7i4qI5*&W
z^ddH>A%e|&a5x$onr6FCwpA`EeGzY|W@cyOC0u)&-@F0VtQfU#RdmKfw63lW8Wd`y
z|Gd6G@=vo!dVapx7inl9`8XE!H2LvkApn%x?+^(fDu=IBO)J09<2z~;Zd1Zor335v
z^(zwrG5R{v7WcK?d2(fCyof*oi=3&Tf5d%61F@1dee*h^-44~$)iv|JK)?{Hs3vu}
zBd^ukPqMJE)b{c$)Er%1DUiXOg5VRrxpW1T(uWT(#DtW(B&|?5Iy&Bc#`t*o@}pXg
zr?rcZZo6K-tWt^-;RP0a>((vUaZipy(5C>Vd?u8<bEZ?f4iEN#8c--GDBM*HI|Jbz
zZt%902R;8Ikng{YjI@6INDa<RjA*GWa#s@)$ZzN75`!i%F^k=geHNYF-ErmRUb)`=
z?d|c4AGyu$0nr&4F#GoH+iKL{Kv%XHkg^!qoB-DI=QJ53D)Oc1+1c4au=Zx0f#YB?
z&I4a9d-`-%)P3ljp1%I+U%!5(-@7+HS*K<G3qbXqGm^Ms#oyVLqX-QRiVcx_^eW4D
zRL7JpKHj@Xd{(OVqnN{M6do@RfW_=ps1UNkAta>xeWJj$tIV6{OkyU%z9Ezpi0^1!
z!1dgc+Gn8PC*Hoz*s~wKzjlI1WX4EIW3HW`_K(IwWT<WRZFg6gx^TEacH%@0?xK*O
zAkg-az}%$yg$3zd<WVnpURa9k6eEeIre;xTDL2u8_sbq`oIig)Amr0*PhK+c{z<^E
zTKtA!2%Y_wa=0sH=X?{?QFb#royEn)V<2>Zek;qgJl>dV>jL+2`N`(m(KrI#$KL|u
zYz4Ar6_6hQ>GWwj;PZUDP#p4e{AzxVRMzw7$oa*^<mX=IXV}@(rdqEDL`wpNNC58O
z=6L|J->Aq>I7aWb_?3}cV6T0-Sb2;V`j5UT^3jtgZ2-hTAc~85hcxUt3tv$?xnQx7
zO2B6NBTZOB{AaaDNKVKQ|6hPxLf&(q8*MRw%q7%4@^W$%!Id_HcNIdO>aRS1!Izbl
z#VjXf$_p_ao-1*`;e`t)j)Fnr_qP!t7jZww8+GPh!;_b+ca<+*%&U)koSwl2ZzHK~
zZQl!siW+#ti&Z{*rUFmre0h7{&HC@j&!0bs$LQXc+tx4(SETm>O4Z@&gO}ZXb4n7v
zAdwOh{Z`5apZS!O?uAP}xX2Im78<F%o|l7ww^G*dqVwH5BRn0-Rt>r91I==4ioFn?
z&l7NY+1VYP?*LhjA3rV|z9|gEqHer-n1>h)gfG<^tuC*2HiZ4YX<$8~{>{IxZ~oSq
zMAVO*2kE#cLz4LetZ4#LQs>CX$OKcq4&LHqI*{2A;}crBE7g8W#8#GRuyGRS?cH<m
z78=ol9HO0}A7OyfvJAH1LHEz$7dK;KV(9mvF^q~u_S1b!|L_dsgS7-mCMz$$IigRe
zkAZ$ErZ|F*jt*d1?>7?r;dDs&s&}t?0t)lny*-*=-U&=+WH9EC7$M?Yo;`oA1`lLz
zi7!;+`oS<AakxZqvw#U4?nC}=VnRYpVIenkwJj|#XW1v3JD@W%G8mO2WVcKJRZn@_
zAFL&z)7ZL$l*|a4foszm-hT#fL7hO)jtLh)cd^4Z7ZMy_q|FQWEHWLkFJHe-f!8ow
zXMX}u|K6_fYjw35m|iX0yUoo_tEQ-nFwzj^t71g-Lg}+->5CVZXJ%S2mOY}0wqwdu
zj%I_X3e<LQ>t{y-Eq85)1zne5)Z>SyrT!l?FSK(Xao4mrQhfeE1Qy{=Q4x<;ai4U3
z%tLSR!pX(Ok%bKy-|uJy6C<PBx6d^-H6giMRqp!C3i?%*l~YRBV`Jfw>-vzNFJ)&9
z4|sTZh-Cdzsiuaq<l79mA8Q*M!4$LAU*B~h(yXMRFf-={mG#5-Hp@+#WW1nl`I;**
zMCfSr7?g)}y_J;~ERTxN7=Grp6jY+#07tWJy!TQEgS4p+7TK~!kl47mxFll^C2s*K
zCMLne)CD*?guYro?wAmy$teL>PtPZk_8De^-=DsblD0R-V63Rw6s;aV9mycbhwAC+
zLH1(%g6eIdsGOYKsCrIMPfxjMt{&eETbm~}?#Gdrmqh2B2l{R+Zxk}Rv;l3VWDsow
zM+a`j{B9noBQ&H#I6eJ&WPpY<>G|jEjI6A4CHlD~m76#(5VsT~ch{k@%8VbP9LNg~
z`W$Q^=)nTKU>kpuo0)lLeR-tDe9^6IHN#jJb2#vE;GroH`8w&yonP2OO?1-oXLg^F
zv9Y}KpDoOpv;n6NhG{a5PkdaRYPH>nd@B@;hR2^nLPBcm>sx`dW2kptzKrl<dfU8C
zgr68kAk0K-aQ)F&3}G6|5N(iW)%g`!LXd_CFF=7_3(bVu93*FNPc!u0B`l<B9&4yq
zc%&cMNSuH9MWhL#3V^5R80Llg&6j-3%kRp-wCb+~L(0g9Evn@k7=`5tfE@p+9TVoZ
zv==jf5!j?)it76M57Xl7o=lHf>$Nl5+l3w}vl+X%@Ij5sZzdi+QYHltp{!QV<`{!-
z@tn~vtT<wFN^&U2m}O){iu?ZNdg4cM0g;p)Q)Pfoosbc5%ABQKq6%|Iuf#tLCi-n*
z;gQrwK|wX-!X&PHtQzW?;_Wnyj9)I_b0XP$#rk`@q;X7tQ2_EI3K-zAy`>0>cvIfq
z-tHlu0lvO&ztmn#+gX+GEG{fBk1a8p&^b<nrI)A=l`+FA8-|9;f_I7pBbZal%SAvX
zcq>Y#p$o$u`!W3Du>i(PCi~GNL7@2ROHM}BAX6Bmi#6?MhF8VDY@3*9`Wn)2D(?Vd
zDMzV6UJHO)n`perrAwEH*-kJ*z=kf<m_Jea^u{B7^+}UzemMP%7xRL7ZhUjGn<1PA
z&@5Uo(Rh-Ydgzg(kihU+I6fKLe%&zQ=NK3u@T=VPGObpI^KPA>W+PTz3OwsUMPQD+
zz*UTia~`0$k)K~7spe?gHayG>S-elbm&vdtTv;+KEbP<Z;JN=k>&QcEYy-W^XXn7U
zKMf5rcpB})Cc*>AF$UcNf*`J6NlvExOZO`>Hb7{4^Wg(wCC4}vz9J>z;p1xob_y1u
z4i9VFH$`<X?g5Wj-P*bir-4{f#!ed-qJ^d_zN-|;oC-}A<BbYSOH0HKDd?I6QnAA7
z2h=dV)0x;vRZ}D5>E-o5>>_aN1k`7i`?z2QaBu0-lfe3pFZ<dWP)U%OmDRPc_IJ{c
z4-a45-mVX9s2JA$sQ@;@-M;iqnbJ4$KR;7ZR@384O<BP6+88`t{an^LB{Ts5^UQ0^

literal 0
HcmV?d00001

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_loop.png b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_loop.png
new file mode 100644
index 0000000000000000000000000000000000000000..9914031a3becb115854bc00d7abd1ccb7fada365
GIT binary patch
literal 40224
zcmbTd2RPOL`#&yZm64VxD;1Kxh0eio?7a?=?Hqd?$KH~Pl+lnCLXyhNtdNk5jI3lO
zd++tXPrW~%&v*Q;-~amm-&fZguX#W3=Y2o!$30%r+M3F=G|V(4BqX#dXhmHT5;8^-
zl0$`56mX=CeoTdggqqGv$=J);#}4acOL9R(;qPx3gasX3J-sf7C|(d2wsdpjx4~N4
zdssSq^1Il2!67*B>}rFx!`j;Xy+&A2Sn!IV_!SXBeIbzxA_!4I_@A&izo?K1=I`~E
z_O>qnJWz~Z5FWs-VQGzZ@pAQa;Q4!nx2=aK*45?j1BFERMfipOp0M?@wEue)qvoXG
zY~-Vba&=KqLW&#U(YDUSYebYl^nYZ8M`QnyO3@N&DM*m?viBqC>S!aJ72U1Te=nE7
z_^3LHYY3w>tS<<oaF%#I9SIK|q&LpQ*xkg%$k))&&H(4^i?qi$3M)FAsJmGCx!Y<Z
zl+ik(&TcLa&cbR^?#7x*66z?pUEEH@O~Fo8+dx|#{<3p)Qy_>-7z;V6IQlpV61+7u
zJd8|q5cWPcl6tlx#!Bw$y5c$xzIas~5hooh7rZ9i<gTwHF6iQ}rX%8JV1?JyP}L_~
z5JtLdm}u$=X^D%PxO(|2stdb&i3?*)T*N(0tnFQ0tsHE1H5}c%jkLA2^dtoFuKI2g
zplp;IT3OItLKLH=uIh*u(h<><)bv4#>U(+_p%lb@oGdY}em;_3BJg}~HC<J8Cvhh|
zAs26gsED4Wq=v7vx2lAir-CoR5wGK-rRV2sY~`Z|Pc<Sa>*JkNtVO($ep-UInj$C{
zMNvC@M<H8y5Y~gB;Dy(c@X^G0s|f33G#vGu91Mj7ZLI7BHH4IfRU{=%;DsoCT~8+$
z7hwell#quC(n~=D3<0IB=|DglTN>!uxjOr3+ZvnbdP&-=DX1C<VU#7YPF7fNO<iwo
zCkc#=BLT1H<ESX?0I$S}3tAaEin<CJ_*shDi#u5%HPpabkwWh7_IP+I+D%MYNL|6(
zUCrJF3CG<;)d-3@Mn0~#ih7PHMFS-bF-;LM6K^e~m>NzBZcr8z^7Hk<SUMRindsQV
zP9j|$1Th#T4UB@XvZa@(mywo~C(;=2E2-=TcH)W?!s{5jVf7GFN_sw$NG)4}CQ?g9
z6>sS-q~_$JX5jAOrY0zaRC2U+!)p>$bS<$2brCfw69<$QTG$w=Z7-oHhP1L4cJZ`U
z78G~3M>*orb|`nGq@SUeuYrlCg0-@;vZ^1}!3u##Sep1?bR`iuXG<wX5pf4)Yc;fq
zhpw@ZxGzpi%EU)g#ooxq#>m42)?q|kjGuzA5=sHqpyK6g=cbHB`r2t3D(MTNwKd=@
z#?Dw0epuQn+Zh|;QECLdq`Rso#zs_7*H#0kC2U}2iE%epbr5q@vJ%v?HMYh1D%<Nx
zYC90E-45%mWMg7y;N(E?l0Ygr!ApGfJkj>{LbgUO7$+wi4=bFw9v11SrGWJFmC{G)
zTiI(UAza<1#3c3I32tz`77~Ni7In4qQ9}B7*n6Y!zBqU=oDg!5!YMl-;5P$jCvR&F
z6(L7;4T7PE242TfAMLEFg|ZQKmOy$LVo++<1RuCbOG^h~qU7l!B`T<Br>99kI%2SH
zLIy}%6%PYj1s{D^MFb9|uYyFQ@mL2Z7leb5vX(vEh?LTGFvMbgUHlM=&ID(I0Xz#Q
z;fcTtD!LI|{4@+T{ItESJ&c@@R>lZpl$V{jp_Z2kMq5?f*Ivj&LtDbh0p&qZ*K@IS
zgooi2#NmFlh>3x&vIj!lS;z(JBckk~Yvt!4q~_*qVlOPD?doHtuJ2<nBC4h+=7huP
zp}lPML==@IbZpQ@c7`G-2Wt;4DMJHgw5K*g#Zycht>hr-fFu~J8+gMTG{hAJef^Zh
z9c&F0eO2IP29kgqNGn@iDQzRPj*zmbHEbzTMN0$kX(glrFozOFYHQp0p?!_DaN^cd
z1Z5jrO%H^ol`uxfNz7T%TS!mXOGI2p*~>=3#81^wSW}B&uV|^N?C$M{^px-<`jV!y
zxRk3R-qqOIN*Vst))JL6P=jAQoNU2-eK8t#65dui7*AngD^Yb5JWdN~j1mzv5OgyH
zMT2jsXo~21YbdKaYI#clOrWeCd_0teM65B6I1gVb2ZFLa(pbmJR?5oI&)vz_8Lwca
zWq{LhaI<qzm-0edIvPr9h&y`WTvS9wB*k=bI4fnOorsEqt0BTr&{|ks6Yr*~gA&oR
z*F(5CidpKqx#JZS5Pl$_o~WuVN(1YvL|lZirniB+qK1+v!bHJN&{f4%&DPdULeI<H
zSXUXLDQd5wDyfGs7E!?Z3Q5?h3hHWTYHLe6={afm8Yt+h;?-PnqG$w8%fZ7?4XJ?^
zcN4T%(6JRXMvAGrI%z7oy67TYHMErVtlX{iG!3<guM|fL8rmRCY($i$TqFUEkOV7r
zF9@1QJvASDPj3%FD@{*fJDh~DowyoKUsT-4SkzAlELTIw&>JJD>?y2mr(z_A(<WeT
zg(dNZZnk<hzWQoNyrCe%3n}iRYT}47QV}zfzzShq)UA9FSU*XmgNPnZ+t13+&i&8c
zi|ZhCw1qT`)FcspYD7n|wnwNKx)5zfSlmTV!d}5d&q@-Zf)w-6(i2o6Xet>QySSrF
zv>n|fkva}KL?3ijLc40}Vyq18L|t_p)vRsAtk9D79x4(Fs+OKESYKOJdt0O;(p^hk
z(^1^W#KGNH*hy30%1{F*tZ3!v=p=&DAPCy2su)P2v_<WVv<PCFK8~IkQEQ~Vo`$BS
zv#pMmKEV}Uq#=SL0)V|3k{FE@)Kz>Wj6B5b#c*y!EOSSpu*4M@D>*r;NEyNPSSd$u
zLuaBzVU)#iqQ;Ikp85zsYm6Yu1tF>~rmP|*>|&^@Bjg7cqa>U?wAF2h4~Bn|eqP$5
z+CUcI_kZz)KjZ=a{)hUAD0zL-3?Lz4Cs9#E==(gKO~LA)=>7O=BZjpV)4von+WU;7
z>Ew#LN2~Nx^6(pyW-*O@49XtQl#gdheLAG^?AfP!p06Fb?ze91M2{*y<0hs18Np7a
zAtI)C`59+Boja>`f7J%%)PtK8Q+Bz}cLIC-dfw*0$S2Sm&OLllT}HwY!GNUVh<Fqo
zS4r~s*SMRM;pBf0*E=zBQE_CQYIhKo#802lOp%Tp4nDZPO)xi49aK6G*H4pEP$Q}G
z4pY#x9*snX(w&oLmzHKeC+!u&K)Uj)HNMgTE<&fgXGc(Rl)V4>AzUbE*C!L3nwol)
z5zaWB`g=R^H4)!gh{tq~2%<rxHxhqeeIt%Ng2Bp_cnp2z&tvL;5Rb)SLJ(mL$XnGP
z{yduGkI4Sv#ACQa#D{XMQxK1Jk^XtnEbaf{MMqh$GX41R<9h}E^76{c8~lu+q?D8p
zx{LE3oBT~o!6$**-LMoH0;ibRNjUOqS*D?(0j;6Y5Kc*-S{dY-RB*SFuwZqtzjrFQ
zmLonn`AC7`Wr7eD#~Rh&H-iEc?y<_YXDZWkadDv!e$)h34k{H<>+0!^%+4O=AU{EK
z82&{txVgI{a5!A{a7%M@7z3$&TWa9E>!Ttk+s&=5k^I7%x0^d2Z=L#t>l+$OcK13m
zmFs$Y%TB2&QoZs1qd8--$*(El45YA_&tJYIJkQC_{xCFj4oNjWG4XhJK2!N#x^CW!
zwS*5(Z8eUaK26C%{_1+AUB|`*Dnt9mM04V);51O&&L8dFG7!OaaZ_<<!+(~k95x`r
zA(A9MldyN5lU99iZQVRP!cdurLi6glloVPLpUp*%i(08iPoF-$x-iW4;ll?eNjG*H
z8XC8)Wm|0Doznsz2L@Q8=*}VGj&yzAjzSB0vv(fZogUkpn>SW}cc8xY6k5<rNJ#kj
z`f{+dlZ<_eQLwS$BKdhwe*gV+cmBw)UljKC_IJ<8oT@$8mm$%g*=S3XzxN@WvaYF#
zdZ+?lS6I8x+j_Z{&1I+}a-huB`q!7oZg_m;ojXT9#jr#T4w{i%gFWJi2#JqBp2UBh
zhNPUZz<N>R2|37IUQuE7A?z?W56}Ie^Srz?vVN-}aAVExvRc6ANEF!4_cMPC=p{1<
zvAMaaFFpM2+i`Pqa}w19Uj7I$^SYa~3LYMBJ7!eb0#}bkFgy}-Jav<n<>Hn6Zd{DH
zv+%Ad)uG_v;DEJmBL?KpI(qq+#b;Hs86A6HCCa%DmLEe>?M})cgx1#97S~)cEhXU&
zJf}$&djGt#6)cXZZIDM*RW)^Ir}x$MaAZbEQIUvY0VYz&`qMS4(4k5~@*q7u>(%$=
z?qliN+^=tZAl=<vX>;@T{`A_ij)Y{O)EO)TO!iY#{H3Kvw&3@$A2gAqMRu(pKSmzm
zh#=lbLc+ttqr3P>#6EVl{|s2~`eC98e;2Z}v?Q)4ARwUqjkR(y_8Z0ZN^hlPacAP6
zppF|oFHNZE=^thX_*JtaZ}ASC3s~(?2B}FGUy?fe9Dd;>DR{LSJS>0py29bwx9o3x
zmaMRSg*DqWU%!66*y1+!iI$3k;nb;%8hX5mo8$3XS#6Z`tO;TDt;rG~+jvua_EvOs
zGy{@dSa|tet-Sxb6BUQs+Oz?-=H5N6$ZH1c27>bP^0R~Q^tP*T-MmywFPXL1yPtpl
zjE3uezCVQBzkTvDd&K*>fifYFaX7fRIHExE9{d_y=Zyl<f9k(}uML)`pgVi(w7Jir
zz3nvxZEXgmf<lIFp0=?u6$v*VUxaEl(!qhd)O9$vCUEDOP9};;)FDo1;;o!E_X#Eu
zJN4|9O8g9kmX;Pt_DKh@W~_Oi+l}1M7Ugb;C&9nlGkC)lot$14&w@o~XmhJ4aa_De
zfuypru^|aLaiUqgv=%>;bb@PiY>Xp<Xstql+g|Eva_97(tA{d>%I~dy^9-)lN+Z6l
zlaQm8Mh9=g25s$;kX*QM;d`~e#B+`0o8S{_T71p(_6l*vrA}wS6h*NQii0dHET}l*
zl9DJ+pMFTA6<t+beFj!8@@M6mw_;;&MnzGAJ46KTtdC56%drczDD1Uf_)+~x(2`V|
zFn{;aqes%bc|!B^^WauuQgFtfxM(R4u8>X|FL3LuE!(;eUsGf*i{8{kqjQDPx!pKy
zpO|BhJ~P+)!mvOAB?<ra3UUr|Bodirn<^K`dpP>Ma_lv#Lu_npciH5Be1^ZSZfpz<
z4Q1%_UJmGOH_X}%B2lf2Vjv}>q^sZES{a#~G{VL`lJb1M%B#0ET<$hPnxLA!`XoMd
ze{V+w&0u9uj1afZ3EF*O^6~dSFDF-H*hBdB<qV*TL9TkwVfo!fvIvG-w{GPMx^68`
zfIUH+y4H;tU7h*{ZV8d8bC;Gyyh}CiR!mGJ11TUDDalpeWkuZZjcb`5XauK>3=5LV
z>HBNg&xIedUs7aFGspY_iwxLw<32%?DaZsyT++c^%O)%$!Vw{etFv_2xRLG@x4AW$
z2H=Cry#FgFC&zkz@LhTEfm~HpReOd4B{tQ(FbbIg5v~3!F|2*3C3@=eL`%$bS)avg
z(~kk6-?y|JX^cG=pBGWm)}3$E@xtJ8UQT-duiqV+ZeCvXF)R|(HhUy)2m65#z7SNQ
ziI<Hyd3dP7YjmwA-qNP$(=Y-)gy`l)Bqy`Po|WRPp4MkUjDq4$@=mh_ZE`>iDs>sU
z{r$UfUVcA7&`+=eHv%CFfCnxQTV3^<>dyH1@#Exvkg+inn3a$<1;2UKE$4w!1O$-&
zV(i6@I*<(fwQM-(j%k?-2Opn0^PMrU2@=%-ue;1*G!ia@*AR%%)q1WgS7`6wzYnIA
zX#NmW8&thIZD?spj3Hmd0c|;mXq)_NeQtn?jxLEg4Ia_!P?Pai!m)=hA~G_=qBaP&
ztEa$JII(;kf?b4eUj5ok@60OU_U+q0fBp=4`t+&vPRvYiq1yF?Bs|1|_L;R#4+w#%
zG`Ya6wwpA*NF-@Ur_p0+uixynP7>a;#sCykofk4~H4Mf9VokAeBqRa?0#n_b>0Y&f
zacJ9f5-w+fnS@Wy&N}7s-CUj>s_e}jG}x=*K%bfIEo7S?u66a0Cuw7LIKlxj?v2Zk
zG?+wrWhI%<x^#TTk%9JhZ5}5o9qG-qjHUJXOInLfm(tKHAnGRWIEOcpF4RBoa1dQw
zUJiTs&?u5!M^~4WgB${*fQHEGY>{OhMb`7@&x{JqH`jVCApX;HC#v3MmBrAU$;im~
z{Vj*yd*KHyKtlPucOwrif<9y@ME#taqP}$LlKNxehTLbS7B+Tv&wy8~Z6`yBi~Ho5
zdwG7SGOE5_5g>>u2CIFJRW9HbSioQfUX9u7>*B*e&w)FStajGtw0RSKmdB|>I?W$}
z7e|baS|ubTplM&X+$5_uzXuutZ_lIT@+|jVxyZ=K2&&A+T?wA)xng5)KL$aZM0;ED
zl~a3_{{}y+tRGik5HN-=oS3k%u=;#v%R_<lva&<7)(EOMv_wSmh6pD}!?>|9+z8Rz
zok${{WE`7Kx?<|KJgzb&@aoQ~D<2<RP|Hg7Cb{wLxkjf2!M^p$h3X1U#VHc(&06n;
zfwDsLvK7Et5FD0Efhl$3p?zWJ3{s~nMA0p-twmxAPyoiFg4dl3hP%5Brt`47n@a%F
zWU=RDZWb4dPE8s0-InHv5ViRulEN0dPHIF1InllH^hbZSChNu-7um%Wf2qLFut!`2
zHVn``I!Z#KqN1XEi$wKu5(HRafB6HnmzDDk3#NDR&zre<dBZX@Gx=(-pR=;EYA<m#
z;#s5x23qDi{HkQ_(#4CaL(fi~JZbs!eQ2kvub&^MtZa2p&>aTk_)Q>ZRucNBxLB|H
zgkZltM^GIC`yBuEi!|f}7m&$p+i%~#f%7emHD<G0`Xn~APuTaFhnkt03EDO%NdI_i
zfA@^Y^RLW?Mi1+v=zG;%HN{3CR+KDD>*0a<Al%*Et9MTUSH47azRC~!ape$=x`IY?
z(t?EjdIuP|fF5UKaV41PU*8zGjxvSSM<2hGg<U(t^(-@UWNz-dK<(O9VyF<Y|N8m*
zQ6S&=KQ`?mc#;dk4S>4)(r5!s3rko%QATXOQQ@maT>PPT;So_$$^|jUb@V_bKPM(G
z5QK1dVRv+NbgFj^gMw;SMPEM8%F05^@*P8>uM@fc8<u9uXch?<;67S%Tjc&5^J2m>
zGNv?)5TDv{C4lfikcvc`--;cM-rL!*?#xob@5}rWwERe(*;~a-%9}_7CiFn=GGMm2
zFg`l3Be&HOc&)B~3U~u-@d(7X5`(Ld)ew`4dKd2D#lCihc%Fv>7W{{!-^O^#%F1Tf
zt{R@=(oDU|qv7f9F2p=k{t9UCjp_}$wX0#_;VgsYq=yb2I*Iak;YK{0{oF<Jb7tla
z=&T3T0d#|lsAgU2o9sH;+999|P5}X}c}|1oBLY?0W1s2(tm8=aP$*PP%j)KmwJ5eT
z>(fl003GX9D&U}096#sgVxB$Y1cV_ng!8DoL}-8b@U&){+?BvdkiPTt?^my08Na@P
zNVMiXEA2&9Q&R)ZK*R}BQqnBniST-$mqZH$7$GJ>K>j+bE~q8lfZ#-A4ggH;Wv&+3
z8|B$*4@pU4+2r|CYC+`Ff6}lE3ABtocP$m?pS*SK<>x_vNtLZUrAo0n-F+mAp6yj4
zzFX|^<Hwu7Gw%WIB0BNL{B^9&q+H<kjggO$AV}x$&fwi8O0bOV`yHqG&A4N3INt`I
zjwPQ4mR8r+*2Z0&NXrODz<^ALX!8BFB^h`c1qXRCrl9!ch%p4}qw)v4MO`TcBhkhX
zJt7!7%TIxT1AhgCJP91N$JE+X?J=;|u&^*(RjPTl-v`JT`1$#Pp1w$&*C8V#n+ZG{
z^W?^K_j5odbeaMZ2@*s2WH@t%nuDC~tR#D@#TzR~&@MJU2U^hZK9nr`(A3efyG*I<
zpajSQbWP8udqrR)ksODwD#URQq*v_bYrx{7I?6BpTOP8;#zsm2YB5aXM9ahMOUI6!
z;)BGYqoYHN-xQ6eqBzQ=J+{_$`gs_U>SVV;<nH{=*^+bxh<p4+jgLT4h<tE!dmBj=
z3h)#^(~B!HuJGbP-D9OSGBTp#cx}_fNYWM-0c3)K6!yN;kH`_Tb$Lpp&dB<S4h|09
z?YS<8CJ9MSHVt>oK~iBQ|7eOV$GS0AJ5L`ZBVuZ=)7!UiK?UF6SUZ}P0^&gk>-CXc
zYgl16&DZCJt$r${=a)!COO$!JTgJx<Yin!ZHb4}J1QIB_LWZ_J730SI5Qy&L;&QU5
z(t8e*Y1?AOiw0U|U4QFXNog>Y6!?fP(D@#~jF#rekt_TAY{9#Sz`8SQ-6|_8kQv%P
zN9v-)cuf(AL;a=BrkVJzOTWme6)MSNQ0H4A&@~Re^K=KEOf$nO?!*LCuvm*tF2G?q
zI%0$XR8Jvuq40X;Dac+<LgeUKMj-R_Rc9_m#Pt)g6v-?JSxiC4#@Og+*3D|j#2Wfb
z90A8@ITQ=Lcuc=7cVGIOHo;B+eK4Si4htg%#~T|92lXqWP#?RyOFmv!rr6!v12!L*
zoP4LM>gwIIQjAEdfStKApY7E=9mz-H&dd=E-{0CEA(AEEm0t)d9osmte<m^9375h0
zLqAOf%xInY=#l8U(7$4d1#$|x3`$NVCcmZO5QOxFIk6x^_WtMA)<i#Cb4yFUD4MDN
zTExwpsx2(*mbT|r(_{#m{e?)XyG%kzn&Zcg9b<y+-d>#|BPsWsq=S^kLA12#%VUvj
zeB$+<kP(A?AP;0D5HlcLY^_W>;@OTNZ~dv4V1IUH#nc1)gd`Fcs%L3l8?*;?mi>>;
z)U*XL<l5WK9SgMwE<MY*66P~!&U8;t@rsCi%QeaY_fl<4{oK~34E(;N#S`2;&nWk?
zh&^Qfm6%~D6RG{F*idL{_&L+i(cNSqt=(HUjr5fv%ttVMbZ8g##5z=q_t8Kkyot=X
zW@h$uPzjPx!M`>F9-Pz=9t$L|uoKlym>;~4@-0nx|Na_K@ZQmd<1JJ)G#?Xq^v3xq
zIO;!H5^F;gnm#^~+v{^sjZyC`ve!B*<)Jul1y!XyvOif5g+o{Fu~on7!3M!+<>gEo
z$>NEXz-y7yRKzOLn?n?|%n{Z88_m~`o?oBs)3f9whmclE2H_y$I|(J-+4m9D$H)0^
z9wXK&e0<6W8=yv|tNbSeiD`f5Y5!Ep6E$x|LITmTZ;cynk|Zw0>U@2DJ&<`d;;E}w
zuQIT)2@uOg5nX>sua&}G775LD^9LX6>LA^@<ama7O7_p4){@fF&vJ9oNyA^;+M?p)
z<N0bez>9*2t7TvTF<9K(+~Ow6Op6^tp#;*hJV0E{X;{szzN2S^$zx+<?FOD}uoMAh
zFHnN&MvL9d__)pe!m8!leKp(D`KPw}9SaRwdM$#_EmUuqSEru7Ug7oOV7Ki+zw&Mp
zZmLGaNG&%19menL<NON;Y<wM^2Zg^Jn(+0ESKfU}#D9+CSld3h#~?-A=tnUOq)JLk
zcBaP04yA_=A3o(f(R{L~wXLn}Gtj-{IfyBI%cBi<x(y2q0UDC<`%m<Og5)qDdsml!
zQL}ws(!7jk$$0sb{Orl6?=Z^;9~iIf9pGY<%#`^$9ypqrMBX@g=eyk17HST=Iu@I{
zk&WTtsLagsbZl~FmuBt(1At18g*|81*(yy&{}6jAj(R7ba3>$oFCFClD0Ox9f|ml2
z|FN>N&Zb1iss6-2_)hlk$Bl!(02BWRo6K<b?A^wDY{_eTKznEViYP(V;bmnKjnV8`
zG(IU@>m+R+pyEY}zSmMdi|he`fgM>Y$BB_JG&Gconi>JQ2GqhxNI(r}H2NBVJt-Mk
z2biR&bN>lq?gg7|`-2qulFj^5wCww$rwmr&Rfv8%2&A6?;)HIzCjku3gl+rXUve3s
z@CboGILahQ;yL*>F)&UB$;|v;*T@wS_hRI~EQX6CLZ7xUzMl1`i6)g0%MW&Hjx5}N
zm0N|1!=P@4>kXw((sAUMn-Xa75$69Y3L_HTy(q0Rdnk1xf}v=H_5lO(#m!z7EBZyg
zOA(J~UE{#=#r}^XyiJ=>l3@MmggUmaJjwYpgd&;F?&pAp{m<HY(VESr6T5~_(-Sa{
zkyL#x*JgSrD!bl34DGzhRTy9VYIn3zZ_$FlJnSMJu0bhAC7J#q^xHeh<UECr1^Vd{
zRspp*?Mbt`U$2jTF=o5tYkK@O4<Acq?Bs~{GrA=yLPm4-y<)X{aR!Uzn3PmqoGlH9
zjR0A80;Z@+v$H}t|0i`Pzib%qhTN#<{7<+A?zGf1KK08*>du)N>(^3zWYbUc@#Z;&
zW$f<r&CX6SpCg8EAE&w+Ku0-t<i5vJ#w=yHF0Q5up{t7RUY1sw5WcX$LHFsjRSSnR
zwpxbs_+;VWtN87}6w2t;K^EhR^VG?8MaP&exOcv0C-j*8VCTs$#`&gX^;kKW9SWjr
z`_y@k*MWa9x7#l$<#4oGMdkOiNudU{&p9xjdh01@o&s6l@T`Q+7ZdmgnB*K$i8s@|
zqE6Ipiu>LECA!0f@$7FzgjtT1UEt*3iJg^+(Z%d6Q>gG{8??-Dl^C|!41f6O9R2-V
zqTZNvZ~+DJ`NpLp)EsY&Y=%`5IxFHO(5gHI81qYcC6xjf*;>3Wj(E_fYIb4bB$E>E
zDGeBWw$V~c=&$<sa#_O8Y&95{UpdwozdUh-ae&UAgM0butW3BrM*iO~c1F+Nx_U1i
z@Q;nFXHHGQ!7OxECPWt#{GTfv=I>R9t#M4Po#qOXd3@(}k<wdN$?W2w3EBs`s`*L1
zD*X(!F#`29zpE<f867vCkFYmJrg!oG=d?C$%;kEm?f_v+oj9typFf6*1f)dk`X~Nt
zL0ARv;MtQ-^2@v8$L%PiKS#8D_g<}<WkK^KYW-^yii7m{2NA#B#dHM*6RY`bWlyBU
zjt>rKPYk~A5HWe1IQH=Tr2Ew=)ww?#WBmGx&iXlZo<yVn+)rSY1hVKInfjobkK%Yy
zp#oKC?&ewbr_wBY6ubE!g{yzCMV#@hDSWv6g<k#Ieo1rVW5LU4zJa`7lE)HsiO*S;
zT9(G{VXWgeg>Fdnmk>e?a~fIBnY{@Z5_iD+abbfS?;WZfk#RZ!r58!OcXh(0^R-MZ
zgbTe_(X)5IjNIx@&~?BQw`Xc)9N)QJpc!YpScj_W_;9lI$>pC*E~m+(8qq7A0zVpa
z-Q!2T_fXRnB>a~6X(5>sK#fUZ&1mdi3@W^2=-N+K$UijFu1Y;@nVH`F&T^Tc`GWt(
z$ZZm@{YL-a-<ysMf3Y~kL0<Dzj=mOE&$+A5EA73EY}7PgW9BNBmJPa7b9bn*IEnI)
ziIr<y*g2GwfQkB--C+0R1kikD$4EHH<<cb2U6z;)+3=Tza;J@%INZHWza;_dEApXD
z+ATj*SoQ0!_uTdLce@OTomfbCImj=znT6yH^Fx1R$UpeTa#>iN^<o<JJ_GVb$by^K
z?D*lvQcb2Y30j$rG(k+MiKkLE1$BYuy#><aZVmO9HM?mT<)dsl`DbEhDWB@%&i%^{
zv(|R1*kRGpa&ih;ZCKxp_LuKS&o>5yelB<7QDpjc;LS~kq<T59oP2`IPGDQ-iM;(1
zGgOSOE>$%R%XnePILLMR2S1Puk8B2X9*u8lI>u#H<YMh<{Co?+DZ4>oNRiVV^qMET
z=e%oNf-a_{N)uCSa5y^RrQ^x4FvFZE(80)_xt7!SQZ^)21gnwSitsWURPkV`55g4t
zwk$8{0V6N1)<MmDsnWeW7Ck96ksRqWluZ_U;i*E=FB(v3h@?h?(7-qqBkbno^(@Zw
z3xt)hdO#ILN0+}Zx7Kip<I%Bq_x|Qx|0OkCFa9Fu^tXG*#uo17YRP}fQ#pQ2#Gmf#
ze$_diMn;=qO;w%}eG2NCvKQ>`vo8((Dzv@*CWEUe7dHGxcf>-WcxtZ4)%wlM5B74`
z{z_7qV)6Df(coYk&IpE0U;FY7=?&$J&#wEQ2F?uT6lJJN#nJw%`pBo?HI2x(O((fD
zpC829R(5sMGfpnMj!nLH>Z2FU?y3;opm-cGe$?t$P*hzF*|CE)FSGtrw=RFEbd%*g
zN_eLAOj3#(evJAlGQA>S_}Jhadh5VXnr??q@k`YfT8{bBj<}v`o|G`!7*tH%IuQk>
z!lEU;Z0uvB+dz01b&hAHzjoh&o<PlcdpIzy;SaUzG`TOB@)w;($-;#vGEF=Wd$ZmB
zv^&Al{wCfidm`yF8hp@+rUf;hIM98BG4$ADs+ht}bfhkB*bu~Jj*r!guSHI8sNJvi
zzr=dsQii0`b!WCbgU`d&WO-_*$GQ@D(095&*UZ7@pF6|#(n2Bbk>HjopG8^gXFU~P
zq93|BWGjB|AkQ)@4{x$)gAC4}zVZCtXrN>%{-aFl56KjdGfQWry%zQkJrOfvU;B8S
z2faIYg>Y6jK2k&G<6^VpSD(!A{HC`NXEh+Le9}VSu|Z}LAmr=<;)|fqO6rAJ(AgRY
zpf?L7In+476rJ%daqjZFx4!dOj9}^!Cvq<Ke$OAtxb=AV!l>b^yp_4kgw7|;?3R1X
zVG%sRG=ov!cpfepDr;p<6`d|js;S+%QM}6hfPoa?C5tubDB|PT5P#=xnY7=iwpT^d
z+b_HGlwNZ`PD?3WaOg49v3*z!7Ya57$MWs)RlX*VH%tu(ibFTQyZOFu(nkJsg6>Sw
z3l^KCb!krdeF>V41qF8uuE5`RSWYo!m&s(Z&-;!pu38xV{bpaJmfP&hQ#<F6-}f7F
ziQIyvx-TjU)1~yVuc*Ee9b(|p%rQefeg3*L^$GJcQ@V+31=WW5xbKWfq2U1q(Ym;g
z%`S0grp*)sh0ks<j%vSD$roAp)X0ge7qrP5Z>kaC&hAP$%DC>_$Id}8!40&Rlaixs
z49;;qKR6MdaEIPjfG@jiTNEGuMOFIV=9zt;r}xcWKea9@CrKNv?;&`yCv4+hyN1_U
zgVjfWFTVWtVRos3g-^(1mNtD>uG=nG-&YmP`rX&X^)E|&=9{A>%5hIbY|Ul-mSsRI
z$ahb*^3%U&0r0|TZBy^BzlzHJRx+m8kEQ8EgoK;CJ^erzmy%SAKn3l(4(eSPbvLww
z_Rk34Gr2wE^*|&~wykYkdg<&ZG86Qd&c}3&JDHwuW;T`jj;QdIXtw-dAA4Ac)G_8}
zowRAP`|x4!mc=_v=|7^wZLzsWB$+%vc*T8xEq^YG5&!pf%r0?xIo}v$@WQN)MYa-l
z%cs$ITH*qSwN>*B8`%-g1GmV}iAUnpDWgNe&)jNzcix|9WqBhMzPM!@Gx<}Ijg!T1
z{jV%@Yig`L{4ckaKdq#qY85=kRWo#g(qKODkC1d_^HO&oVs=j_?Ux_MT%V#9-g4vn
zMSt%0!Ct2t)o{g0t*>eELkVn2=cR<r*Y}iovX3%$B^jgyhx8?ns#8)Q;B)SKPu-u5
z%<AgVc;`kbgN(IS{_L*UFv--a_N6AaeGJECXCd(<NEeUTj^&+1RVS9H#6NfFQ;j}w
z8G@#qq^N6bl0bC?lr(;-%=;F7x$1pXWyJEq^ewkRw2HXD>_j!=+tY83oN5X(<H=4y
zg!RA8d&p|pU%~VZF?xqhizEMM^q;rW%D#eJml(>XiXJkzvdG~`BN&+EaA6&*hvl6V
zE7$oUc<t0!uNn66h@5`rKK2RfT>wB43=V_kLceyj8se+WidKDgoT)f?CCgnc2D`Ez
zSIdPrOnSJDTZFgvzgle?=G;p8dNM~Vg|_5dzBYAemZ55vRvM+Vj!NQ8vsCaA6@ij#
zzvdM_%`B&p;VXM%)LFz;*H`Z8VhBX@63-{PV~XfGE@0zv)gcM};ZT(f8gD7C@(0)D
z$a}Z?-XW+tQf7^n7~!9Y2X^F+4i{sOUw!w;zLeFqHs-_L_OneS|80TsQ5=rulzJLe
z>3Xi1Idn+VehL;L<7qT#8%nynhCuH)aq1(l4b9^-eWyfDU%NoATd{^jy?4n9k|gEj
zh<mpe(uB8du(?*`cCzbW1vTX{u+Gw|<-Kyv<C1{GsaFs9YL8}jmD+%9zXCFTlrf<h
zYl|3d3>kuG#Lj&JLiE9fdWRY_gw?dfo%Zr23)M7~C@$jgx91~G*>~(_M%KkCHfHQa
z=a2!=%Q2R;u27m0^})IdGKy2m5=^^*Y`APl>&LJdQ86~Tu%d&?T8gldTIqgEN?1%!
z2RWBNLBY`HC}=_SPH%!7)?w(AO&l6GMbg@dzu1ytQbobDK+hY9>!_f8V2%qdUeZgy
z;&T)TNO4CH`rQ7RPSg%ZUN%{m>;AdNwMv|GcM9)!bskbFNNDFXyRh?4okuJQEUALH
zFeh8Yvle;(Ow+cF`+E9eM&_O<wlogZ$^;D~W~eBKQR86w^woC(O`NiWgY82DEIc~*
z(b2c-JBBI+(+RH7>vf;bYM2T1*kYvlNYCm0V;ASDwOo0fmz=tFL!P7POHFIXi6ps<
z-~D937al_kk2>_OhX37~hj`HpWZdU>yRTO(11Z_J4)%`oT=&1WQisCUjO3wp)hM&t
zHtF)%Hjx*|J9ED9UP&XAb>>_w7+`lUX44m_p-N=XuHNL-Rn`dEE_8*9JRS%%1<C2D
zrZoXbT&JK`we8W5BeG7|tt}}gc>D33uQwS!=5~}k{kw0!gZBi!FmFhyzA`IC!&FGT
zGuID%Fy&z$+?`%ij|t%*c~9n?i@^qSb3!M%nxCX3M2#Qply!!@mU!XiH*$R3teng_
z!`)O^5Bjyz)y1R3<w6gtD>?E^JaZ$iO)s{kcgr4OG_lM{OKkeaqSE^0;r>7+3vBxN
z$w3W>^I2Mt4<|CTzZ}%xPL3MO516~H%X<&tr3Wxo-%jIjG`1)S8V`k&R~mP1XM{Yy
zoX#%XeMuFUbYBE*GcJ$ZSf6tjxp4TxVI#iIx>nli%Ic`9dd2Yz7m>#UX%O-S;m>?M
z?=nkwjjkn~F#E8lPWucM^KyM%|0GxEB!Bn|ck5j9fHxRtW_60_2v0Q2T-0p&Y$x{c
zy^NribKoQ?PXrEAXAbWb#h|`MR-)JEDb_586MkWnUR_Sf;Q=<O9J_5b_3eIIY0H0C
zduc%2XC7VzAP#u-At1^RkW@gKF9a6Kg)3gu=Dw)De@fPG=jVbeLD8{Md~tVYxZ_jD
zv2(*gEDIa+k*+YVkugw~k@Y$q<LBj7$B?#hSv^ez&l|x|PT(l(pAokG(kt?!I`Cq+
z;>htVI%drF_>FdL8~ficO8E5<9}}LOJk)tSwz%yg=T!D7)XKM<ul%$}q$J{Ihgx%u
zcogE=_xng-1W9*>h^BviV2l0OSymv|r3o`~UcU(PpmuBflJ@CoIrPhcZ5F=`mOs-P
z)jO;I_i2r4|4ibv#^(Oc_tWJkFDOMOPItUHe-kEo9_>%H-%EGurfD!*&fg6(_|f+D
z<<jwJ@Yn2<d#$xkN`}>eL_S@(Kl>~6sc_-*>>Z8Eft<(E&O<@Ase13Fx(h3+P+SPD
z-M>hLCH`>oY++M5^idY6Q^0rP?z>)PAAb|!2^hcJn;mm&h8I0M7)<K2;BzBvSaEis
zj2`AW#PHF%C!mcA)kdq`a`)e}^Rapv8QdLHyuU%pAHFkJ$X$Qj{n?s)?6t>*A9G#c
zIqGNRe~c4e%q-ZCIS!(bLx4B^(i~%rS5VBKqCQJM39->~&Ge?dIW-Zk_^HA<JEp*Y
zi(Q6?{z+s$5zKN2DzD}H_n<hl7f5U_J&iYaRNZq^#BMQhaXT}(40$pMlxzy{?YSQ*
zuCPZ~P2DqH)V*_XeS}^yLEP&M7k6UcTLdR?Q&GoP?{9SkU3?h$t($gk|7AdrQXJFv
zQt;0;de{2K#^jT%yko>Vn%~Ctfc>eQc8f|}R&QEH#>;d2+eTm3H<aBi5s?$EZv>aA
ztZGfQ=jJq*rg;sfOQdBzJX{jQW5q3(hh>oY-_D=^ojzrr%z0cxJV1QfS%oS$#aziy
z9W_<eb}`8tv18x+1{`B{>WXYeE+2Z_EXWx1V_YrU*5qK9-<7B2BxLs=V&lfXAM-e?
zvm}LDVJs><zgpg(8%_hz9RK1-CqZ9IVmixA<B6zJi=pZ+VMZL1hT6o~&BCOD#fKL)
zY=-R<dP@Jo@=&c@TmMnUr6)*9$>NV4nfFT=*_%Db7cC`AU1IX3`r0jO4JXa%hVB)a
zdVdabx@^2jZW1+iKPAClwAzU!dR7nnx#L8$g`sMJSzXCWV((L-z;)eB-#P$Hm?Klx
z5PVYeGb+ZR_eZv-#gP<YPYz}Y7Z?)+)}Ijj?pwLg#kQCGY!ckg+z`8Yi*6>5+?5(0
zD^sw4v6e#C_&|`*)Q@?0hE*;FIzQ1+F7H*jC8({hPfkfmX_Fcgwf|{NS}dqX0xh+)
zd%vJSNiU`VibSS;Y?htN^BE?dky*dmj7VsEl$B53eB*so9NVuC^a^|ZGdm*h3#wuA
zeZCsO2R{|N)zV`$BLn$+T+MMmGv_5&wip%V4OZD1(Q64g${X{aCH+rr4+j?>Py6j9
zx!l2UXCwOTbIAM>$BeaAFJnyplsO_8sHkXQ&SoZ<TIh)d+rOjsegN~*Y4ykNwEz9;
z6y_WrnDThp%V3!f)#7q*j?>$w5{^S*nNi0o9inG<9_nJspc`AUTO?7j7QhBshtGtV
z{pym?ejPFppW^Jp`yuC8R}w&YmnPn!`^8ra`xkeifeJNsWblq*L2`wi*n`Zk%{9S1
z+4%fCc6aG5sMZ^=cnU(Wzo?l)%MqcIIkQc}s8?$efr?>X!IGC?!4*mr4)&VtCH+<%
z0w*cYb8>PDt{1f}u6~`vte{3s6txQXuX!bO-h?L#IrlKa;MrQ$#G_g#Syb#6DUu4(
zcJ?cJ76{Js2gkN|=%RkL{pjW{Q6fH9gfK6Es4&>4m*66(0+XG`j-QOoAuROVezUI^
zcPj0|j@<Kvo@#J!O&w||7a^bs0IA}G6UcPyO9E5=_>)|uVMrm%<+9%$1C+tRmFF=s
zrJ)ZAr;ELv!fR`XjseoYcWo}CqLSv`smUxRlB%w+UjB`lJ)fd;d4z<77N-Z#Xe|uo
zzo~fi?UsdJ^`~iAhwDFxtQd(HwhP*TX(~x?!y^T+yu<4&3TiV5wV^&Ek*C`$wdBbU
zALbAhJprBe$jC^NkdGgcx%#}&v?5NE{O+z4U>3tg$Su%+)C%3P8NQd$qX^7k?sHn{
ze1lJI^cwT2)W(RVG54RnH?9V{4O_8|TYP%chH4^i&zk)fyO7hkF`&;i)c*O*38;Y(
zo20d=^dLxB{nx!qKi6X^FK%ko!<gRU>Xcs5D}R_wgeidr7<26Cs1_j>>H>pxanaz?
z{r9VPXy3z?d@mNElSY@9m-hgR#X{>WR%wP;&CN~l=26zWIrMB8r}0}EpTAa~-`R%>
zZklbl;&#IhgwoJsnS1K|JJ0i3`uC*#0yV<x+wUEa5x1^Ceh7vk(pM_YndFu|`!;y8
ze>Jls=K3EG?}e}iQtCgFa~$C%X7OMb6>5}U%&VBea4+`W_swRq&`i5Dl)EqMarQxR
zt=fvc!1l3oGQMZFw(6(eIxWDIz>Rf_uSb3S{FrH9+qC!go`!yF(dNbNzrzCLT5Pg!
zKX3LG#XWZUk^7UlbG86nT592nRnHmd=nC9c9kLpFD_=+kY*Jy$yzBeE<iA}oRn5N~
zPF|uW;UXU*@VvF4ok}bJoAr-QJcO^GwQ`@HpR;5Va}kDqW~oH;c*VZR2Q~<DuRZGM
zocaQ(T)o^HhJScG3{&3t!Is{;6TZ0j<XV$O(4ChX&U92XO2a{Wd^Jrl)bbIeg|OG~
zEl10J<(CGZc@@*2p}G&FYoym;l+f+>PsFZ{nVB=&sZ;D8_1ZQ#CQj}WWm<&Qr>6@`
z0~sRS+h0SiRUTE^6!alR7pJ_q6Pu+Mge!A%VO)&v*420(*r8%+z{kqfb6T#zaU$(n
zPo4}@B+9iwS<^W=`|%RgTN0i}rm04@rDsUG@liw34@zub7J}lEB<?<E2HF9!0jiI$
ztpekkJfKoTTZf8mm{pP=jiGx*#1{1}JC3(BtO}r^2M1>Z<ggSMx7vv8idaX5x}>1>
z*9}1N!-bVz?>oCq^GjNf=LFnIPiMd5>IV5$((Z1+-=6)Q-XkQ?DS9O0cxvBgxg2vU
zC8qAp!Cj>H59hwN3#xfn{~PSS=<WE}Oe>SM0A)fzU}fvhj%wvL=Idi$Cenud*{9WS
z&h9+woCLBx*I&c7X-LHgApO4Z*qhEtC^!BsloE?s!vq-7*{u>e8}*DhHsl&Lnl(Y+
zXafvO>9Pa|;1Oi0+f9?d<;RDae#)Gcr<hGj61#d53oG(GRrmqQXrL~M6{BnU-|Fn!
zwZVc>lt${1VE!re5o;gOdiI$s@;|^e?K_X8Ru%x_u#1Xzjj|-?<XrMw{e36~MHYh!
zA8Wj44dYG>$ZPrCm@0D;=$L&7+231IR#8dZPffk~2&;Fj)-HT@k}kVzJ?7g9=;HVM
z-nQd`8AU~8k67Qvp=<-<YB73<XD@~Fwic&5hkjElcmoHW7$W|dnhMV_MZj*Z-r0aT
zg@cz3w{Ew=KrNW=PZ5XQuAHsOcvVUb5%TE0`_Y{nJDW#CtxYdE;Ik3WAP;}wsdliu
z-@1DeRJZnAwtae4(ueb1bMLF>?Ts>NWVWtJfL{K~7~<^BEAwjHlHVbA4vs@GhqS3s
zSeU-wasEVVEUJGyjX~C$qA@x>p(mNH0MorSqn@avuOHD<aL#s^GQscyxSb=+Xx=e&
zK@yR?Sl6)sxh1?0c*yU^_K5>uE;n=@k9Js70u_fJkA4SoeCGAJ>moZ0rNX5roIL1+
z>p2-QD1fBJGomL_4wh0yT^qL9ArX8Ocn*@RH&`Rp0dA*(gF$EKx$mgy-a*Ezva%gH
zT5RK!ljr5-+4}nWzLz+jhB;7}C~<~$q^GBoK+mzEZl>2=Et%~4?wN76JILKZDPlaY
z=QqDSo?G-bO&~#cXK6Ss;3iC0_WbTQ)FZ~gQN8tFiUmd#)VSU!G>lNO6ND@Y6gd7!
zAWOB9hY)cVqz<iRO?=*9|NCz0jf4%z;X8K$a~dueO0l%2mAIXZV9-vhJ)DM6i1AAl
zhOBiWs(t#)5k~VL*KuA7BHbub5}3h*uNYuzM?Z6|c52jWIhwLWK&E;?X?=z?8#(|X
zz4BF#UK;sVu3nX~*7}a^+n~;V4sp)A0HSeIFkM8hr1T4(G0{j+@{DgwHWqkDC_}au
z?WtE(*8nT71<pSg4eoz=0nTSlhpj4dLfI7?1ZSA4`}Iu`&%{&Fk7yV(Q88gKd}Ur(
z<}(B>UN@(2hU+V#&4moebz$x4_1OQ+w#}PtT`o^(<{@r2<dG86<)a!#5-*2#^Y7oh
zuUw~<{p?;FL*8|Tvebot)u2BdZz6&SYw*57Hv_NS+5IzCx+_ZntY9Le0B#QWwtn={
zy>U;)d;!%$u^48FGnngh6w&<-=SSw}V~HsR%xZtH@)dz$WA=y;_`;xJ=CJAjx@zJV
z|IXI6iHC@=<~c3X4Xdi*dgkljaLI41FX_)nYheRhh!7G)wtwLdBk!7YHP~)e>YWeF
z=$<;J|Gf7icvR72qa|>A>^lHThWIA}1w~G-Y5*(5!nB$sWx*>^G(>5^?I0*!bRNIm
z9Hs~X8_?&eiU5#ZmNGV<`O==^-irzj+>S78El8L*g9%OJD)aQ>-sk3fymUv=b6OPC
zyk-9i(KV@w2?^H<46T7hd@pllgPBA}uR!vUpFeM`&d4jS2f`<Hz@7>&WR7|=oJ_O!
zFb4oQd-cB43E*+nIxNwj%V(wMrd>x9T;IT`JM(b+bQnyL1dPZluUn%*86UTwZVl0+
zg4+cp|7UE*FyAT?CZ-Z#qH0<`&>nqv7eYU=^u9S@I=`4!!UUFX)Axh;0RhCflHVBb
z{axRwd;Bz!$nDHKm6iT6qzwRf#PNW>w!^9|py9l`PjF7xjVQ>^DW=r~Ua7g?ePPId
z^`&9*3EU2}Fz$hl;>>IL4rp>m#J+?cY%?W$M_6{1H!(b0ewBOg!qYkkEhEs~qvE*h
z_wk!q(5={%szsn8rL%GoCuhQmeJtzU=iNKvl;n}mTx)|)U2lW|QWBW5f-zwZS=n<W
zi{nklxwyFAH#8iEVJ)!=O_+8$l1xzg9AvJIF(lS&R>3*)&o(|Qb?(a5iD6diJq+JK
zIrJCj%{GQ%;PaTCF=$W_TZ4e8yk<ES8~Y@I@{5Ub_NV1S6)tCsUV$cI00nIW#B6{q
z;~EzhXc;~*ALC=;3fj5?<5IIS%P;Rt3I%;*kGO{UA^U#|wwD6~S65U-ppigFY?4Cb
z3@QZS&{|c7$V+U9CB6EADR54eoG=9jYT|Xpw8}>)g5h&>^9#X+&84y5!?p6S%-&fo
zl?V$8GFYgO#hc=;15>~$ulokGug?!TF2%g$|6XKI|AX!4<(-<09**#cHS7z$+legR
zKYMQ(PkBPnq2dsHPmqMnp!A`mnw{XTJ}#17D0qtkcEQ{hQ_e|(q&geh6qkCt*l{6D
z>Q3*C&0J~#k>st*>D`H?7mg!;0*OF5cb>)Y2)R!?5nHQpTHWu1XIaTb=O!50G9JsJ
zGx$(y)5T0oSz>p2+}PyUWNN;;cqIw`T6y!G=>+e;gfr=Wp8^2?H}suDUS*NLRJlkE
z>70SX<PBc*u6>w1yeB4Upj1K?lg5E&@@xJ!z507hq&_!!7Kjo0Yc(zSvg@xx@X36M
zIb!D-V8@`w+o0#ks>|f)Xjmv2rD_^p`kdd|w5^SzVnjo)>bi?^few+ge<4WYKf$0E
zU(Mt0i!jc(_<Q!sj$B61dC;4QL7Z{1$8pGA-)AIta-Y?I4#*qO6+wfrn%qBrG8LVW
z;_8rjKWIq~>_Z8<i<eqOR$c6w)Qf9A4Y+%HhTpk!XLSp3esj4+U}@r^g%wO45^KHe
z??-1YG!A6+a6`ex``4>>z2Cd99yUl6^=Ii_qR;F-&kao&Ilx$8dQ4Kkj=+XN1k%mk
z^M!Z>)Y{1M#@95`4QR1KV7(}l{peo-#~^=f&c~PVX46j`zUlbq3%DQf*&FUG7s>mU
z<ny(9GY_ChCF50}W9>fv`9AYdJ5CiQ&E&S6!e)2EFb}~Wa{h@g40ao(cD!gNWZjRt
zrOsll#-K=v>qAg}WGOFlYXALXhb+@58Fv}oH6C3Li&QI{duYM?C0T~RpN7^>hBBD0
zObOmm`NYYSM3O<hwYBB2^EQ5VCj^uB_bo*5t(uy?S&|$q)+s2bxS6NFx^%{>>(vLr
z>VP<OOXa1tqxj#&6aX5qR0yw;h8ukUr*QG4_&yAQhvqwC3-zIBploM%vGdzEA^6Y=
zdo}tAId$p%^uMZ}hC~6z%wBIkH#|-p*5aC5c)LJ`3k0l6gHeYg3qEp=Em?BG`5(DA
zC@Q@dj(}yQtNJ<LmQ1vJJF)^av;E~((V@ZZ&7+84iB|uxtjI3>OUs%OY9-r0sW3R!
z*R0b(MPml&uM$ihI~|Xcm{oXD!zi~z|0VcljEa^v^4>jqap!)UrHVes<0YswT)C}%
z`NQnHWt~g!cumXlQe&O-ZD+&<jMSjg+5NV)rBJ`6RI^a7_o0PvYu4AVg_&x-uTBkr
z=Nmb|PmxZp7qTSQ=|669&B+VY4;p@QReU1WerqM&s21@yt!VWzGz1+%ULf7)<rMx_
za$q)q%jSB1k+AyH<ty+}nEBYuAWXmBfAr`UOp|thG$<ktC<ctQxpU>>iN$YC4sxq+
zuden!>e|KmN>6yKsn_UV$?QIzKarPJh4a<LkGxAoe<|o{x8^N&>U;au!m}CXDPd6E
zZLz!pc}6|)-LChOe&v(vh0$ZW`#wqX^v3Qb{JvKmd^N;MUtJ~(qkE<`T!Z(!Qk*a^
z>-S{nVq|9pv7hkt<*i4qRy|_HE^{y$uYmU;J9^}Z^1#EC^wN*Lk9}&4A6{iGuCiz|
zHJ^|?RpJbMCcSrNW*p<d^B<h=Tn3O#jz4*<<s784K0e-m2IvNNiL?Jdn#kDhu?p;z
zE(KtjmVLC}&8_TTgU@5i3}1zoG^EP<FYc3A^li`*JEQ61mo9UPc>)_N_xG_JET@K)
z?Gwbr){2pnr%zkArOGm`Y#IA_t(R`QbN&@g--XzHZflG!OeE1Zy}K2_Cr%OBT;s}p
zMF5DDl*zF?_%vtWUeI1tx=Q@T-yKD#VZ81bBV!oME@R(k!_+Q>H+C*Aa!9f^?eC>R
z<l+HvzY~%^xe;eYyBzQabeJo)shRUt(({*k_07m;;s<fc_OAaTj6|7B7Jgkn_Gnz5
zl1N1c&JB%xe}1K^s`C9C4b!Tjj&sDLTnAFLZ#mf8PR~4O49A35BDFFg^<PUlqu!Yp
zAJr}2m%UC*uR-FBU!PYRD#n-6dq!_*HI9D1e|{~6<t}_f*?1{UBQDTF8v_Q{^~**n
z;>r1c9v5F=D%0cJ`#te~TH3u*0hy*6dhP;MVA!5-IgzdRC-2~!#t;Qfz{o~^{?r~m
zLrT*AOz8-hiRHt-grvm3R-o-UzGZbCcF1w%z0k=DuQ^O1$Fl+X$}!`B(%AvcsTCl{
z#I<&v_5EWMUHx}&w|$u54_1OX^qF0;9LQOV9Xi4|!o-<~4%c*>N=!Lbpy$Fp$`Wy4
zT#M5O*n9Oa9UX@HVG22FnoAMB*2<h~(bQhSU+fS0Ur!e$r>>hEIWHd-Wp58-v0bVm
zM8*4Gq7S(0S2a7Jn)mJ>qr=5swRow<N{@3+q9@L`_<z)_8>%}p_DSO!)Mr@bgPaU~
zxcT`%fvpjvBZQz<cTR`!|Gn(*CRfaTTl>bVVg}YTEe<#wI<u(#R%au@Q6nNEh?yHO
zc#@F+i_MU|b!E#IyZ=8GTJ(Zlr>C`&lSoXUEfG>CQ&9(|0ih(+I=R%RGE;_lRAt}u
zwe1E+Us-f#KSU9tXZ~kTiYfr`{fW(w{~RuloB8^$Spe9!ctlud^FL1XpG^Y27JK}!
z{Qz<p{w;sbMu0M#2;KkP>@GssOa%JrtZAs2EA@{HlmJL!C;pep;Q;2{|1`(s#^Y^u
zQ;7%X{iV47qVIn*1|kPH`=7?C0d(Oq<QxBGeg7ZVq{a1Xbi&9yzWQteCi8!Z1jRf<
zXu$mcUumlT^=qa%Mz;SiD)Z#!oQkhiT9!$<teGawg3B?=U?hbmE;>z)zW><+-rhvd
z{ZqvL@0X#dyS)?gl+)gYERV&V5@vUzp9I%vgB=I|Td6NKmAI?}89L>XiJj9j{~-tS
z?JtL+8=K%#9e3<COCDQnh$@whi~J3b>n1{Hpiz8y?Vw7hVz6`%wGuycHEyu!2y}J0
zS_Bjdb^<c4vUUZ5f&8@xla$-HDyolk&6!8Na37;VaQ3y5H7$7iiWe+WL#visqlMTh
zT5$PHa}P*gl-<&k&P%if1CNd}s$4mjZc_2pMhg1e>=S#4Y^^JpGDN4^l{oPrnqufh
zc2C_G@2AhJlUL|>kmoA#3fXS0J-<?h&I()-dw`K<&r4(ksceQPX-y2x3jVn6zn3hU
z!}(y><sl6Mxw5DAd61yK{WOz@FA&*LLJ5&y7(V`EBt4V7{{PVS)=^n)+Z(VRl@O$q
zZbVR08bLrpKsu$QK@mhkI+YL*DG`vC?o^r=kS^&4Ny(RxZusV_=iYnn{l@Q~Z;bDZ
zAsk@8d#^p$TyxEM)-y@m*^y>qzBFO44h@$bk8vJsogXu*RPMcA@C)j5YfueKjl_{o
z+@w?y`Q<Bv0aaUdZQ+fVX^QeNQWz9eQSq5*QPr;0;Ft?gBlVHN_(`w-!M&DGP3!l*
znOWk@bO+Z`&*R~qt&({VO7Xv>LlSB9k+bw!ttay}4A&Hy3}Ru?E?>bOB4G|~C|tJ&
zE3oGs@V$HwVv{x>qJX-SzzG*b;a(DtN0y(NZtX~_d|604hqA2tTyyI^$LnCOmQ|mM
z-nz`q%olOCFmu49UzJ?q`oC(BM-wLOND5VG@!i?LLGykCPHFl$lyFU2OrsQ-ov?Rx
z)<G*)2i)#Rlbo(6T5{X6O*|}i<jXuiO6OMmVyC-&UmhRiXFEVFn;3lZRd?@nQpvPw
z@b@<J@AckAh8|GQC{4-zb*JsyXGmxFs9Wf!1Hy}k`L9$)isy;)5-`i}7XVD6OGae-
zl4i6jR=GgsElm<)=Ylq+w}d-nd|JH6zybYxv00GO1FRw9@ebd)`OpTq*D?2|Zi1rS
z8y!x2zU<L2lPKM|D6L3uYilLK93Jb}n<Ed->#INSFPXz$Uz8WVI{*21pu_u2-rJ|r
zo}9kKUaUDp=RNm(+%S9Yi){&$l51qx{T=85@9oEB$aVI&L>*M9xUn=uL0C#<0G8d)
z4U&+Vy4b3~&xjcMcr@eRx5Xi?Id~`rTl?w1?OK1_JLz{C8d)j@pugd-Qoh=J#SA~6
z#D_T|6-AfdAG;B4Ry^}X8Il+e)^?bRjW}f%-Fb_?VvUJZ1*>DefvW2AZzpwetD$d;
zL7$1W<A`Q--&H(<P~-QeANy~y<Q3DY{2!G+!G5N0V!=r85&nI-jB0Y%>}vX&f3y&K
z27|oBKnC^A<|%6BM346<nC8<xinvo}L6zWJY6maHv;9ArzmP``zqP9w@rDIY0XeTL
zV*UbUR-XE!Wf3YCu!m>|wMli+JY9F>UlqjL)K_dtvwTxdP>nTwv)-EVi2hx8IO<!z
zl+TRJFSaKWME(Z_8FPgj4;njTLw=^%^sJCQen@|sW0g(O;x&Z0w(M4f4w8hOB1ugT
zwwl%S=G3`?p9P^urz$@;CIh6}9^F<@))<#EC){$}c(Bsf#Lr`T)rw_+<!?^{JPIYI
z0&D`c$8#PB_(iHU^(Fq^00ql0(r6F|{O?3NPq7ubCCQlaLzDe)W~&(Yg59OMP_<u9
zHgW(be?V8H7e8GzTN&I`Q=t+I$w@l=a{Yq$-?%Oc{>a8TQKUoy`^R>0u_BsS*6bw!
z8+T)U%5V1TfVMiu8|LFZTJxVRtpfU|?RX`MYejT)KCi`@Z$Th}3V3xWh2(39CtIFj
zeCT*@qY}L~Rt53Lps5RI2b-JMu&w|KlQp@yv#|Nup01l%W*&Ttp{oCe5!(CW-5yGv
zdFjTIEQu{HDU+}|E|;g_n(GhAapSs|%iHjfUU)(=Rw4~V=um|=Zs$XhZ#Yh!tIbz>
z1o=ZP6mlp%d5gz{3nAw#<Y<`M&;Ay<86qaaj%t(ZWRw3UqU(kjiF<JDObCm8J~(c9
zs_+mv8r;ryJ+B6X_Hw#MRc5>WHEN!VsG1DaG;X`+6+R(u#wPg6Hh(CVRm~~g<H9BD
zdPzAEyJb#JKAy=Z^De7x<K3DC33>AnLVSR0K%LhoQRX2;lrP4~ch5(wHkLB8g<hQK
zNR)4ozpCIf5DO6TnD$Mx{zgONLwA+l?&0N+4AQbo50~ZBF#7_1sAznY`pEBuPWru3
zGEVjRfS0AWa$!?=gSz5XXJ~Zjqo)gU&RyDx^G5A$_gp>WN4w*SXNJD813iNR;`1w^
z(J1P=b$Qp$QyU%vg(r}$pF02gXpRS)z(g*Wn9i9)I<&3PP3ST%p_Y@wOtms5t&Gqf
z4cDcjDK}PE^3cPgrZ@hjG)Ze@0g=?D?DjrMsk`GRkX`D_vS?*x5$nJmPl=Yb2pYaC
z9m-Lp=l`>bMwB6}#+>ryTi@x?0^;`y7)iUECp|Q&1wUw9bwZv0+^;uF){&lRJ2bPi
zq4(!2O=JnRgVmUE-E^41a6kNMAa~xsNyO^gY+~7G)u?sI=$LKYTmI*mdrcYRCEFeQ
zH(B^v=zZ`65@i#FuVnOhwM{aZ2*0qQQAx0%x5Wy)>)cES=yHY)<*dblVI|ak$L!;8
z0qo=GWzvoS8YU;h5LQ?<34QAlLAqkgnsJfSo=!d-<FONVWM&}4ocbP$kZ*MxnSGF2
zEt-7(*-Gh4<W07pBFwuJomWI46ObD>P8Q<mun`2e4O9I^QQ-@Mee$<pmE-Tnc&(OL
z{5qMnVz}vZd;3r|M`OlBu5#5<eBm1rI^CF;1XtA1$k*+=yleO0n_85m%=@i@8ZT{5
z(UuirxCS?VmP$PH@2K?Ax2k#I?MRlQv*D38bh?cyXVmfWQ~mejZk-pB9DaM_<gskz
zJI~NK=O0DP%dYjlN4LtF?^rFmfLQF~;YrW~&s3H>$B~h0HVgMHig`=<@tp5TXNrqI
zIyaxV9A2a2zs;uxQ(M1fF9`G8YI7@CA{|c31_|OsXge<W>Ol2jsTH%8)g+W=&Ip0m
z7AWfVer4%(_vUJ!m6ON(he@i1xRx^G7U@gmE!sS3=aTE=Ios}H{+z=(M{61q?uWjs
zmd1IV&O;`;<IIk+ZM{;ryd|8Uw0gb;4fC5F7IZ;`z%2uI#pu~#f?`yQNL!!WCGOtN
zS8M&KoC2x$?&fPsx-~wF&KkdTYzZa=-GK~+jlR*sJrQp<0;!P5N1hSPY+`lO!ldg9
z19D8SVq7j*n2dYkQmqsE$73Oj(gTAYYh1)xmm<<J8T1RLjQj5?>or*&3ADH<_3Oku
zVbVkP5g<;vT0)q2pS-l?JlbCm`sMCgQlo*f*}kj4E8^1`FI-#}#>2U&6>e`?Fk$)B
zT(`>e-Clg9(Jzc{+gd62cdE{(F56cGJZ6JYzx`Rhyo$?t^>39k`#^m9+N;(2eyxML
zm1vbC9Ch(|eE~7W?Bg_VvDF|Rw$)%XI^Ieay`9@uS*o$ldvgz69UJK@t%n*gW`FwZ
zOKncQiSqO^eGhFM5J7sz%Bdc0BeVW1J|0ZW{*1Os$)VP`XYxZO2-`B!B9TlZO?HVb
zqfnZZ0Lpt5Azg_LfhXiHg2i7Ba5$b3%<g&=fcy%a?ao+?q=G{cLAhb~x?^%JT<2eM
z8F?x-75-V?lHvDVdG&7m)bQWZWC7Shxw}r*;??d1FuAe|X8N^w$xl3QI(NPJzlUCQ
z({E0>>q>RG*5@)m4Yr1&$E;tUj}j;r==VFl9K@XhK{SRM<ZTd&RokA1*miCE`-FY^
zzlHD=P45QLW9hntSyI~{B8Qii{cvw`F`$XCYF?nde6+WE2f?-lb?_9)YpYLcso1Y#
z1$s*u(mLephj<QTzQGWwRYBIohILuczi$L#b%E-ydrNKZlbtud+pS7n`wqW=|M>;K
zsAH>@9v$zAEEJKZ28G$Kr!l<MX~R47bHlUo`-s_%A4iD#>c<6dPh+jjpQH*l8M9FR
z)a`ZB-8CPa*32PV;YSh5j41?X&QHHKAIyHPYb7doL&f6>oolVu%~uILT6x+fE7qCw
z{$+71uxXZ2Sj;8jl>Cw`F)uDlWHs_^WxP+TbM%DWIdBRVDaO0D`tI00gYEpA(rOFK
zC6ld<T>f(RQ#MBeCaU_T1QP7ScEwDtkkIG)-0Nb9t9V77@9X<{X)jO4Svxf3)$=T+
z=9Zb>T?=jfFLq~cYI)j(Vi+Ui;~@QP^&F$NYG-YIPgZ&i(yG0VNvq$A^!V6eT_sCz
zb@C)fFTI<`vOMm1&b)kgRcB@MitKO_Yy@}gSfA8ftetdAvZq|M%Dihogljf-a*5k1
zgX8Uc62I#ej%kaRk~w=euRD$)o`=ASZ<(Oh=+L{lFh*UP3D&L9wVw(MkwkXv$c}y*
z^@RbT8hZdna{lU#M;ZB#Hk7CAS-~`la%dfB%rSs1+Is&Grh>Wd@2OC2;S8%VyZCN>
zf;XU6y&xYyCL8E6wo8_=7G~5ao|W=GW{pASw%t-MIO7X)$$E^aY#TE}))>e|A0q6?
zCq8ta78-HExto)Yf+BZM63O6LSXp~VE#|tzpD?)$_S1!iT-I7Z530vg@5NMnZ7$%`
zpLQC02%d?}aKf)KavzX{D28F=CANFV4UzW9AGqR@@59gH-48EL=1<|t$9ldlJWxd$
z*b1bg4L#?zYm?94r+*i5niqJ+`h<2jrF43wuh=rp>oU@})$OjdCg!Vn`2&=Fo!zs%
z@dIID*FnVANN!aPhqxx4=B}~m7Ct~C6NriER&x4?&p#NVR?01RJ}c7f$L@2UwNGo_
zSS_;gXpxtgkK?n7ykMui<y3L%;vw+h$Wh_jE7%fm3lSxR1__^{(H@Lo#?@>U4j5R*
zDq_IWzLD_$o=7g!nfk#`_2okkeH_0Zv3vZU;=by!`(WY}S)P<qZSX!1E<^G)mTgDM
z5Z5Ut6k$+>KQo3|G5e)pY<JQ~=~o}l;o2*MQh~F<a?HmsMl3^l!@h{T80`=hJM~sI
z=^Irk_<^Jj%>N-Wn3)lkRbX?}Y|JE3wclJN9~0#gMEhG5_x~0Jzv-sR4T?a~-cwhG
zBw;3Hgo}NAL0gFMyN{+KZIjRFMRp5fY)@lGxBD-qc{OSmobpqI(VgnJ>q<{u6c5wU
z^l`t~0)PvgDQgLa1aOC>==xKKspW;C03Mn5BRF7+Xew@cVmG62d*vntCS$&|)I+lB
zev-gQtHz!%6jY<S$s!bP1M-5!>=?`4@{=?W+=3K4viZ~vqWY2sMyRVmMp}KxkJaU#
zG-`R|r{Gj(hM1vCm>T2_djLZlnWM@a&sz)vlo3H`?$;}rmc!DYTzF@~d!M&Xe#L+2
zIl&iT8c383W<s;lI;m^e#A@PocoAvwK55%Vm2=0hBc!_NF^{TF=<PfAjs?aXSC}Xb
zL92wtY>wK+f8Mws6)a5A(Hb%NieUpqqgP~bkN1U0rcGY>R+*~`iNBlx^Ob<lpIDYp
zg^qTl)+)Q;vp59cg~<-9f7hv&G<Hw2VeGiS*4}s2K!l*62N`J2RmKl+9WEUNRJ~n0
zZm`R@YW254&2rYH58kg&x%ZxhB%!8C+5?;5v6xQi-KbHY>(4stbkqLwJX^#~QT<U7
zWT@}%n^9)<-2F`9F&e=$8#)0dhxH>>H(mp?tg7&687)zx(Xlm@5#X`7XVe`=l2@RN
z?)yQCw0lbFkraIwd?o&#ZT0!H!^)OtDvh#j{E7v4*H0m_L=W%jF@UI4@aVYFH0p1=
zrpB=)Jesty3jKQ?GTFy8&IOqlc_rV+d*K^r7{K7cd~7nY=OI<7dtdhFhwo5sIh?*t
zTL|P(3pD`GCPcJe=Hnt+zyvTbUl)$ICCd8pbQ%ctu-O2l+L_3M<?ga4(Sa-cAYQ<}
zXE`NADMNws>&f(`o#oN%+t0p>Ers1Y*#34Ywex@|qu)Mp?BNh<T`|Zd;+Czu|MCco
zw9eK=UlVljQe6{ps(mP1ZolCjFxAz<o2V52BBYcC<xt*iRsbc1uXlLv=s!BX6e5ms
zaigKP&v<$9Do?OM9AfV>GoMStt9FW$uO5sGXXV-gvv*Aw_MNIc#Dna!*;^m$RfmAC
zK0gu2!y#CCqhsprQ?dJ7Gu?(frL(G7vzk)pKa$c9NPU&{@XQQ(9f93Ic<r}lHh^Zf
zlhgl<k>__mWj_$&A@me>(}d%GH3ujCipps+ggYyv*M)_J0crFGs3w43<N^xo0(4EZ
zw6rKxfy>^~8x#wI?)cY1<V!J=L*5NxuXTj5R0NZH4??QIc2Kr#U1;+NS&$;N;USqv
zY$+;6x!1u}^muG^HhN<5q)^7?MMuJe<@31){5vGP=E==#22~E{H&A}oL_OWIzr@}=
zI$3wr{gSpG(fYXK-?|Fx7>CwpC~%3<y{xd41{G|Se|?d&IWlUYh_c{ExJQyMa)~tG
zTxdD1{?^ruQJ+^>fp~(p{0Tp&>Jme!)ur9+Zj8Ad0GC>f&+FG0PJnoBOh#i-1t7pc
zKnd&zRIEBxvk#=bR!=3H=g4pP;cAzB^9fkcVIT8q1k083d>c3Q+;MQgQ{+A^Ijpj%
ze2b;kNpe_Y4eZ?bu)KPw<D1R;^RL@tomVE-E`GeH1ambS_!#Ih@?<IL(XQ=3Naj=&
z$b00@$Rdu0DZ7NLvtt{IvcF(<0QV!3JMtd(e2hSmTe{`?oNyetlq%8lkOu;v)Yw-n
zPim3|rbzBOrP>MTzBD}iZACf3iUve^qZ|UanLhVM9O`!>iT8WQKPji6I4DyyGLXBb
z$rg{~<$W!x_DBT8YAdi>IkAsiu*V$lp1Uj$?#l+9M|~vTus}TWa$)m_IXL)OZlU_p
z5TCQ_obB4lz_1woGySNcdzO14WZ~~3s!z8+Mo%?B1RAuzztpcUAeO`|ow@N>gbM?l
z(0%cP_yysqVW1ukL51%_e~l-S!|RFW15@L><n<O-c&I(#!=MhzYS&zPD>FQjDQ@02
zraE3DA~z?vqAuzM{>?q`ZyGy9lkdw3#ahEKx)N*N?L5T#wb-9AZ@aysK9H@B1t45B
zNMJeNbK$<KpimNKbLKdD+|wh+VPR{xa>Yq50TsUWZZ+&_mcKyk<fKsabrXGl`d!;U
zxD??MAb(C+v|PKg+A?j-D5FcRzC{-B=_`eaUU}15A;*}PkM`p(%L8h8siV<Yfkbv>
zzH#N!Rn+?FK&_vF48~8#FY4j#_&o)1iyHi<pBvJi<)|#%tq<G*%=9d9^GP16D6{if
zO-g)^;lU4g(cAOjzO4E^CJvTA$`z`l{MpAd4vLFt_B~9u<6g!_K2#iID}CxY68REw
zoTNS;eDM5K0kPr1ZB~x%G5IxPqCin7JS1^wLjnx@A5Vf4l6aW1(ej#W^=YpD;QsqY
zlOAkrKTC`2=z3dKRi#|3q^DPDXD|L@r9x&c>fYVK+_pEp(RgBJ6RI^3g!bj#l)ne!
z+9I{HH%2U3bm8VO?F4cjH@L{bmcJ%w|L|BrH|<cYU3O|C6datsDJIef5N<?5cxVz)
zdPbbunGjI*tb4kaT@Ur|^IZ{Y;89^Xg;xixDVhjE9I8${hp_XatUuhaDXf)yc_?Hh
z@KBz|!gg%*uc1IvLr*;LiX0%>u&R&|FFu>A#s6gx>q=Wdrg~0fFRm3*`{iUcCS%4}
zaajN@iR;i$&`*{#XW6VkuaIZD5-$zI+Mdeix4CdIui`@NI*J1UCOM;VAIE1|4GF1-
z(MQJ;#sU8Rb%j<e=j&83o_j23z!P9LSbB5FYP(@|!!t5i=_e6Uw8_v<+6Jkc0s=9+
zMhqj=jV`pstPqv)x_Qs`)QC%|dWM+kj(xRn`c_CkI-bh;UdUqW{gsZu5KWUa2B88E
zmgNDSl<t^L7Y_D61EE3<g!-$wapCb>4Tnbx3X;gux3w69AK{b5EvZ^*PsQ{rdVw<2
zhtY)GeaK`e(D{!n_COX|2c~5r&5Cg*D;pu4#ERXR^D#xkPe@&dOm=y0oYqjli4B<p
zUxwKq4BwTj^0~TnJ<SKS!nN2Jd{0F|PsbZ+M4u+P7Sv#1U}O#ue?w7r-MDcXNb!K1
zX%?vMBDAM~0<j1A<*c|&{$aGy&`&T@vuj7!(iSa-?IYPHco%ZpBC?_Y?{E{y<8tES
zC}Q)7E6&c{&rT}3&RV;=o_cB~wGVUv6DE+fDXnY*f}9o@K%q!&jKGV=^Y#H=#oWec
zTU3ViJBKL89;E}Y>4`oWx}~*OCKJJQu-z@fymRHVO4eQDX6)yMD@#kaPs=#DjDW)y
zdoWu)96{76s`Z6ok%)+vZic)5dNB{fSI$4<Dl%?a!B&GaDTato<stws&Hf_d({r?I
zvU{3@+^$X4aIayEuY7Bm!hm|I-p(|hr!1PmabAl6<Tgb<#CQX!l}MKf09%V;JgIi-
zU0CszR=_5B+N}140G?+Eo<ycr2mUJ$O<zl4TC;^d?aH~}JC@s+qTPB3rkxqw3qY+1
z=w0AC3ayFT+S=;L(<zg2FS_u$%9U^RJ|3;Bt|p!F_n0T6E~J7EEM&Yd{DF2T$`<g3
zR||$8Bh!jclW+)Xfkip%427nb-<8rzJZEP{ZlA7}Fq$12x^i2dU355nX!M<k8WmO*
zU4PbI6B3a}Y<vY%7H0Sr_?S=Sc$jTo908cpAXd?T$IWDxv{UaZ!D7A$&vI^KcuhPm
zHFe@u_g{<i^WfKxet8z<vfduSjN+e8X0j2~va+&*gCx>>m4y<`F+3HVyMNt44*;qp
zje}ED)>2LOh&5b$$ma>zu|^J2o4TJR)+V8xvce&Yb7qmLeTo2ZV=gL__H7$8cKP7_
zl~HhC0&+{J%*eHI++_ERe3S?;p@sNB1_*pnui;4=yOlmli?XBoG*cba3qs@&L|HRq
z{d|<D1Swz)$&|kRH+PUtpG52XR(xA2?n-~UW85vX>V8`$hULY{SLXxU5t7`|*_)I{
zyo0%oV1liYljz`?5FSnAVqw9A08<~~+170fOl)k4GCk8oqX+5g(JmLy1n5u<iz-a6
zx<RZ%vZlx4l=Q$6t)4A{Dv*btCarCsgWw?rXS}tl;Zeh`H-ClJr#VYbcK8L{RVuvu
z(XbdM?OpeE0yjQSU=CgyJ5>d%Vc52k*SC1+v%H<w|J)akM8Nhh*y8~!7VAjK;fw%i
zmG$(4#^z>oAc=mQ=IxUPiJ~|X`p%C<&u%^LmVN=Q3(5_@`qw4DV9A$B%TI5ik`>2n
ztiYPawDWCaUj4*38W>M!*h7jVJ3Hmd-Fme5Txc2wu$1<A2mt75jMD%1N=ZN#*E1Z8
z4=<iCGvnHvy<Le&+%RV7eDGa6m}~<=F=luDOz*~eQ)JpAG3yit?Yn2`8t9n2j<N=J
z={M-Wy$A_LsaYG>&iQUl@vh3yE;ld?MryN5*cyf2Rc%g)&=g9n8wubF?9M_QX&yz~
zVMBg+^z_!_SJ}E!NL~K+FPG7Xx-G1M!0@W4^T!eZPNz7;R~8RnB2CwOJxc?8?(cJR
zb72A$YW_6=3*Ct!sj2kWA`nlTRF3D=Md%SL+wPEwO!M-wQhJhglYq7*0)n>amHnd@
z8BsBJ^b)70c@;+`3y4sbA9tna5(DdrLYzNxxUs+N>A$c51s1@EDE>dfK0C{hZ>l}G
z6&IPXe=QhAArah2;{JH{!<gf$+6?X)oVOsRo)xi89e4!{YIn|zbW3yVk?61YC<WW}
za7{kBTzu~ublJdlS7r3<?g9_NYty}!9IwV4;i-(Sql;o@3TTIcju#-n_7uN$B|yS7
zVaH8LF4E3CS3o*5Q58J^Le$h2CNg>^9rosG$-fFaU1&dCM;Xbz+{P90xm&|&IG4bG
z3=(Fxc@%NzyMkgEwzHD}mOW5gte{1p5m#MCG9F+>9C9?`V}cdX$t4!247)2CS~zg#
zq#o)txL75?4Ngl`!g=#6vKZd;3l+Ye--%VX22^)(AKp^5R1taBN@M7Mlc4$Pe@*NG
zD1N5yFzNRv+Q#~I98T21&9!8F-%$S!$(d5RWKN3P6S&AJDBz?WuuQ%M5?r9g%zaXU
zBJ(>tTqM+EuY2|Mdl+qg7!275SjX=GUfBqxnD0sHSxQ8{{xKchis%M|3ka|T$J?hn
z5q^E~iFDyzM#pEfu_}<O5dxq2Dgg}QroirBr5m^n;4z~1H*ghA24LKf%p-)mLB_I?
z#xPxugLyNoRc#<2nY-!cB*trt6(q>K*}>#WjC*0E)RKI4ZH;HlbY&om*L9fK;_;}<
z=FZN*;rRyyLI~N^cxtmY20&FH9o5My9WK>0_pClSOw`GA9!{UA-*T(T_=fUsyElI4
z%}<b3$?{bSecNoT<8+*x*tS^q=$MI7UX75`kFM4m81ApGrr@^*Tr1%4+Wy{2ct7WA
z1we#L%el;A)Mv}Rj`^}vD?p!jdHgV<MhEA@ea|zBd-v|aM%oOj$BYo3_S`2dsEdEp
z>V&P%-mLkeNN<FC%VluU6-;VhH=+6cd>jHum(i}hxETCQ*91|=3kI@>gkGB2_`6K*
zcL*?dmPY#rrby?tD=RCakTEwnDSx{ZnhAiW+1(nhccJa0_P+ew6b5GRe7ZXfXDq<I
z2;wA;knsgJ;EqY+Mi&mpRoo8S+xJN!R;Qcaxi-{sPBet2+=OyTmU@q09ULFW9#y4u
z&I2F#(htYiQ1-|re${eD19r_4($HUi!78|azvcHurn!EMrAI!kle~X!jB?KyP+n1<
zu-!v*^X#lzk*{pPAZa!?ro6{XI~15^@Y@+gIY6WQcpokdJFLl{QYPCU{%YVw<$PRY
z@sLd_g(ChCB)CF_Cl~v;`8u$mrk_#uY64LlhuhBO(Qz+L_Q<z?+@N}JgIe0Mc)^8y
zzOr%sLLHDKDwidES+#tSODx;;d)RA0$@e83;)j7;Es)=x3$Nk$-L%BI?&$byxYN5o
zclt(S_^onx#Sap=$e&AUQe|WI_O{uoiWv}Q*k`M5SjMjioO=okx>kAIQ7AzsJ8$pH
zAEj+=JpDecmXR>DmbLG2%DJDE>&~9@z1<vHe3Y46GpLUH!(}%d@igcb!|r|X)VZD`
z?AH4TTl!v^OgX-4{3BI^&_V+-jMTWABvsoz`}hwEy8UZE)#C{woCR*hl_#rK&lW4#
zXhnU!8t@&Mb-jCWU4a6elE-}D!N}%yfwEg{NR{YgrJ<Ur!KbDr_FC?0kEd3$(P@2F
zc`W35?<~q`vs3u|5h;>{p5;>sE;dBXq4qOGadGBwXtVFOK9iy0Or}mZsSG)P^>-IT
zM4?D)925pwaJ_x5eDQsgG}ePpW!67L*w)qtG1((IISC~0_%u>^&UA`z2n*RXR`h$u
z;!(F}y@tBI^<5Usyz#Fs<u=!?mwIULyY9&quwMr~1bR&)(3-Jwhp!dKZ@=hif-_xw
z0~L9Jzw_;dr9oz?y%nB|`w%rah~BZTd?+q^0ILI^F7RujUqGGL;o`auXvSZAdy>R_
zj%o#ZfIq~k<4rUe-G8%N?^2}x+dbF9MZ?5;nsce)g9DX+9pw9Z5E}Yl%|^*ekOL2o
zgX5K|6m(HP{&3xGg1;7au&eA@Mvx;Px+1tO*6Uq3QqHE&Yg4fxb~%9n{4NgmBd8yg
zV&UV5(L!8y7w0vqp78(e=VfdH)gi`dv9njBe4%!87yNg=xfoXA;p3CG`+5<7s%F!3
z4gFMf4>O}cIKutrBfft;E6GIP{atiycnNyI;duY&@*U~DAo?Ht7wFsz^+wnvBqZK`
zu;1h$T9xjnqA&H0d+5@2X_W87e?3D+yX(>_hERc!w9}P%QIp3>tK^R=Z7xV086XOE
z0V9iji|z~FxOkU2E`jKysA<=ecmI1q6XPEAR${ZjC5T?cDq`L7`hQ)({PVA3+p93h
zSVwB(-Y)F_9YcFP<#M_GdB7gc#S34`Ql|$Z7>liLKX18+x9q)J??6jO$9Z{vzU9*w
zo+}sZ&;xX57V%^BXpWmdI8a;&6V_yZK@9$oIEKP^KgY(yVsD?VVVx1eFy{ZgV1#s&
zSz%$4Nl^MiT_cZ8u@%cdACa9Khmtn0Li<%yG|UZuER07TQSK>O-2aicvgwty1>=og
zETH*|+B%=MH28i4{Xr`35Z1UabW$iT_0_AJKRN%%4i9KQWem06OIRgWi228SMBsZK
zu|1|#GXLqLffn#3YQy0Bw-=*)3EcmXIFoV2)SbBQsvP~$3$H1Y7DHWTa7P_qpVj|I
z9NC#axA%*<PTaEIE9KMJobLN+7BkB3#ec4~{?E)Ytw?Ri{habpD*~~i8@<90b<^FW
zOfve9%#z>n$2k%D1)rz$P=7>8rMpHZt}6e7yPy9hnm$~l@0yr|L}~%ouv!{hVZL?f
z^c{r-Z}<!Pzy3n)Xd#l8B_;}-*oozDgp_OBYK%*R|8Ygg4=GRai8gZ6g})HqmoKaa
zwu>sYUmJDoiTuY4w=>fm3b-YEx|=d&D#1H{znFpl;W5o|@EFrSWbb@AZSu87&#3ME
zo2%%U7ck^1-%k&?jXI7H{o_`8x9-lPd4(5z6vR?vf)|SX%ys|!BeZ|Ka`EN#iMpZb
zEy{qqn$XxFF_U67aN){GdgFhj+h=MuVD&4=d6x%Y5|iM9^+}^W%V>C$GlQJZe_m~;
z7{sCpbg4e7rc?24OCW>%DHnfr^pC$3XR$|`oBwk^rZ$mfGMMzpdy0)YMBZqayR(ig
z#DV)JwDa}U#e5%1W`D2w-t`8Dcp9HVC+bopy{irZewe9r%`bE!*Jramn-el2hd~6;
z2B<mDZ-mf;$^z%<&9hG3QS$F&)&|nBST*_f*zxfZGAGMbn(n`DIQS(N3@H152<-Lp
zak=L>4@$@XhSHE2?_*2|=y@?;Di54A1xr)(a#bJ9K10Uz6)%;S20BYua)m!P9#&VO
zQ7)1TNoPg{@}1Qsv|_=^psJ#?#s3hA3rn$>uP|-)AD>rI)$>42$LhNS!tmi{)EX)O
zcut-2enXy!UWSeFm6f4mqjTq`%(vwD<q<Mls^bt{QKtp@)P)mtEn;d~!Hqir%7{X6
zbrPcEz=8_2H$Er89}UJj><)|HzX6xf@hsx{JezDh8|i@0Ukr3eH(no7TMgz939l%7
zFPvUr9qQzAOte)mZsXFRZPFR<+h}8q&vhV6u{Nc_F7-CJ4ktuQlh6H1r29q?VTT)s
zg*ttDLBO}4JS`kH@)XZ$eL~&ITWt&Va%1ltIkq+59^DW3_n*D%{M|-Q|GKwU4qcH^
zG&}0U_Wh3yG8W}1NCm{mj9akJ2m<Ds>5SJ|;zrBiNJRbSP8X&40>-Jggr3=5m2`Q@
zlTTLGF9)wa8LuVweREb$eBHNYIZNpdp$V`ajF!D&K}R-K7I_BvFPVn)tJ<(LTt!{A
z@P+u9#~J2kO08)7PFpJ$7KdeMD;AE#PL%$1A20hv0CqUS<^|<Hgr)5KBN(G0%~H>w
ziu;0wxK|K4J=Cs6w|;K&Z}+R*Z)*>AU(6!;#|Oe{5=_$PI=5~~M+;!$7U**UDNcxB
z@Xtqczi2r0_Tq2JQ}Bm^bsY*im6ebn+)Zrcr<ecrK-8#u#tZds3T%4x$6a9#|GX+9
z?Zl8aU(!ciSo){$<(VBtS(7Q+zMxC!U^D)_Wh-8B6l?Qf&z3%)GL!UA>X4>3YU1{q
zn`*o`6sSEE*?e{jjJdLh2=x`4mK|II-25k!TM~+30rmdtKA|5NoTg_=H1uER;nRO$
z3|jOZB=Y*_gF?@)ds4KiGJF(~esb+v^Jqke>6A4S^?yA^5aHIw%w7YGjRR5o)(IF`
z^=~f0o@4Z5q*g-0#4LoX4^POfE(hjP8jtPe{s(vOtP{wm!1kI;ejMfR|9++{PbZX^
zNW~#kI+~Z%@n(bRlqQqNKc8V-PD$l8u#vukL!fB&L+oV9%4ABZ5BHxFQPdbjhBNr1
zY7CyEd7Hhs^ua%6+HAX!kyh@)E#?~9s#ireyuX2R14RD&68kAC&_4y&Q0YWLtXlLd
ztu<k(|MjZI6{Oaeqp=pua6w;%tVI~K!Bsegbj81I2Wbc5(`|bBodGKPWIwk6P|{*6
z`ena=h;+x1?-r((2f8&o<n%1>EPp&VoOq-FeSRsrV!mmKhxDo7as8BC6P-0XuPL^o
zSq}NH&%Rj10VJ2(FwSV%!?mX;Ht>TmKgPCDvylOxBb5EPo_$vDPY0+N;_bDfmqT**
zg~CiftO<<OvU~gR%>2XHoJJdmj?~UFa%byPGo}6Yos6e`{Z?R-3R9uYItAolauuyE
zTRjQMYIqB%r_8+cXr&m@`u4wHHR_i>?;Q2s-pE<QKG|v2so%yXuB)q$<s|(vF9CjZ
z)z;+zR;+~-trW?^vM&u%dD?W}T+4PQsGr~YB=F*PTzuU0()8;$KPGIJ%`U6STq!=m
zsrx=iSi`LGS$3S)+RnPpza}y1F0BG`s_h!C_i+7{gK~R|udke`b83!>faZiu1Si0?
zx_5C-VQFKX0dW>UcRd&fhb)8?(gP7Qb)hJeEIc^nbjj*;J26u?2iiEGzM7xTQD^Qo
zlLImoKkODH0DftgLkQY=@bvN?oBmZkRM!J*Hhw&ihqvn<r00;&y6g8gh?CyD5<<xd
zm$MHK;m+)X2l8zRxL#<o1<hr8U=-TtkG=L^x(S|GfaFp&6j4L%QcyT}*=XIkJ`#-R
zh@!IzDcd>nDmU)4knepA)wZ{n#8J!nh$Vp=Uma?LDA36$q#UygYJ;g66++#|{ry?K
z<#_p|cwefqMlziqdzf>suC3mE{>vZ^3+JPl&(YyecUP#ye^VEc6*XGRg`^^k7pQD&
z-};)Jx{jVn!5@Eoq{m(!yv`-%k+N&AksO>10)}b^1uX|emCOxqXi*C_{_JsH%uZkw
z-d}?`>f!FO@Z^VDfJzATZ2SCKg=u<W1tpt<0v({vg1M6J7V4CSbdW5ABCyG}Eh<uM
z^}Facq;%SykP&$`g)_{8@`YU|!*&%EbYgw-+M*~%mHUP6*9&_N4yeghE?{M_VE)JB
zi4<e}`LZ7abjnIC?_JY%#`YR{35m$$TpAl%dTD`5rLD~nowB#FIm`}hXBQ!7AVPFg
zXg_gB4G1sn+Vw?ejZDgS+$sxjfdFXqtEh4Oa*eQ=TCFfNLA0}e4FZJP1^l@1p6W_O
z@j;CLBX4wo_rTXVSV7^Xg#S?*y_FP#`(&aLsfop2jo$CMVLDHd1!*l*rbN^>B>VFZ
z?%ckdtHUgmxbg*84C5gG39XR+)>1=EG?!h%*v@S(N_a*8am4l7&O|>4whfE>wRQcM
zV265{4#Dt@7@uXMMFHY%g|Vb~+KGh$|FfOj)q7(W7(c!$?^)7sgVs{6Sln{r_VSk&
zS)t)@>@-`|E7okV!Z#!t`A!KcE<L{CU3KTtfnmK9Ffq)2A@)p7s~c^@q}2XeH=ijz
z!A}$@Ozr4}h^Jgnqn8y;23x>Se&h9Y5VE(ff+~i`Jk?&OZ;zNd&nYzQ?b-TEP5v&`
zxx=SHWJyh~8}(L$GS|{8?epZ(1K=V4qea&^1WRY!tV4GWu0LdenK#(~&@@tNMr-8w
zqGc`@J04jP9_P<edx^|e%$sL2oScf`lvTIvAUo6Z>~sUQ(lS-%A!nqN)^3scxP<BK
zaKE-=vU$j7*9bA|up!YIY$?4viXNfzCNOL!?MQmft`0vB*%~OUy;9=bE5)OivfeKz
zqMx$S-|*fJ)EEmEpotZDTC&MF1Y;C>U&x|T=z7z&xPn@SzsKA`h`iiaSmvhR4Pu7@
z`pIO4dNqRWk?AgbK7^fdf@|?3GO;#3n2J(xdO3gvmfQ2oKI4xt1<Jliwcs#3XO6`o
z0J{um&r6Fgn!@&1)!Jv7CkM+mi_5-*ue<bRKUe+fgJz+t*cka;Td;Ss3+Eg8uy`6v
z%~avh{jw!XookiUdRU7M>*pu(b5`T0iM56uUWdhHMLdQGP4?ZxjFl?u_bbDSi+<a#
z*T~IvTP8SC>}$@RSkolj=G@e4cnh{t+>eMAy9W0Sa@cTvgk$MP1(!CjRj`19!qU%`
zcks<@wECV4^hByKZlN)2a2Xws^>6JHQZ|_tlg8_FcZWTtVqhDj^qGIj@5T8|r;pKW
zLXZRlG1;*4YA?peuw3zOJQq++V-d#91M_S){RH=sYv4xPF+cMqST(R-9;6)YmYntF
zQjt78q^yH^r!q;Md1C#U8$Y1(^?Euzsi{FG*aW4Nx6RW{NpIKADmx*+u_TM}=9Jmv
z!<kUFz6iH<z8`suk!-I$?Kr%oq17`##&>e}VVHU{#RJ2)7|~+5Tt0sDYD^jwNh#3L
zP|H%ef~d6jh9kJp?E`v+Ky~cGh1<7pzXmu3v^Rj_uwTOZx)UVeHY=*gaSC)<UB|EE
zkAC<dDz<LPaTzUuAil!!PzAbI==;iEoh+w1{qci4zgR;Rm*@uiDK`~$|2Z7lwiYSj
z&mwzept+^-ROj428ZsNbQKdA!nI7(lAt)`~qIOMgm4L~&eq|p)#U&By|D%YKy0YA$
z?_d*(f^~_WXIZ=6Plo@6ec0cT7$;(tb6{h|56hGNHF-@6-A^T>Mw<!7bE#oN659_i
zxpRBGL>U+R^l_fg)-Tc2<0FINS!%#G!v^=LfNP;nDeVOLkJ04cBv|zJmZ^yU_}QLv
zMK$)LAFi150S!U5qio2U_DRZ4Wjk7c@};8`V?hlRN`a8djui-|%%)0Nn?3F+?Rn79
z(RI|*C>t4!O#Qe9TaZhE)bPCxphVCrRdb0iLVpVyI%hSQJ$h2mkxM)jSOb_VU3WFk
z8y{1VWSC&Eg93Ay$>{Sb14UWU(HkXzJM2MqwZuco<kFOzTOlp&lhokTk&@8MU}H1l
zl0I1(@Yzzr#ctrWs&8tw{`uCA7S<qY#}UI=PS!ET#oowZF#g7myF5T*gecT&m(mHf
zcCZzD*FC9XckL^*N;ERzXOnz82l`7_`a&{rf716$`1OQ@RxcT?A{rZ}I_h961gZlo
z`7Mdes8~L$<aF;#U6;|@CmCTJXTQh6*BK3TYD3#YUVQm}cw>x=z4l$lrvoOiJG^K&
z$^7`1l0+{kpnk#m)eMI<&661JH~l(RNl;B)np+QMQqQhi&MTXSgPZqjDg5;py8AyF
zhH0|r63aJNN{Xea(YWYr`r2boRwb#dP}3`1L9a(xXr!P4s=SO%*IGd0Shoc-JOjT+
zGI)LlTYk{6kWiSf9<_U_4eg6Zm1u8Qo)36Ni{LV)8KS+_A?lPOkJ_Kv8PXxy{?6wg
z5b#DNOTy4FNfMoihzQ7t=%9&biq!i$9UhBhODtm8Kxtg7beM($cR8Pij#M0=gO<Dc
zAg|NsH%T^Z=9RrCB5BvAI6G9l(MTDNu=4kBb>on(w!_N5Bkl+2**0;so8Mgdz}z<e
z>K2AA*5cXsP(40arO(+e?$%j1?L6;$@1^Q@En?w@(z%gt^qZM8LXjj7go`G>r*L0i
z9~1XoRDWV<)!RF5`HbSg*>`o#>bWNS*8ZC!Gb{qwl+vDZ|3H`&?Np}d>HPB5(KsQa
zx*D-npc*^iUTJm6iM_f2IHczHX-Ag>v~h4GMdBX~+X7G5fP>w~e~*{@Zgtd$_uy?t
zRvOrX+3dU51zs53{GeL)S?0$v_JoqMFW#{^In56v2}wzW+vTKySh=UxN*~%0lbXCn
zbq3x!-ciL~?G-mp^xrkg+1;`YRhoLIG2GM-cY=lLgV(hECiCOfPIAHY0gL$fIFye&
z!M`_bPdI;#Af@(*0N5tbmK)x&p;{gZnuV^Oic3f=1c-{6CEob?Qig!@)Xj#CUkSM;
zgi`nSR+3A*`#Y2*>C_`302Q7cXbT70fZK#uQCoVNLJ=hA^9DOmm>jBSrk~?Gj&IBP
z_aoisF$szUOH+VxMsiuoop_kn5^n<`yC)3Ux9tWR+RGj>yy`L0<<;8N`}um8vSI&Q
zo}Jjj#tw1a5DVO&;%j@5q}87;-Sg_)5+B**f-1~&oYvOO@XRMJJ9ihSk$|lOP(R9T
z)j4*6BT`_&NM0oPx3fX6*=)EtZPguenhP!I-i?RTG<MI&(R9a3zro_zb=d$H4xv{I
zmUP)FOVPJy^bQPEu{(i*l4WP5_fl__BP_dx_pp2K_Mv?5zS3*WI7?Pvh234~uwLfp
zqkfT&L!P~D@Avrp{iC^-*smh`CGYo1u+Hr*Og9)I1<B4!N#EHUAntMC7|y^z#c+dt
zgZJfo*s6-lE*9y%7=89q7atE#DM`4(X_JmkzvjuxCaReopd`v({>bie!KD=NVXt(I
zLRf;LS3|9vlvcvGX6af{wbSNb>N$@i5Z7SxJF?ZXyim>D#N7KTUOj_eXHs)TnVHam
zx(BLpSEnwnKxID@oL;EKfGm7P>)&H9ja~-<5gsM;4SWa<eO=(PABkXvdj<YATp(UR
zCB!sA&5j=M`SWbWBUD8Xn&~{wE~o<18@qnVQE=A%JJF#wi7{44B~)dfGeC?;BHCxu
z#Vd6VU$qp=CD!2@?!N>eLBjRG52BFunT@@K>XOG4k==I+g}0z9bN5ZHpmxAX4Umdi
zgyeZWz%7_gO|ATI!OMT2bl3P@?#WvQp8z&VrU~K|nj&bG_orMAlpdt1iO_s*Q)@WC
zxC|6H8j|%~h0m5%I-@xnX!Q5qYCly-#7Rty>_C;4if&PJTcG)hDbIK;O;mho_Hlyt
zcc?~P*nKTf7ckpBJO0mIde%}xAd{|~#J&&ogEW9`u|;)W)X&ti#e{Z51&YF92+P*O
z-DJyqu6ry%p~PH*GZbhzU}GyLDk|!GEDBur&`B81#6$UTd08u~Mx7nFM>3H=>0QYo
z`G0t~gJyHPtba2)QnU?R=^pU307woVktUx71MCHTmBCWc%bMIC6tF1R$Oa2=L*88a
z<tla`Vn<$RQjYSp39D@okM?&BB?SNu9(2{SBI;zfC>5r84*o&8^#W>D3XBiOktFL4
zfE$B~=_sa3#OF54e+bS%gadmYYB7j-3R0F4%*odj0C2=I5Ne-KyW+H#cQs`YpS~!p
zjj3nj3V;I!F3DW&`6>Ga11Oy1iIK24IoR4qAc9cl_mg@khGrQNR*N%)&JJubem#6$
z@en$_-CYg>Pn^Sk1nBMXN(N<-l{J)SJP_0s!jgmN*$3r_gUjv&%Lz7|qUVzo*MtNd
zUc-5ma8J^hjdsGNsRDi9+L6IpVPWU3%Zds2Q81-Kd*sk;DH$&m-><x`N%VLpo}<yG
zmztg#71v|1da#M^HjsS_%Iqs84_(%6)!?8QYN5Jm<kyux#0nffeNG*2f!*=?!iDSc
zk0eCZHeLbRXWS^0#&CVt2ou{zBKfCo?D`}EOG-)#1=WM@xe+T<K;1Bqr>nEai?UmW
zk42Nk1BuKQw}jzsWUgT!yG>w%50>gFqHI#%`%TnE4!oF}m0rqdkDBtt7^sSSoH<nP
z96@mr{B5uObrny(@pBZ|{@3<Zu+b3qkQk%yw2WzS_2eqwL^+hGxYFh^8caEnlZ(MZ
zt5qR{RzWMneh?Ode>9izTovWXRSy@^I-DGcSL``AXDUNuRv_H1!V^Q%pnAwc+zt)5
z2=&Uq(|j62%IX?MR;4%KKG`)7+`|KzYM~=l)#a=k5ITj}TTJ0VQlz-trMHxXN&1s3
zLh~>2CpR~@?h`-<z&_vM2rZ|e%aAPY%mwVDr(>DQrG|gS`5O@D1HeeSAOSLz{*#YS
znB7{_ukp`&0xu=~#`sOdncV{$&5=s8H_a}Iw>f*09%7Y8@S7BzMN}!D9%+iW5;eQu
zgU)ifN9#Hu47b4)L5N_7GV$Tf>w3RI1k5kMZ&1^s={8Zx19aJB*LU09*Lt(ALp_)I
zWImr+8k)tW^HWgrE6v#Z`S^TxT<j_)&MHEt{X7PbGV&?`-(1K|Ms5<OG%<nXTX10X
z=3AX72s0gQKntYlbw<;!kL`>;ON?-FgXW4LH0UZ#sK>W41{(+amrpdxeG!={phH2;
z_;10npHP%<zWy-XZf8bJI&>#Nq)!DB4}EvSxrYb~U&6L4y}uhqrHYF!E4&BZ0sr}i
zSVMt}ogXSlrDp^W%V5xPN(|%TR78^$H@NHV_k+^uqtfM}H*XuPW8_r=K$ie)>UV?J
zO2s(-H@Ih~R-=IfBfBbFC4f8~+rZo;8%_e}Q|s@S_?b;?Q7QQ}VNnw(vAZuI%ny9G
zrSb54J6PDH|C5O55g1Xu6WD!|SZw-*((9cO*!}XP=mmg<sJqJS>|Hh$Nu-;cd)FzX
ztq!uK96{J6I}-_}O&K*4??rGRYOP*M0rZpSj~I>h9OFFggVX(~KjNP#w@Eo5-j_M4
z)Pi2`8D*0n5Yj=q?6)Ea>8VW9=YGWue!90s4iV_13|=jjKZ2LjWgl`1lIwZ9yEKZZ
zy67_aE6{Z~Kh7!C-=AAkF4QTxwK4UZH-rxGHBIyrFNEfhE|M<LPi=Wg5y)yEB(YTk
z=OJmVPX&VZ*(nwS(7JZHsdTtrp@D|Pe}oOqZusDen$TUh&@i+JmD)FkEv1%eg1KrY
zy@d2&&NSRAI|p+J_4Yl_kM-?dj7#p(@jzRsR90z|L(1Fs_-DzRb1<(J(+>i(qX658
zqFD{07Kx<dQVYFnkI+Q&a2C{_Reoa#;~GeYCiie6W%OJh_WW%l4pE~w8R$NE^G6R?
zwO?=p5Axv}_j1uq3k{2ttAKC%^}~M#l_-QLKWIP4bDrg%_0l!~dsNl2dG6ZftD+AV
z=okDVt}dm4_MGl+zrLYcJ2>S3a=ADSEjFF1Uh4i)h7YB`Qzls(gS_3bShSZF&?$;C
zT>!{>8|T4!Ea7oeAc`}x;qA4EY{Gj`V$Tm-My{iIdY;Sd`_V?h=9lalvR-^%s{k%R
zlaZIi7s;TWS%l+EnRy!8ZbfH%1NtWD@ACa!aP2R{cG0*tiP<D7g31h1mzZmr$Ll{o
zv{l2!Zr(Zni}+?kT0cEFLsujE3NJMbv9Yzbwr0XR;Qi%(wDYF6Rs`C7&dksI0(MXw
zLpckWYPGe=#@u?uK<p0@na|0k(~nle(cYp$cat@9lm&zd{dJq`NAk)oMn-gK&q*mr
zB$Gw}ZSEmc3BBBN)bd)j*oPc~I%jxtI3^oX`c4g7n_lfKsYty9A#`#|gC`!0!+J&*
zI-wxbbMO~?7UVsCTd4d)EaS6H&1LQ@y9K_GC6qx{lX_Bs0gC1MGBBkNNg@Gsz0))H
ziAtGTek2)5cF2n-K>?6zyoemCvDFtrju8TUfbh(#tgLL<3{t_a*pvb{0B=sHm*H~H
z_9w=XJ(9sSEC#k-1*&^$D^HFx7>n;h3=*^p($gp7*H%GXsPnpl#l6xDZKr86`dZb0
zuZD3rR$^{$o_5@bCu?LxC-8B^1NIx9FW3Zc?I7<BvGR_KV%w|9?kniYH0z&wORai+
zHb)SyWzVJ1=AQtGRxmY#!bb$|_ok8&v($stCf`t+`|T%4JAMF!M#x<86?+39T=g2I
zv$8)=?A+89?3pad`*xJhDH}VK$D?o^oHCU!M>NX#V`ylS$O{FmODAoN3{+$vtqwEA
z(HmDs7+gI+2@c6_(rNr&1ytTOVrpt1bKRj8WU!6++t#yl67a_u(J)ybdkE%rzRJJ0
zCNC&>-|e8MQQW6E>Ue)+j+)23b&@#p^)8(iLUWskvxJfoMP;mYv~#qJv@U%e%Zi5|
z<^~|hIt_%YG4!Yf*ZCs?)jU#M<XCR6ly;~i2lctb7Gvf9Z=#XHdCDnh9*TEQQe7cT
z7D9cnH&5qop{M6{-0SUnNBc;>Pis1+R^$LV!>Y&+yLX-9a#>fr{8*wc935RebL`Lo
zIqSmbB+3-xp>^@|zHeUnw}5~fA>bH^kO#jQQ_d!+bNTZH{*&!QNs;f%FwjhRXqWF@
z39z&|9MYeDFAj^bflL4sux%iY*%S_`|Mgk>AUV+!8wdd<Oq|M<k2vmg-{`VOPVY-3
zbipPw4`&7>YbbeS_DC(EbG1LIv1G?25x~pWAj^T5Pwn9kjYhq93_&HvzM5a@7S(U7
zv4R)Xf&q8dPPr35>x$!Oy&yU@|FbRJ8nTY2R+o$rN~5rvlXN>GKSBNvy0*`NXXvsU
zFOyae=<b<&Pq78QzHD-)0}z53+$R*T9&heGB9a(T`f&WLctfyAFZ1MNIPV+rkE#^y
z67!{@5@u*OjZZ@24=7VW(OkL!zHeA`bO3m|fU#*n$P%NVG^egR52laofz}QmUyBXA
zay!;_65+F@n+Q+S+@&ob*mj#Jy7}_st37>ANIR(9A%uJ|{<e_NuV@{OuMRe%KgLRW
z+Xe~kErum6h>6`6h6u6l3+*PPLQ_&{XvfNBzpIH20Vufhh6AF8l9Fg=8|SCB<sK7-
zWx4c20I$K<;zPrH<*;=bl}!9m<v?nxRQ{?3$899}iW;M0Yi$8Y7N$E84)R`Ha0zZ2
z@9O%sz0KA78pQ*?yE4>NZ8K*w#Rph4@YYR@LJRR~ANm+RC`cd~sTCQ@*9~OW$Y0_i
zskU1t0L-N~`_XPg6vB0`uNPx<KLAcYz|2$tkV!7PTUd_jjOXmUY)W$5^PJpbDEAwC
z?THtVSerb3It!+-wX;(~NeR#6aGp3<>kHcV7~Y2sN4p%Rjn=7a`(f_XfMSEYMZ%FZ
zFH^`)#%OU(b2!}<UK_fW_vA@W%MVKU_Un1s%U>k-F)W^b_nG~i2)tig0I&Z8GJ<dL
zKa(W%5U+vs;MkJ{!-qA`%aHf|T1i282U+?<QC>1~>f(gVdq^NZINKai89#6pt6sG<
zdo(fyFR})om1~5QyBJ0u!!@cG1GVmRnk?X$Em71xJvs!B|FyjZs*DE3x4iMuT;-Ij
zy06`#<aaF&IdhOtS-gMgc--mKo&6T+bu@Qh$z5avWRlmOOtwH-q<H@dAePX*FNX#2
z3*Ix7nCiBk(|mEqQT4<7qcX)qYB-0VC4Br<xWK}|`5qI&zG}GgCp<qW1EESZw3ku7
z9dcvA2hF%8L}WVUF)OW4VU}nb>z<>hBOiDhhF~Evp48&}jw$}~#k48jM~CN8{p)%4
zp9}1S&rf}9mWFC5At{~Kf^$;+7pk@Z9u_Jnv3T0`08(@hAxDZzGeE}4TPCZnU?yp)
zC;5sPujOm-#VIH$dQyzhp9qk>nfP`0tJ8+=GVwy;_gI-zOWjKyv70SCdXCH-R8S~^
z+8sC|Zy>ZoxmT;YHEKxVHE{ev7*eqJzJTs*DxM<ka!_g_U+fB_5+sJg<YnIPvD@u?
zpssMRNYsQ5a-1Z6IgDNC=n-2`e}NhzB)uAiCi`3`p6G5W=S0E=r#Zb0$AsUykD;Rq
zWRPEk5HbWF+qx%07az<C6&?=fRs%>5K+Y7T@@azuij1hLAb1dWN-XCoHM2i9)e7)g
z=c8&B=%mlVjer28eZp~m#+#Rv{zX>pMmoLWc6G%8E1jGR%ZqIW$UR#2ij5w71NaMg
z99kvX1)d3m$Gxxe0bIDa-jvTOM2U;}R6akzl>~+rY)ZO3_NHejzLJq*Eiz5E1a4&)
zkFC&eeHRLoGb+u<H5Et&pkws%6ioW&Z7xKod)Xk3Va{ou3R7sc74Dy!>SucdsOaIp
zR8+s*{vj&U3K@J+aI+7dB_>0B0RkC0JEePW9aY`}M`?Br%dgjvb5KkLkp%y#_FjAS
zRQ6H_gvDvKWltBdL2*RWxL50JS6`n&5E7<${4z(hp6K{kPlgi}zd~pNaUYw{<+e#;
zcsd1YO>JerT2Pm{0x4ZkStz}vfTz({vAm)x;o`o7e;*B}2bCD%E|l9pMdAorJR|im
zIFty(e8$L#s*n`?em9F#T~Ka_?PcF&+?Qg5$l8`e8ZTPf87(q|vmc5IjHk)u<sOs}
z5u)bFzIP@5r$i?tn_yBH$TiosPoPWqNXdZ|VlQ5_p7*E<B2-lQ5!AJ~Oa$~EkiEax
zSrXJlM-V19cfh57RG^v|{u1sT|JSxeSiocXSd_>x#^E>>&fyGJSw2KVG6TIDI4tZw
zm%;!3zP(_M*v-s;GY<*3Z%{x3HNF80`wBE9-RRS*?C*i7V#m?30gCG#6OKC92ucU0
z4qE~XHc5su_)Z?@4SZhnvZA9ac0-A+udX7YE6}PI>b(dy=P4=-WtYC<e&FGNTu7fQ
zgx1q#=C{;je23o5S88#ky_xU7uGM#kam+)vYfJF+X5him=ocAF<D7JPjwxdnh^}Nd
zm^XA|!RG>QkmORAwn^MotGS)BBRdvLRGx9~4C)09#-TLDG$CI&tp%nrP(>sW9<7ai
z;zr5_DDjQ%d;d0jD4qJZ$pjNDkqTQ1EJ8p%k$XcJ4F4?$iF*CMW~Z4(6m^M&3*7nl
zH3*nE)FuCIc~O`A|92btXQBR7Teqk(GTLk2pdKY*qDPgMM)R~a3Lql0PPh{x0g>)E
z!81l>5+?!!#QG!@*F@>u*I7=eZqOV{68s*q^M4>88L;>7o<a{v>EAEK$v(Wd_ANRH
z`4v4N2j7tYi%}MUHh({9VIB}c<qjyc3E-)CXC<#i{rgFcK__I{$NOIaekYy4i|I($
z08o}cH^eQg7YpSzjv2zE{eQ;Vxq9Kj9Xrl?f9nOV<N<=uA8udM-616yR|Z_%_hS98
z$DV1s-bnj^t@~6pXI|HggSVddYly0RI^<OFOg*jyID-!K@@qf+_@3;EyZYTSSb!GJ
zv=aR9*)zHJFxcB3a`i{#olk8!ncCJ7<oM{~*3}-f9w-9Whl71?BXqp?;Nm~8f3b2h
zXmr@~Jzey3(|ZPxl;F&3ovoh(CP@50C9u#GxI*yi27wg)c%9#UkXX)4(f=)YUFpy%
zQKb?#PKF&~f^1K}a|0JKLA<F4G-*ej$)-Dsi_QR7RkC_=0<CTQe?)$I?Q?JfI<etj
zhkYAx=~;oXs^@xvkEejDfNQIqPfg*p*qdW0m%ilWzRh5thggD^dsW@+_n2$P+W-0U
zS3W`Dg?6u0^-Ux$HnTl2UmstfZWHotF0dO41b^@FaUaZ&n=NQup|Gy4Jxs&lg{;bz
z(^oeHEUB{=J?>uHyIK2x{O{8BO$rijg@44P4;@s^C@A1ksyMi}KqS*&hIRV~W<?p1
z`;qw$(K2uDvTVQngf~UuqUDF%^7G!-J3haEp`9^gTEd!BSLXxAm0euEyg#<8<&@Bu
z#D?YX7j8RW@upm(ul*?F$3l-Yv*Va=z397Ds-W9=$7I4QsYh?yIy&lRh%CRFub{Lj
tH7M3OPin$6hvL$UM+McE?h_LDd~c=6pP=KeI{z7fz|+;wWt~$(69CRw;JyF=

literal 0
HcmV?d00001

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_pagination.png b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_pagination.png
new file mode 100644
index 0000000000000000000000000000000000000000..42b691616a6794b5b4991127a8dcc01cf619e4a1
GIT binary patch
literal 32477
zcmd?Rc{J4j`#(HNrA17OHDp9tvai`<#=h@ngfL@g7(1a9rX&=ph)Pk}O7=BmuOwS`
zvSrCm+3#!W{rP@A_vd&2&iS2lpL73ncY4p;jMqHZ>v>(*^YM6G-PG4rqdmlO2!TM*
zYN%rj5r{ol1cEA>W<Pv_s=|*V5HxqZRm{EJ{Oz4w2?%a6^xvPjMTH%SUf$ed7;aHf
z8xIdbypxRs$;Qn~(4F87AHnb4h<GP^Cj$QOGor$x!smr0&x;8gi%4*bDT&L#i<q#W
zh=?%m@AEbe1owX$ln@k#2F~f&*g3g-6TKXH|32YMAbB|v-TyWyA|@y%DDw9g1aBLM
zzn>a8s%U7r=;@gl8=DbjBsFwh?DQzlh^fHP{~04R?ex#6Y^;e|Vxm|nJi*9Z8Sks?
zqwA&e_i-tlzov_%j;N}R9k-~evyG3DffUI=+1HuqVPofR7GP>>k8{>>F;?|7*3dF^
z;1*Rj_0f}%hX4DyI4P;R+DWPz;>2uJ;R79aN3;esA}k{*?4lQd6Lk{N3lugHHkXpp
z5%>1cCF&CFH9Z|=4E)g!S}MN2E+lOqTMZRMWltjwqL`}@R?JbyUR2x2Q^%cTXD968
zVDD|HBZ2kz)|0XI4)D|0va=<5yEzfvlzgE#H&=aaU4364qO_5XqYFV-MAgkK5I%R+
z!ONJ5cqofI+Y37z<Mh0Job~;1I^sSiPIzrUQ59Q%LVzpIL|aTp%D_`iPv2CSASq0A
zb@6cb)^gSIwRbdflfZjnwcTJQ7!y^js=0%nou{6(x2u_#o3=DbQ^L$u8H0B6G7iAu
zyaS*|l9Rr!o4KBos1nIm)dxNZ5H`?q($Ob+X+aw%_AVa!rn>%=rL!{((DrdrHrKK>
z)>ifLcUCqtM@#Ct+o|Y?sfogds7h;S%NUq?Ntg?3p&fA^L^nf2Lw5}icN-i*(q6@g
zK*A8c^)MoMdvkvSrvMKd4N()R0HRNzo{EVnT2<B55Q9@8sgkfp;yR{AGJ2whrp7o8
zZ#M%MUy_zH-qy)Lhve<*D1j4p&@~kHGog%0LR8fN<L4+MWp1Wv=Z!OV5RvgPa@P`e
zGB6LoiWoR5k)*u54M?gcA`%+Lx}r9Q{_bFn%1UNZn$GH)cAg><(%PE37&OV%2rNih
z42$-Vz^OV2Yx-lc8V(qYo}Us%+g3?i%ics&LfPF2Bjey6fEE?jR`>J8XltTL60T@F
zA7?3TNq;prQDHrTox8s;*2s^tkS5YnIwtzY9swRsdQKh^#;`(~L?3g12^m`%Uo#I^
zTUaw#Z9~%lDNRo|FRVJ=$qx>!u?E)2#Z$$VsIMd`qh^9v@)GxP3$*uj^HsrP?M+0S
z{cPOSRJFa#CH#D}^gQ*9-SMsx#!{Nvl15I-M13?`S;EZFO;`sS7so3r*=T{isp@Np
z=-|Zsg?+G2@J<D7rsbfAF~f;FIe7T`+k5JGYM@1MCY}UwX#z<}&)&gL)ZQe}$5_eS
zUr$fp&4*|hU@YQnFD-3PQiJcSiRvi1=otGEbPP>Q^^~NIeKbY%J=};I2F?Z!s?Nr)
z#?DR}IQ>APo2RdzyN9c|xEoPMNkbS$W9z1*B&{o~uVF$k#t7rQq}^=|DC1Lx7aRBw
zj-axRCP~^sUB?ltLx6WmQsVk*E;xG~j6LP8L4b#pl!LOZvxum(kGF}vu8)VGvMNT$
z)Xd)06TFD3l$5$5UIwkAV(96Q#`_pbO559-61`M3B#EYGZXPl|YN8_2nvUK!GR7KG
zfjB2Sg1?_LNm)uFz)2gv?nN>RknwWU#fz!=8Hy=kJv>zHH5|~&7=L?PKOaXt41plx
zB}H)=6a(~7mcW?kN~xQ;n#-6NiEBB4Ns8(Cn)_(TNXi(%tdv#pMjF}%{sGQ@L_=s_
z&(6@^goO7}BB^_s8F)EEKVI;ZAxV^^?yanemD0dS*qeImiK-~6n`-Dv5N%9-McqAQ
z>~y^){h$wfvjC!uhP|zbm#?a(ha|?>UPDg?XAUjHUvnccVQ+hTe<KeSHyhY$Wq)54
z50bHlk0x5*Sk1uJ%@rqZ5~v|V5Fvp}_rXfJ$v8>7P)whI7g04(!V|T<v4$c9k`JD!
z=NL!`^s!OXHYeIb+oF;lW}5Jzwygm{#FZfKE`}%BnBy@jK5n|+8tO{MlA<oQPG)*q
z-e`R=Vh4<lovwzzu&<$-pOPeePs>kR*;UC2YZ9PuuWM}XiLq0+b2d}9QSwvKF(3&W
zWAvQVL^QN;hIVLM6$jNoKcW|2Qrt;K#TJ7JlqTv1+Tc|jlpT#BXgC;XV7wf(Z9SDl
zm5r2jl*J7K)dCDe4NRSN%sssPNGe)RPDDpl4Rsq&F)v9QG+NBV38PCQ68=mCW9KQR
z=4vDZbJ8^pRCd6KX{(x<{arwD2_-LMRdsb^2M0A{FBNwQbysJtKzp<%)<*(k?*!|h
z>|~%W=Hvn^p(>0gNCs-!IjeXm>0<1RF$P2>48^&-JNhX(_?jC8N|`Bp8A~hSeGR;o
zG@RAVT!giie9@GXsqU?T)^*VHL)&R88Q_#01JN#8(wd?ejD#i{?cj%ZHxRe?4m4Ny
zGmye4+Zm`kVbvY5fu7Ee0fu_2ZdzDRZx3S=QC&X`Wd~DnW4yYbsk#$JL>29WbCc3i
z@fX!m3-nW0f-&kD_-UAFN&6`~*gA@8=*t+Rp?4_*TM7FBVPSh=X;njG5jzuSZ5M4r
zM~tw)j+UOAu&|jOhUn!&iH5o)Zxwe8P8Cd4)mPM2)W;VKKWW(M`S?oPLa>H6|BBat
zf;YVXC-o3hX}@6-jzFA7Xke6#{gY=0g1n6hDS|um;G1X6YtQ-8dVXE=?tLW|W%YRK
z;Mu(?$y=D&i(L2WnQFf=BlqLzl%5z+-`Ib_!2M9zC$@b`7sF2Px#m%IoaRizX86UN
zu@KIKV<Dj-q0e265{#8ixD$GxrnKVbzjh23xC~8aM^+4NSMEW<pJ|`(KTe*89|BK_
z;F0jBhYHPrlzA~WhQCyKg*j2kS~Vb`WNEjjr{|891S(Kl7>|rITKe@XQZ=pmjZLk`
zc=O34tdd7iVX?9FYPl>(c^;-bawG5h=B8c!ZDyX_=u<LxIitvdw3KGKBLq-+Qt(33
zJc7mGiSRNOPkDau&zE2XaTSyoBilw4D##9AGCstrVAks4MfWB&GaC&r$;Y6r9@hVA
zaA#*{VQsDc^JCe##Kg$QvVJw4oe7+oj1rQPC`n0%p^(k<Yd`xUZ``03mz4C~Oo@ot
zf9A}YCxwM;aV<smgE__~CL@h;T#{8)iY*^Met-r}Rj|ZJ{244KC+EWA;<cC<x@XUx
z#qSQibBIYZ`}sCDHWnczB}JwYXQ73^80rg;j~+aD(6VyAE8Bt|*<T*89G7bIsoe6R
zj2Dl>@8P{kL-XpHX1S_({PR!qsgiCid-m)J^o)MV1-+oAO{S)%=#l<GL0l3NCIRvy
zBFL1K6nZ4y!67M_7#u9W5?G;PmXY<aJGrq@olK*trR5e_mF6VQl4Vi!dE%ECzJ~+W
z1iAY9l~IN=Mqgk5i_;^{tDll(jw9YUck)pmIAFIr-Ra@uqe3Ey*56@^%Fh=^T(q=g
zQ`lNS|M0$`{Xm%Nz|m7zQ&Tw(9Xb@7l$7}~>E6A)L?SU+F5sA5!<}%`%(~x;qj9OJ
zL*s!P8ymL0`A$5!ZasPX*xA_^mX>PFtb@a!JUN{#AH;z8($y8QI@4WSTf5iY-Ti?=
z@P+1<7OMBpT3Z_%ufif<va}QlTyZ=l=db^;%Tv+V)b#t#_NIBhBeH*B;A#65{fQGd
zK7Q0jyuWeq_-Pc3y3Qdrct7H0PEP%7&pUWvcy8_vq2>P5k`nCtZLi7C)eQ{?U<14+
zK30FYd7L?K_BPlGIWQq9iS<fwa9OefX-wTeAb`rT>JbV>kEGteA0;UGd5mG$f>^N+
zS$&sVi=K(;<;S4O&usVl!XtJWksp(!=s2z{P+_Q#pVgfu$>-zFOS<>J+^TTvlO)p&
z2LG~zC-ks`QbSkvKG|k?N50$~&-*Rk={U>{2Kc4Ff2*-o==}L`)wF9cips4et@2-k
zLG;Mkp{k+TkeAunD*F2LU^(~CTSWZqE2{nUiT2vHYly1@WqxSP@cev?R-)k3>}=Y>
z!ND(%;^ukygZG83k0O=eTZq#N3RVXRq3bQy@fIaVuxoX2Mml0nDTbWVx-W1oH&-Zv
zj^ijJBjarri9>>df=mimq+uD};+u}$h>VoQZ{u*d)2M+$ufUn?qT%W3L&G-3!u_V=
zM|C4Itz`Y?j0at46fMKE68O#dmO~b*4|sTaiIpAwH8*gbJPbzA?1IZ?xOZ01bVtE=
z_QA0{K0dzFsNV~<bO}>!ZEf^Ouz|I>)GF^OL$Fj$&G@Ox%F4$z>5D%*ABs8H4pjy>
z4_Sw-b7R<dTv>+%<$~4(Fw|->>?Y~CmSqg6u+3ldcCeWA$d1lVDg?Wn|NGd^1K=dc
z#&d8;7nYZ6^+J}8-{w$c5BfEyVs6f~5-5M@@L?)MczF1inN^y@hig;hgBE&Saz}2S
zO?l5sEVo&z?PG+s9t@hV5X^{SmuKNpyF>kjT~JO=F5aoWx{02YmzNhmbyhEBRuXSn
z=BxA2Z+l}E*4@6F6NTD?3X6|FfzVfuU%XD2kdUC+Sn4^tA1s4M`+eBH!*4EE@A>#x
zmJt>9DM?CkX}KYq^+2?0TDf0!*ghs1(sR*@(GbMdi3xkydXDAE*2t==D$<J<e??a1
zuIbK9PSgYWpu)VZt5*?Znq$Y0gY{gnv|L$Rvv153qd13zQquS#)!R(hdfqvVHgJSu
zTwF3u=7~;D)lbop3p<<hqc0MzlrfkakGneJGcwM?8TzD~nUfO%ZaSXV2$3Hd_13O|
zuRZ#Ddu8zE1qtn#Teqeq@pbj}e9P|N-aKuI^%-kK5@Zk_zve8-G)FlUvOc!=_P)N6
z)t;dTwm35r#Vlt3ARgYq?BwO;pLROSR&;-n%!YaOUVlh_-`Yx-8nVG_|2esb(1^=-
zj3WiT8Fj!D2uhiqd__lTd9)wAk0m&O%g6Aoz$R4p^|4C1_y0&3x2y_bv$C>!9OC$M
zBuc3ADtQ>r@8k4r?7RJ_Fn+Tf#193$WkujgR2cXm-u5E*fnI*jnce~yurhE=h%X%-
z&+{`x)pd1El}&Lt77VpTk-JH{nVA`vv@}ywQ&Y^=R?$!hD@%0!nR6V9A(xzvgTr~A
zp0141?!C?2i)Cht%!1>G#>6HkXKCwcYASnp2s=AF508(B+tfzzw!>L@(&otY*QFS@
z3=MI(bY+PIWEU2i283y*wY_g?IXu~#>i30Zt@7^OV{*Uxy_%1^Rs8(;P>kt<_qn-&
zGKa+Ry%%+KXu&gZqRflj*=%iX>Dkz_#ZO7O-yXDVe4U*Q-ZeZj@_=rtLUzBxY;>%N
zkx@JE2km5OBun&uIFTO;T)N}ucq-Q?Sn~@DYuek7gSX4jOI0;Ayi1bJdGlr=E;V%P
zw<noKVduBq*x1-*IILj44-`Wyd$#or4fi0czt=?>V6itx8)Eo_qvib<5Ep}3^B`P&
zAFK#EckY~iPChpe&v)>z9)5mi?n>@Gc`7ArICFC{o#IxkTiyl&0?e!C?ag1F!|$nH
zaC&%nylL{Tr5gd~=>c6+&Lb+Uxmoi-w&%Qtjt)#o1&e)XshIKdB@H^_NHwhT&oyQO
zfuJe1x1P}UOvTa3$zUQ0B4K?rYsQuv4Zneb0iu^kca&99d#b~GV+A5&e??F?-pY&9
zVYEKlGC}|Wk;c%yo9gFgU3a$`wi^Ntnf&#)-1+l5SjO6oQy07&@fBs8SI~{(@r$Dk
zY3b?pvmpp}$@`2*#{!&dZ~j48Pl&7t_Cb`mHyX*nkWMWUw|2*xmUb%X(Ier2B|PC#
zW+p$8ag7R&o?!yyLJ&8qTUs)W8lBzUBgmIq?w@aVi8%YE(0$+*Bow#VWEl?7vEP9F
z0768%PEtDcn>TNSZ?j4r1wYmR4r^p&<QlPRn*p552g=*&>02dUlaFp(t-Sl_(Jc|X
z`jsh%jo-h|Z5#Ax`S?gYOG}Hpd)M}>!#(cl>1mIjy%G=}`PlBT<j`RI6h2XW>&48@
zXRlrzytvsO<~Kj6f=2Isl$4ZEzffQO>cxwFPEJnb=xCFaj(4gmD*GU5p&aX|iQKF#
z3>=W&-d;q$b(6%=5fc-Wm$|uSJ2{z|XjfMOz$8A-rS<n;I>XJ44HjsWgwy&QM>#k6
z&W?`DeT8m~pFWvbiHWQ4Oe7IKroM8ITTk<wX1#xHk{N%t1~EL7TV<MaNC2CMDPcSF
zbx<aKgs&+^apzk`9~SH{+q5qu)oEe&T`M1(^J^UlC=s-*5#aMa)YpH9^Q@WiyrSTW
zpP%3O%^L7Fm%qKSkq+IF1Amy1nO@Hs(a7>=JZxxFH82xM2`KiZq7r^APtx_<laKG5
z+Ih(NbfdO3*oehJIAHNt_vP>Ya29{0z;R}yWHRO5=J}eO6DLpF{P^<p=(?*G27|fW
z@zOw(Y3<jq1~BR%w{?hJn%(=MQ3x?c3NB-faq60y(*>=l$y$i7uRBdBC$(;CeVG$Q
zF~bNJksAV|ROEYi@18~#dyIq~%R5pOc_ij1t71iZ`;@TX+$C9J4|=}hSIPiOiN$os
zE2H404ja9WuCBG_^U7M{Qc`J8pFY)7h+?NC!_RRO%BBRui?3EL%M+h?+_a8x@(T&+
z1)P_ZGz~BwqR%^WgmVVYaI;G=b6(D+l08J?yux~xTENtcM33zaAGO^5ZFb?1_87NZ
zYFt`di-7gf)z!^dr{$cf2|wKIGSi(q?_KugeH*9C2Qspvi_TO}1%o+<E?;qY`}XZQ
zKECODt&pY}<vd$6zH+6!DfYsO|7A$SJExiQj*NcNNs(iYJjy1@3-+bixU{lDNs~Rk
ze>hlNQo>silgW!`lOa*Rb7(ExoHQTZ{xu|3;?v9VV>K|#{H^l3MOxc~{HAwjy(;o8
zD4D3{=KCK%9E(d!pOu!D7MaEvU!{yZ(~ir#_TG(&=0_4P@v(${{Xp1+=96JL%3UwC
z663qQFFe-B9a{T7IoUm_C!)}NZSR2%%PI});8l|ht1p{cjiPgJ*$|Le3xkgyG?y?u
z2!}Y(l}XuDNr?(Fk=VzNfBrC;{tEfSJ$9+Foa}6qn&&o8MpGPJT|XG<$#;&9uOvXA
zsfJ_>1q)0BgW<g{toKO#AY?ocr-}ntUoWLhPdgJnAi!1yEDE#w6w-84<Zgl`gNLCU
zdl*fEXtrJBh2RZw)o7M|*`|j>Lqk6_H1M~ZX5+$#hc9PYRj}mb<oN$A=#JM_Qrw&s
zL%a_^%ox9%$W8~Au<}j#DAw8j$E(T=Wi&b=w!nMptChLf<=Jm<rG2K2a|K!k4ULQz
zyDZ>Z{RYxexV`Yor^G<lEr~*rrkN&zmP8kq>qSLHqPACU1m5SQWPSYj(Kyhaa(5BE
z_>S`nOJo)#%}N+yNWxtQN>8S##h6CyihOjDHiaCt+59?OsG1WxYHE}TKUf3h;NI6}
z$0aIy43}Nl%A(Nc+;o@wTbUm*CQ;0H)*LobIitP0v$MdgRQg+ii&^Tg<6Xxm+!-lO
zEtEsy3KJ@9YwHT-Vt@*Rp7`3kb1V-dMf!eqK~x)_oXqf6b^f9D$z!}p8Xpi4!0Wbq
zbuFb^f+hM`2rXwzv1d?2U$~o_8_#y3!EOU3(`|rc7F>5%8ewc=g3s&?q|p13)sU?Q
zmb*vNanyq+8ibuZ>BTwIuBT|SbLY+-(+ypVia-er#X#%-$=L|8lOH}{-nCSDO&(Q%
zP0&t~q@A0aqeo`p3J$%mjqUvUbr14dSy@?L|GvWv;B@)i`Y8_nNSAAQPCe&g1Z0mJ
zmSxh@ED#wDI9MUeUI`42xo^WHdXAf0g*n+DLYTZ&(aV?T2#D`H!v?fNtAQ2ZCHC?i
z*tgGyaz*Cm=g(}<gS0pONIvAjuCT>>S)$X88ec>DMt)ygo7PT(M9EP!SHz361+u1l
zJUY__+vq!gGX923moDj>n>#LV_VxA-LxM>nd>9yD1D~C)6cv5)#EIec$<+Ba(T%$j
zoGo9D^2x|xAEv~|-vATr=;-jq`Ch(!Iv<yvr#CY_{n4sP^vWD0Upj+To};R8mnd&9
zub=4^!8;Y;2<siY6o_E;twEaV>W}TXxHwI&nP^riTL{Z=^PVfH&JHRK33h_4gC2=d
zQ%igC;zeJqiM~DpNx6=I7x!G7#TJ*9`ISaH2one89K~7i_Vy@QSyrQT?Q7)Ai{I-U
z-P|M&>PFb4P_i6IVNRbpLyh|C*7()A;K2nSK1iev43D%w+s@7v{b$8zrV_Fs0~nXQ
z?}<eIUSD5z9N6ef0AtsNATm2UD~P`T^plCX`2*1^8xG&j_Q1fv(mZPwYFI?Wu&$fO
z&kDQsic^j(Vqv&?@4f05D%4R7=MC=@<Z`c#tc~Y8wIdL4r-y4e9=|fJfNHP-cQ|b)
z?{v?^!s2kW>RxN>A>H=+7!Eq5LC)=O&#DTV_Vf}*6A}|GBtrj&RDnR0n1n><*i>y;
zSeW2u7dTk7v2lFejFE}S3%QD7$2L^wZGuL{b#Q+#V^+teYW5yDdJzM6DMjx`g~TBR
zGFc<?Vb?TKk5NHzZm5b5E*3}Lp<@n!V|%7h2sgSU*<{$PD~YuI9CH3oRzln};r`;o
z5}!0noFA+RmK2s*W&86m13UYjZmXbAZJ9P*4@B%dHddVe#Efgubt6@Z|M!FW`T5d;
z658V8;+KctU%O*P`>bI<n0DOW^2K^qY40DgX=b$_ehq~Vy~;g{%47TUt5foUC+4em
zE8$lFJJ8qE*0NQwU}9*YOVok?h)sy$<^=v(g{v<UDTXAYj=@lumzM*~g1Cz0QXPgA
z@K1k-{xrI8-#(cwr^<x|kB`YR?N4Veu1Hf*A<`ST@H~6@vXL|Oabn^DNb)1ENVbjM
zp-i9}>?4vB9U(pT4$?7KQT!3)Dmx6~>;hyfwh;79;Xcfm*|OZKNHkh+2;EZ4jLOW+
z)EReB+<e$M9?od>=GE5Lq+-#_^55U1{Kpf_Hdf00*T)kVTX(lw8FJII>$-v++}@5C
z<1Ad|C$r8MUg2=%Eex^F<}K{tDm-B^Ej_vfU9D~S0rt>%kW6#y)~zf-xRRPChK21(
z(hLcy?Bo^_YE8eJl;q-567(xahx_c=hVRE%S)%~m=$b1!y1cX`?7wgspegf$kU|EF
zUylpw?vFaVy<JUySNLry_|1!N8^HzX-wb2E8M?k2y&a`KuZE(`@p4S__1QF7PITna
zI!Nhf^R@uBcn=_05zWmDlpvlYj9*n$Qd07VY=It$Y~yb!`+KRZ&Y-zj`X0Qhq)p>=
zYL0c)Q6V9r^4*<HX^&w93oC1OU?}95mAgAZ)cf|qy)9|`GSY`)t*$k(omFhIzDKC2
zsQjm2We7tknC&e%3=UY;*!TpXNC*V%Bl*^?nvvSbw=Ug+x0%KEgLQuZCnIBgG;SXS
z_v1N&jfpYJ(B*{NT5i?O1vz>7#jWL5J4ns^ch)CIrlxLoTZgh$S63gMAC7-nMLB^m
z7bMar=I<CF9LU2G<Q=5=;9vhViNOp|0L1^_Klt@tbDFqn%*ysA{W}5bZp8=DQATG+
zCu-J<rF}$mLWNmHT9jieLphpl?Es3rN#0<9RqXlD+njc0gU8lPuy*Pu@nV%f=iJ<2
z_}1R1=VU!k(dArHMqfI@eyQX}-tmUG(9<Vm%KVgeCu2MVzq67p3Qlpi8Tj@dL!mbR
zn4LK;z_?#iWo(NsZmDjvv9F45)l<Zg98*x-(J&oXv@3fi+v;ZHK8~lNKkq*-x=nuR
zM**321YXJAl_GwK4&ZpU@<BxW%!k$D_#2U&OKCFdJ%uH7g|Xz94uAG~z=S<IAwgPk
z-0cLLd|1SX8&*OpYILJD9e!VoEjuGEv@v*!_si2TOHk99v%K_RN%D0Xsx3CzvB=P8
zl;v~PadPigxxyd`g=+cJ^G6f*PMIFERX!q`S0mW;8N+9^j{BXxYlweY7aM;}{efSe
zA<cb`+B$Q~q`Aiz#ZAm)9rfsu4=LG+<dk_pa_W}k>(w^L@`T>W7ktw^g4)3iN<m@d
zMmfq@ZhDT#l{@XdRa^VTfAfB==E!22dQW-VwV)g1#uI-wKtI6vdHQgDIbECo*-s<f
zFzuJ+k0*xZ(U=a3vvak5DTkVDRq0vxa@4LGT`&w>JK`>oJpVrr2#_W|GRrN06oYh(
z@#-3E=QPj#U9;0WJM%k7M`Zn;@p27}aId!%oa<DR^(P{c;FD!80Yo8aU3nXlNG>j}
zT09PJkH?N3(>E}%S=s<pGT|3oMAv#skDijIhin*dMS7%MMgU9e&cM*ftBe$7Bl`#w
z?$xb;4>vf>G-q#m^hd?K3zT8g+8IHUtt(!)t{p@gn8B`{65!;dLhS+c91`JPd@mp+
zfPu+)r8mu3hi*%FUtq&fGYVPFzVopxA#tZ%S<)cW?5ATtf~>wuwRd5vJmyRMV<!{l
zMdI#$<dpH2br9{zrkkcht@<oqiK8Dah`0jFeOmX2yR?LS0xN{2nQjV|BPwXV7vN3+
zMg`FH&pce_YkDbvVfJJNx6-Uw`ZE>3pJ_Bbl>GF1^~|#!xI;BoAK}b=^5p&4YH8^O
zNL5}yNPM83`|8!ya_m0D_5HM>2UYeSPzX;?cFk-dhi*#!jtQlu#XfXwY{qCP%iTZ!
zfDT!mKHlPnOMi+vZ$%DT^o;4hzZAR~D;p%af>IA$RJrG*!f$#}C``6$la24_sf%l}
z^YCu7;m$)#(_kEnW>>D-Qq`8$<`o+oo_1n1(=`h#t8>^YD_*uq&SwpW(F}3deNN`V
zULcUwfOK%8qytx8HhHUsXPIQ0@|wNdFSkg2|5IvAdYO!AB9eV~|L)?bj#W!3@*uK$
zDTeV|zBalf=m$dd=xpd%;h8CK%9wr}IP&8}o;!4wpJ*NOTiJ!*c0aA5Rc7?f>YrxT
zDmwTxh$r6dJg{7-W0x*{jL0hHMC+FlqIy=(4dfqW-q|^K<e*Ym)Zy>@=~M^RIH=B_
zM_ld4zKdO+D{Fi#ao7_baeCZ(_oT^WD_3Y6>H{rvn140{_e{5iKlRO*xp4es%*{Am
z`ingmR##OlELi*d`|0WFFN+Qsa31#emv9-rr}vB(;wIrn<bjZxpV7a)9FU=N0-tB;
z>SkaWG1R<?LOtdE>HTHrXcQy9CA0_(roc?*PULA8xvM0!Rk{iCI#uOK*dIX*?<|gf
ziF)#VSn1xc&iW7Dhp=wZ(O;rY*S69Xg>G8(L#QHHhh}R_UDAnS6{QYuxzFkK9rHs)
z|BW{<Vt6exS6L{Gnvrqr^P}(wO4pw-Dt&ySR4nVob2oIA|A)$#_*CMe<ng#|%DH+_
z5}S~k3I+i<8VHh(9*rPB5Wnh&Z^RWipG^79vAb6*Y=`5~vX>hlmz><k!ln(ylwH<+
zi*F@`iewZS$GdaCZ<N!WA7qCcfVrK!pkc_i3k<|(M0qnRJKHh)6&21xXF`H8Z`#P{
zDdV+}_lW+GRg(`2+u|#z#(-az2s*Usr_~v{?xsH0w|a`S!$eM(_lSHse+1&3dFhEj
zWc<%>Z95O!+6D%j&!8H>ZIguI<^+jSB>D2s-hyw1Zmbg@AMQm~1BaFnaEdwa5g=s~
zsi8M-{q`4U9P2Yy_4gn4OS4w;^%l<q^y<pE=$iW=^`~|{yJ?P{%gdys!%GJD9^H-#
z-6BR6Wt7F5Y}GM-p<}uVD<|NLCJ5ps><OHHT>|3IGm5Idd<`?!YhBCK3lG<96t#Ce
z-i5P>>dURXHD<l7`OvhKaCimfD0tpYkv$*)c5tg~USQB3m8S@v^}q~M9^hL~+NS`q
z1zzLz3FNiJ#Kfh_$|Kk&>@Sb4KnBU}2jr7wtLDY4ET*m%S7W5C>y{o%z45GKSJOL-
zQVKorDSRJ80<u<qA$>m7J8)ZwBbXYg<YSs%*CJ}>E{Mf1u05p1W@k4ZI&#B`8hh=U
zqagn~N9=_1eHlVu5x-eI$)Q!Xf4G{b{qXhcPZ^c82;A;f8?T$%V<KWZ*NP%J!T)st
zo7q@>AtI}>ajkwRL)M$>jr+g_GL5L17}YmLJh%N|Z5NlugMztZU2NJIb3B#qloov)
z?q>1qg??UlrAxkSC_{cvP3y2XjeD{NIHIsKg0?N!m_DcsDR~*#BoaO>jQF>A7q!pq
zZbue937(S?ADi^q+?mtV!SM<1c;2e(a~8ype}1&Df`*TdEzh~?;bCl@OV@B08R;le
zI*?R#nF^M;u~9z<Utns+Pw_rBq_SAfsF%Btev#hX;p9Jejs}2K9UUE>WdL*w6a$K`
z$RIYuvu<x~{+=yknw1MUa5gQ<v+O0a-z^IPL8tIf(n!nOxiJGZ4rRpex`qsoqM~GB
znIlI-cPFHz-`E{EI{WQfZdZ2g?)tA#u)De2%=SZePP|nCX$@|9;B8`ur*8$7`93^>
z-Zd)_5m8@WlXOxe_*d99@(q<S1|pyD?)-B6_(`Q{W0lM-PNQ*w?P{c3p6J%rmj?+i
z`uRSFOtK*WTiFgTi4#Fw1_Z)?;-SNZ?a>|v_|y~tm(^7Y-}6Ai<$h0qyqw&V%|5z!
z^2%M6VnvHRmFAZ;a^CQn`<MuxHMu-K=Xk|Wfc^XnZl1as;<e`DBb(N{hqWd@q0u%<
z8SB}+;SPFSzMZ6~qRln_+;i6sAaH#AeXOsOcwf~<?nTT+Mka-p3QKmma(Ry?4o0f~
zOAC;(XBDM>Wn^DRMgg7uV@jmhyZ_vP;t!SBiJ#e*dZtD35|VomkCvAE&|Q_mrl;JV
z?dW8u5xh?^*VfhTQ{0}?TkJ5>TWwxq&Ld}iF=0F!^EHVx^K~I|SxRmA%2tKdK{K|N
zl5d7r%GdeW#~7cz$m*EmmYOB2Y~xo;x=cG%)zU<yy2l8klGs&VUPnP*&kw!GReoo-
z^R@krOnM6IXH2uq;pX7bh{_9l`po>DJ+1p-xl>!v_tDX}0m~Csug)Es@3h^SpgA+v
z(Z_w6SrbfEq1XT9`ond{5;ObmV+AX%46DC$7$#UMj~o2zki)4?#)<4->&>H#I5sYh
zii3mW_wU~nu$iIathl&wfS$5)*r(LT)}~QHYYlx8mwW^=f7PL+-qD{QANS?esjHJ-
zj=ZWyEWdR^z^dO((Gt_~@R3@JFgx>T)7jJyaODhg>!ED>MIX!K6T~||+OHDMak!O-
zZK}L*e3kWM)zD+&#P{wib3X>OFuv()ZKCmUB7uv13~(dr5c)Xe-8ol8Q&#3veA$Z{
zH)pmMsL@kS_2O-y+PoDiPply3{#zi|k1z>8G0U~3f_`2XO|H0=Nsx;2lW(4{8(hHW
zD-;j8j9abf^k3R~o8~8kT&03<wRLpdXu5YcZIP%)^@{;K*U6T~su+_XyHhN0ju7hR
z9P!T?pB21*ZKgT4RZ^T9($H4+fV^?FSG7f0O0=Hwspn5F{A`z9d(2Jg5P4SKo^kn&
zQ<PRVXJvzPSFd-rlXzd9N}Z2Zb@B0u(enIY(%<XebA2zSWA~L!{t*k+dUL<iRPVYh
zYYNkv)Ia9C77N<J;Q10_4I+rT{l5OiqJpwDL{3g_y6gf8$;96BOP8(?U;i0Cr`nzS
zZ5CX1u5?w=tyNJ<_SJi%6q7ik)L#^`Yt%ITuuZD@($gq@!;);${5HyytTVrU^6kP)
zl&fs=)vnSDNi8LQd)h8p%up6QxX~bu@XZc?8)i-)xK^l=+8V2}U0>=m1E^s4)G9?n
z(BA$o_+_F^?Hd54@(T(cTB-tdps>ASG_ECQSAV3xD%AR6rA_UAU}+x4$0+)0kIsTW
z#BB=+qSrqy#66CvMj~%72Osx*_{%NlvinJKo3+HmFF0$W(aodSTfNUvk+XUzQgS8x
z`PxA)yX2Uv$e5x_Xq{lMqM7PgmDhf=-$bq~HJyFTg4y#PaK_W92XX<Ty2;YlfWuM7
zc#PESd)M+vF;oHAWdLhE0aO8$3r1~pkO1^BMeN`^KbRd4v~OQ9tE}ed(#V3Lv)?XJ
zZQ1`;r;N)fTt}VXRoNTIJh2lXgP~5nQdy#w&@%l+`guREss;Lb-HV(zh{?f&`1dH1
zVXzEN)%wnD5n{W^39}BL62T+b=YgOQ06rp2HErrd9x$y}0odXTEh;Qj2E;NKFa|DR
zVfw|z#h00x*U6U$N`0EQBCH}H#iv35iMUzHR173i1<j#DHNeP#u;M5sF~3xD>^voX
z17(lErDA#z!F-wWW|H+4Kyh)swg1Edk`apZ2b4A0Dt%XGaSS!6!$GI=Zd;cfOM*;6
zEy`@=rL7F90@09b|0MfW+cQHJpW}&xN%a;tFuGZ}sx2OkjZ9BH&lNjVhS)Ve3$gqD
z;pSsyQ%A>h?)}A2w=Au!jv}j{YurO1;3jZ`JUrHPPaQZ#@@YOk&4-HT&(os90DE`>
zEEp<msy$=$XVFkSJnjM1B*Ch-Q~a@Rq)w6~@AXF^0O266zJGs_Oar_)^4Kw8q7Eak
z0XYIZuWAfCEmFzTbCIjaXBiID3!y24#-+gZBATk?s|zg$zXks|b;T-(4HYKVO<aAc
zEW>Ph`;#KilkAd`KEsrFa%0RSr_ZLD{DnCT=Dx>lBa@kd%S0C^nqid{GJ>~&pMy7h
zaOt75o0|$~ZEzMA37Mu5YS*crR8|66+N!X5gqfL{9tl?rkfiVh7gE+5kmr-EteNGC
zr%xk*B|!9|@2jRM0W*jgZV{@2wHU6xj=1{a!v}XFfyLsjEDQ2gg8U)uL@%Cp*G~w;
z(-#sxtLu3<C*9a~JjF4;Am5ws{Oant^1ywstljE9)gA7kV?eGltHs=2T)a=#odK2A
zwyGbeOT!&D2!LOl3oHwtUhrQyjiL6NliM00y1Sd^;K#?uIRTHAk&!`My?>wK_r?aO
zjBvQuHw5e=ByAve(i}PR;YV9qg45>OPcdc`pma2-FknK}+-GXCyW>MFTxqdFRU5LG
zZhopx_;xD!mU?w*_RvVELblSy;SP2ap10TnN>(=A+^iokDS3-{No{c5i@Y-?1Rfso
zA=ffG@7n`4cP^v>(V(`G$-%DW&3x9Bq5yN=%OPRLJj&8OWr8%-PISUV4Ww%k<l+7j
zuVxoWPk78KFNofz=U`^O2|<h+6iGbo-MQ9uNF@`KlY92=)kz5vzada7OxtxMOGtS%
zaD^b%%`*c_Xy3Yd7(=ZgBO#C5sVNw-&y9a8Z59B~AbWt|@t&mDs`cNFU!Sds+;$Yf
z8&uf{;=^y;xcJ;Fw|XKzKK|nK;ADa8z;`G=-*#??)LF!)hFZ>lVd1bXlf?|6mCXrR
zxU~KK;3b4hEWcTBW=iGYArm9+j8ut?$(#pQ)m!dbn;?Kf?%aqSedUI~-T9O*DSm-f
zc{`#cb{q~W9UUEo@qUiM<PWjx>FTOpym<BNo#yUtMo7*e#X;NJqTn`7A)$tCh68^M
z_!$75PZ1bpcGduy@V-_O3!)A+E2|VzrpH`=2_jGmpZ%?USrS{d6Ma^4PMRDod(^hB
zG*@J6r~)KDqqk!Mjc?``HGTcH;P`bEIJ;9i3E(x0qsOw=MCjIOpN5QP7Y!Qjp+f*E
z<rBbaxAl7waTSzIO3$~alo8-**x?i=tiz~4v6DbxQ9OALwXm{+F*Rklx)%GQ%~5-h
zgP#5gWIKF#=7{KXf`YJ--`?8A^mnBwSUS=e*N>|V2!Gsg<TYGo4K%)%d|R;oeyxVQ
z+@lp~xVfm!G&M3o${G7;=qi^(+S|a<qHimo=!%aewU5U7pk6asv+3-I*sjaR#kCiX
zo_$6^VIfLHr0vWVDq*L42`MRemX=bYKMy{(>(28O&wD?zixM-tbE&oAX5*<cH`!H=
zBiQM7MlL(xHG%mzohtiMJYQYebuUij^FVR-*7X%IXoDT4jhP|;wR5fme6IDgK8Xmp
z+G0Oms`U%fXcBCAq%f!7`Ze!@_|YO#X~_Gl$p_H)16Mj5nLuaRJOF1#czh)FB){oO
zo&BR9Fr9-~lixk90}K3qbf>C1th&?3I!7b##r>`m^7)-mrWP~ZB=K}n{gWUiE$aX#
zz3gX3X3?jerDI<Yxot8&s?c;+IzF+rN=p5?*AVoVt3NX1M7k&poDx9NqQRiFf@AOK
z?mj2QWyci3EE^zE(w;vM`FW(MYEwR^exRTv=SY+Q=68Vrq!<OgfoBe$4gAveo}GKk
z9$BeyfA)tZny)(cg~A#;v)$C!7d&n{ROjFx<mI*bsgX$`w_<QK(_|pQXycfxOfvYI
z=cYFw{xV+g(AK=a-TTa7x90CxYrnjDXLBYBu={gLQy`(-w#VPL-ZDIp+HGaFQ<-9n
zm^Z6`5T9Em>+WS4ATh3BI@czKN51Nr+_d$O(O}!Ix}+`8z>>COO=imLXn;@-^m=Ve
zi&hDautn_!H<c=8=25dbcFM9f54AZF9xM%}3XfMPj#Q;nD`6I<9%V~*CwgLi%=1@)
z&x?CRV32#?EI<9D$$#Blo^<Q=sR}K16=*v{NVT3q7sCmD3+&Bof64Kgu56<m<JH7C
z5uWmOYkK6R=+>X&KV9*-7<AX;?+jPoDgtV!{<Bini`8LNla1w#ZbSU#-4buL`9p@x
zup@7OH8KIq_dW~zPP^3mfw0XU2;&F@WeHBsRJvE~D-ChTaC)bJ>*Y7gV_4E;FxXuH
z*Ue7*uKnJzdnQpTebTp&`qckj$h0R<5U4PfD2Au6UmpS*{2KXO%d`-e-SY{lVe5zj
zKLNI-9-id#yEjG?zl(Uy9UEVB&{JmU!y{L@3RXWoDB`W*<aC*<&wNRA^;{7=ebTnk
zFtw72*{&y#@Wqkccd!I9UIH$Zg?aR@!r`jzfq9*^rq+<Ti0rbM%PS9d-{%Px_LRFS
zSgODN7xNM$09YYI!enab;IpNe-QO_`CxN<&YHkf#6N_p-EL6VGxU`(Q+waP}^OfJc
zz-%ak$_4IN{<p96;N?GNdo}zNFN(P^XW`ZGVsvrVpS^s2BI%9-p@|0FHJV)(Cj#OZ
zBnL;##zx@1?#<CgCfHnQ@9F*SXBby;0|969AO~>}!^hd(q);;KSa3Y&`GA>VNB~wk
zN)w!)3b&M0_cIcZmumNulamFt?5&s;dMUa8QM){65x-Fr{CJ`d?ts@!zo+b{pJ{hC
zyZSw+{N-d*4s02iF|yN5lez5j6FWCYV;|MB4>eVrYgptKRx)!COCr2H3BIpReXhT6
z(^fbGYwEj_?pw30V(BmUlIzaxwlIruo!{-&GQOOz5d2Pk;VEU;PX^g~@V+WH<BN#8
zId1+|EoQ!TC}1U0mZp`_XJqlTn$dV8lL4Jt{jk)HQ@0YlTk(tv?;m|Jccs%q`x_%6
zY+y~8pEHPa!tpGO9IA(3b^f|u_ovIowhn30`n82V_0OdTDBk;ag7>_7b9rQL&E3U}
zDyw?N%~8*>Kq_5T#!+WYZrgXxo*BjaATk#}GQ4@Otxh^np2KCWVN@@)0xt6}R+65Q
z{3~A`jydq^+N1v&(7e_sUbWw=uC6k7ZzKe*P=b0TO>`|}0dH($*e#Bp9l_v_x{rGg
z%)G-bUNL~>Gu$f?bGw>IBXfe^DR2MZX%^_uG%{^P#G>Ec<#Ac~``B@bJOBNdgaK^$
ze?69zwG|YsAPO`0k2mgmXvq<RZhUI4aZlo(vFfO*?%&zo-6_;ltN+1w8SZUkm$RNX
zvB+6>gg0F8;DOLkwKXneA||@OigQf=KYmpYDx6dD|I5eec8z;Z$^I`N^N5KZhh)P(
zL&g?=<iE$@2VkCc^nXvM;H@}*_2hp&3-b9mr0G{YZHmxz&8U(ysFCnD62!6BC!<Oi
z{9}7TXF0-H^*cPx4E^7W2zZTXjpn1Q>Ob4B?gr@7?Kl5kP*(8hT>mjY9^m75SM+wr
zest<Xo^iD9|NN^FfN9bE$M*eq&m<CQfpW;(GN1l6+<%WBq9d~nw@%ma`ZGZ}_U9Dg
znd*OR*MCpn3*>C&3pIy<FW&cG`$HK7St7w31l`4}U$q`v2^~4A`u(sFAnSlMho^=d
z$}jLK%j$Z~_kouE_JIt&BtiZ&)EYvSj)tUkop=6hO_jgXa{gx!0<WI8{Q8NWo9zK)
zc&d(3C;eo$IaLMC+}51mOKA^8&wTk_c*h}Y?~7e^asqgsy=iwz=;v~H_(Sa~30rFS
zfPkm??Z6k_$&sfb6{r7a_deX!yr7YR{u(8uta$liMy!v^2b$*<TT8W!I18khW9$;n
zP5TJohJ4N_xTU>FlH`Qm<A%T6f@&8~^RMSEKIW)RrRy{<{8F<~rvZ43LT4-~Y|uD5
zQ6VUxbh6)&%3Kzf4A?dA?nds*3!&`mQ4E~!jr1Q}3SgjvHS*|*1vN|XLw~Kp+(;v%
zVvCd!Yf|dN|60(>c*p(!Q?UFV@6O9iiYL)=cNYv<dzUH`C~<;vuvf+L%q{@zHRp!X
zR?xf_yyO`Aw%}y8gv3Rc%%*bC%mq91t)M7yG6f|5mXR7^MJ+R5d3e~S@pVba_Q-{R
zAg;Bk463d3cv_~b_YcqkEv=OZ@O>VeY_Fo&h0;EYhbxYM{kY+u15t4@?^f0CJsVVe
z>0vKa++KbR&#KQ7pe$>|%E}re4i`H;)f2M%>W%(EZ2b|p8k~!Z=Vqr_+*YPFZ@XrZ
z>oqItPcL2|uBMmE0Z_j);Kx7|d-y%3^v`LfSo@S`qqCce>E+Xa&>uR2@xne-X%S`2
z`^ei@X;~tAAD};=P$VB(F`YV6K?C3+rS(6zl&r#t{QzTDT>B4WdY-|_58yfU6!0U~
zB-KR_e=-+)-GWQ?$%|*o0p~-j_W&Ug8~5~5lXG^CY5EY0NX?ipC;EQy;y>HJw6p|Z
z`Sd?$zOy|xVfcF(wV7FeUqQ=rrj4rC(KnSI6%}d7^3~3O{&Ib=0*=G>uPQYlBPcu-
zP#@}Frx0?k_Yy`XBVnb+O>KbALR@Z~KK!5S+GYH;$T~pfpd8|hA+~2we?VJ<P2m*6
zLs71Ot3CYfTYJ{0tcoXJGAhA|eWGwaJGd7P9v#yY?_J<mU;rdSW=m}6HyVUvb1RV!
zySava8`;Pd+R;hz+JBBdAOF<<2FH|<Fi8>8z5Vw=cG(vqfzRiMA|DVqi+8GBFC|}K
zmSX(eQ1|Md=l1m;GL|6>D06)V*7m82?N@gtyB8jBn1)`kPNs@EfE`URv${t9R<Si1
zx|5M6Wdbg@=lTCDx*V}##%=k=-?M1jJ8pY5W4VqQyt+j4;uX)z^XcrbiW6=%u5+Nq
zqgvyNLOG^KZNJcSxOl#b>Et5r`l;h8j>R2TAT<lI_1yUz5B~WkPZBqAkj%QQfSI~!
z=crDe@#H;7cb$Bi&}XkkWLZ7_*<8cA%$JsORkq4KfOwvf!Ntj`#C!ARP5*@=gZ%<=
zNl8(Zf~lRK*N$8VPIz=_yoDSSQ{<2R>@U~o``N!zdWhj(CksD6g$qA-A&{E(=D`Xa
zhWg+9`}hwX?gX!9O&m4w#UK+wT#e&Wd*l{*jGq3gbDBbb>9h8!(<o`jl@D$%F8qK#
z?FUU2s4g?Rq8knW>A=L9H2=LOzQ};><jsh&4^~2`u!u2?@j!9J@;vo3NyXN-ByGNl
z_=J2K;6k5l$wQ$JH8u5<0&o%8*)Lzdd=D5fC+b_Nk4sU@->MC`8&m30(uJ(bA8<y^
z)-$&<PWIX6nfvHUK4Uz8(N6R3z%BBFEw%y=c4v~;sfwxRhPqe{KV;r*06{=;>D>9+
zJyF7ILK}cSJAl*Zk@4O?B5puaP5(5dK6-tVB1sTW=jkgTt7mk7t~gHSIqV)3yX@Jl
z*{j{Sw794Qby#=r-SY$h5tM667>~)%j|CHr{^-iC`^<E4N=f}GDADOdi{j(tWk%P(
zU$M|;kWpNBGoDFn^XKo(QNdiOFg@vWoH4y}^oQj|zA;#Zhp~hlo%@N2W*PiO^?%r5
z5dBagC`Ae&d*@je{&!n3@&6Vf3`CJ11XnElHhAtj_~VDA65r^bwj|v9rN;pI5fY*U
z)h`V#EmSjAgDkG}(&u8&(I=hGZ$W<Q+E+*mGC(k`pTt^K$foetfA`L)h|kc-!)`Fr
zvHV`wSrtraGQ)b?DdR!ipcTz~?H;faVUkz`JwS3urQqP;45tW53osPGyfl$Ws957)
z7WwyR2W}-RG7=_RpNeejrk+4fk#JKzV#RMgD%1Q9z9Ji$er1TrqSU^DG#<2v?fI>W
zyQffLw{9J}*9~n`ME6}?rr<jNXK;y{&)iY#xieql;|3jIaF0{A#&Pk}X>1iP>fFhB
zcO{SKff&j2#}`h(SZHK@XRjtEGGeGfo4ps2tQg7;_T1Riqy#iIfEioc+p_0_T2tiV
z@(0x_P%6=rD3&7hxu~w=1@O@N9xK9+M8#YM{RFLR=q!qC+w=51XOoEfDfB}>w@_by
zu58st(pQykHhgXJb)M7dKb4X7T=s?l`iZDuZ3HbEph~#pP$7n{EJLLsND_+!mU%GL
zicq_kK>&smjS&WW{J+gkci-=)B4TVhJr7M2r}K?J2G3i*_}Z-?g;}3(k}oT}l1lb2
z>yKFJlV0vhx-%#db6(;X&tT`qg`_*2EfnY%5M^ahqnpfwkSd5&zg)Lo_~0X7bQ`*A
zrPZ;ysqod7Q?EFgX3gC^CL&8)d>qdu|DCVCd}|j>d1i_G-Td)5H9=YDMP*Qdc&!Kq
z3cM<jTFmL{?jh5p>!sd-`YZFTl;F)Z8_>v_27iXqO%X7*2!T9S2RZ9xVpLPs%9r`r
z%~3kX(j+?{jVcBzWc3!a(&O}jo8<RNyNet&L+|=#gH*=iTB`o)82tXT7fL;&f`S5|
z+Ihd_Bl;rlJG;2l0**8?I(i+Dd)$_SgB&|v_FsKH7*Bn+fR}zmn#Wn*ne7LS#5hN2
z{ze6AsWISCO$?{+xTxCvvxd8mf{xES2W!ZK2W0ujL1DW=NgaTv1_D1@Fv+Z7NVmDz
zb71<{twyd%-l~w3-IKv^qE^fey@=l}vxQzAfEZHy*HMVheCNn`!XvTo)4p}nL=Ioq
zNb>2aCGN~2epF0y29E?Y<L>XFJA*1Q+<!OcZs5NI1J65mK`Zh^4JZp|*S+YGS9Vv;
z9;cr?TST{~!gZv<9@=0CuK&axb*dtYT?=fgJad(Mb$Ic#i}YVtVsE)MdZOd`fU=jt
z)6N$cWDoaFrqq&0Y7J5oT}0h<)P*tBW;J&n1?Q6GNb3?#uZn*+@cwVdk`uZ@)tu)3
ztfcr``qF68kTOPiBEigKV^|6ESU$=`>pn<YH(YXgmmhEK1Z`~(SASdVu7anF<?$yO
z?Ha6iZ&h)~F`ZqTpU<CNN|O4<)1uqapCpY)mhsx(Dz|*Z_h;{mEFlC%Ur2ciby9Ba
zzW3ZH+aPDnly^!wy27;~>-Pzj$<I$-<bRmRTa6NW60qTPZ-0B}M(F%gzO#M!%4>S^
z`+j=0!q)Ckp~9Z-KB@C+Rfx(+32dGv9d1ogoqavt^%I{*hE0}YlJ)>;^m!0iL;b0z
zXSH7FhLPNAhmoYa#42@6<mj2RXZcr4J*C(_efk8|Hg%MO!_gQ;6bL+DkEf@nqbQ=^
z0;mAuPfd9I*lqcO?B;q+>^Q=CmLMy?B0I)Tht|S6#b^fGP#L0fxz@g_bc~HZdhD?N
zy^cxv^3|`NFUXhQU!^i%n^a7CtSB{0v)Pn)9IU|o4QX6cZhh<?J@N><94PD0rd~M)
zRXA?~vGQ+0MF6qHComXl7Xef?-ZKTV+O{r=;)znxHZc)FCez&OK78m9)JF(F-9|MO
zlBEW(JtUQxobMpXCC33>1w<C5G6#mf7a=Mt8XtO!dD;khEh8gC#RfD{7XxBOrY<8W
zbA}S|(<qvQ2j2!fe!P9frjdk@Sj)3yV7>lhm>c-suCs(M@2~M(BY~FK@-r)Nzq5-2
zlx;13t8{(8&jss^W++Qs0G{@oC6=i#j{sOZ6qVLfblFflL#7eDRD9VN3x9sE^$|s!
zJI;}5KBp??YP-0)-T+?=>U)ZYdA6^J4nq2227xy-Ydtk_4Yd#dDL`)?Dkvy`($(uw
zS$FsDT?7J9K#-$`>1Mzu4P1#Ofve8r(m57IIqfTun5><{Q+*Du6voS3#Rc^!$S=~0
zCnh|7QQkjCsQdb&xyqfQL=&*i`!IXuFYo-B_U$XbmnBl3cA2KxqB7Q|IhUN;Nv<P5
zf6{`6)=~VCE~iV)je`%QJ)bT4L4pHP`z0KNeV`l?EY_fQH5_IEaJX!E7SMxe%tI&n
z*Z<N2#M@IND0QV|8pzDw_|02^`WDI&X`wbR63U68t5<TjA#{d8-3SVZ8DR3DZbb!;
zKhu?k-3#m&JUr4ztooS{{Jn8><l}`1fm+3S;y`Jq)8Ju7!OJkN#@5z(Qb2@c0;S9u
zDk?@m<>{0%NQ3=+<zI_%XY&g8q1IFtErLqwiQ3LAsJHQz(W`!FM7CZoag%+-&L0s<
zD?4pnO{tMSkw+mwN9$?FiD=n;je9&)2tliI8e}yv-8zGbTSYlKx6xftCcY0TQX*d*
zyy^R*O5}g2Ive0_z>EDquyvW@Iv|>=2XcuM1$@9<!uH6I(UIFQBSl5Us2o$DI*+rM
z+-@#$@e`;pDCoEs5Xc2P8T4loC6s)~)cRMR<uSJK`17o7q^dl<=37+)b)Y4Db7ktQ
z;N)LQe?u)-PJWG2phLBHzx1qi^}h+cix_%l=7UeRn@ue(Ei-&gCX~CN2n>o~btcN7
z>?=<W-FOQM?$QrXQ-kFC<i()Iua4rHvY&;jw!S{kwufRgsKm)0|7XyTbsfIyz9}wd
zg8h=<J*%7igA^cU|M9AB#$E)_LxA1FmOlE}Zo%1tZDouQH~{Qc$Jds%=<sC&_Dr>z
z>zlqpw7;5#r?QLmtxcVMH!6N46_@<B>+=<r_oXPa0+z;f_1e}F=9Ihcu*rfF3i33a
zFe5X##X|YD?;)&N&ZQ}D?v@8nb<E*k765Cc)Z!C*p*C21Lx`V`FN}OzK;Ywdx4AoM
zF_B_W{Y9ygj-^JNJbChgn8Q)nsOwOn2OhoC%=)3_{Sn>9mj-F^L-bNoMY`J~tEP>l
zuH|sf7Ak?Ch_A>BSF`j1<*}M|$L!bBt9KtHN4`1i^vz%RXiHUeO@jsM&4#SJ!r-xM
z<3p-8qt()<%KQ&&@CLxc%73H}gR4Ic1IyX|&nnx0HEldN4C1V8$}ln1@UH<(b#S^+
zCa$Nr4aU*iiyJS1%p?C7cX$8oe{q2=*s2hD3^kNP0*5JH^4bPU2ssK;A_NN9=o~sk
z@D<x@eUDQPiL2}B%}e5$=Wa0VhA_E{u%;#!MhK(`{e<xI{%h>`ORGYoLN}$R)fva^
zoH@^%TFrI$(TfiX)=*s`95Eo(O8%O78dY%2v&W~{s6PzET$tyk-{UK(ZQ}Nsm+cal
zi89e2K8j{`J^sJi`|7VO*RI>g1l>r8iXtItp@NCDbR#M)A)s`qbc#|+NeD`cfG8lT
z(y>86V58C?T`FDDb>{7U&-aaQoIl{4AI=yKbi0w~y080+xz?I<u9aMjk<e5NFV`q>
zyRA8lcNfy#x^)ZM_G4UJ+rPPKDPp;EaZxxgjQ?$xQS5y*)?uqv(ag?3CPC9&+jDf;
z6r0r9AFoS*Fi8CddeUcYgv&!xeL%l#_+9cS?pqIQCdzxDF%x3?^2Xrv_bdZ4@lWI1
z_JC#I?VW}#d<(KW&J4I`h$b}XLAY3J*6N8zjp4!BnEy2Cwa&*aedX_K-kkg_Wo8ke
zFsvv^qdM`pDscKdQIDH=bq74Pth~hi7YD^{c!(tQ&)&)-Ic2k7G~RCJ|4%Xd`vR*s
zC@2#c8!{3h9jB2b#dW3moftc$Oz@VdwQsvh5f>L7?GK4vsND_kHh%9k&~k@&RYB_A
z4>19b4KOrFOx|f=0<b|dnXh8(pr3O|Ox2zD&jUiZs~UTw8#fGebHNZmK}>kU!g&vi
z8BSD!&p|pyC2P@@m(^rMXuwz>Mn=+;!oBds+6JHRJqTox1H8DTqSn6_CS&|AHK$-)
zFqq)1Saal;r|7k)<VWA|_z#68z&W~kym+yPP~X*DcM`k{WhSU88ZD>1IC`AMPK8cg
zQ&D-=L8dCc9YSm}(#-;!n(-#D<HwI9`ynME@xtcVA=E#cx5T;3?mAB&Fq>fd+%hj4
z+Ed)%Tfg-j(-gOcNX#-fr<CE(>fBO>dM;5~4xRf7)gqP&$g`EuOza^&KW`G!_}Z#I
z@&Yx@@Ms8+Sl*>INx>6_GcF@cV&U6tC^W)<jp0?k{Fq5<V3BJ8DMmS8SI28PDt*A^
zrbdQmYT&TTnxIS3Fum#MyRqcA!oU1_KILR*gOp1GivquJ0z<~NFlwiskeImrtKcHT
zmsmlwh~YTkHbRS1?7TRh?c!`=X(=fxy0x}e-s;)m+!|RWB`FB~GTcrF`K+Miy%Q&k
zZ(yJ#V$6u9LTA2@C$)*m4<{f+1&8~G#q2$#3p<vHkh+<UF5z8#d|imHy2o-9>(i&#
zts+3_!lrtjJ96U5$x-tj&I=={J)feYqHsd@1M^sPeq_Pjz!#G)^;1%bkp8E(*zMk1
zjO@UFbm{AxC*I_HPZfJrC%8|;-X=HqlHFvN$^3OERL83U?YLq~abQD-@0prvmi)AG
zuJRs*2IV(hr;dxpDd|;}!ira32<^5|2#Ar@QRZm%tm^o~R1+J#YMrsra5CebYfF@a
zygY@t_#vll##H^R520@pnotn9aA7~Ja<VLZIzCrdS0|c<ZWx1cdr|wb!#<{<4K`ft
z2x4GAlVyBU%b<0`8`|vSakm)|dZ_!b_;H1=%&Ur@jt-g~Vt;?(Qo_6ZLyJ>wAmI55
z?NRrhZ9oyvRo;^Ed*P*--@k1Tr`IRG(uO<3*%T4oc}|^c*BalRc~deAP4>ddsgE0h
z)sIjpsB}V*{H(Uqgt$}^-HP{k(Wr5QZ&cXJIzHLjU#-Oylzer(JIX<-(0=No$;)oF
z;>W@;J+LdS{PyhCD^?0dzGjxVcd7`lP_Sr4_!zaeInnKEy-%e;c$)2mxwie2!hyiD
zz_H?GgVCPm$i}N0iPy4TePE$$Cx7#}u-SILptPQ&FZ+lZ>w#c8ZDqQ@C59v<DmdlX
z57K`2d%Pw1>2?{>BWFBCbSONZ>gkBEdvLSEmEo<)Ie8^%rN!U!UtNS%wD*O+m~3*5
zz5EluC6}fitNvlJ-2OBE%4CA}?vwmkIp3CO!=0Qi-Yq<5^yLUA=T1>_D0JmyLYZ<N
z<4ri5KOHw7{`qsYUR%yIOGtWGm7nu-!(c7?uiE8NZ>5SO^*SOhT?-uOoU4kJs%y%5
zyiLr2Yy45Kl_i&;V3dQha&X(uj$Zf;m>fHGYTk~g=*j#QS#F)KYIeV_*;e6`=cCBv
zCT49FE^UOXI*y61aw~mB^xd)}w8j%xt8^#@<<F6hPsxfgDIEfQru*sWoDE6&!I^&s
zvWkJ|s|3U>@lJ)cg{Jn`RXZkMZ8Gdyz9AqOwS?7r#IuZls%Y?iNo*`r&==0wXV1J)
z4mP>}@_aV<YFdi5BN^(<iQ5My7&$c(+gsD<U6gy`PaI!KDWZuA6|RoVy)>8*lmEuN
z=#8ms{_Tk+>#1E<%=EdAn61?q&wF*i$^v{*OQ6@xKwnyDdlTdvWfc{U!Z-Oz{DOko
z3y$#~A_}fIOWnF}yMhOjul-siok};EQzs=g^|sNosgV&dZ=Mb0myG-GJ0qWc{$-_k
z_r<6^8O00qfRML7Xl4QV;$)OrS#3#GBMxjRR-emra_JNuL~4SmGdXz8v0_W*SJwAu
zJ{UR8Y#vyPYYtY*tL9pdiq`3~3$e|f;M<s8e57-kX`?JO=W)=XbCNST|BQpEs?F(x
zYtAy_ZD}bp5SZ=ioaF1*LSLdU4`vHlmfRKH#n$4}s&vD;#hoM;8ie3LG4x)coI(*f
z%XIC@4BleP&EVGd_Ft_|0mRU6e7pB?5=KOS8=hqWDGgO+#6wr0I1LLsrJhN;lXD2F
zdnrXl%JTAZ>izqNXIzUkEbh~_PNm%AKeQ6J$w>dX_|}-Pvik;~qJ3AH$1JC~03V|$
z`S@zpdfn5p#=wO1N{6{OOIwxdIb%aZ*<u{;OS!lRKuh|qqhsW~|AHh*jWCRei_0)&
zluY<2G%nNnqdqETRBU2U$)#B6z1ypYsT+fhNpe6h5lqcRDBcH6wn;Zv`6Y*Nl`Rfd
z2Fir*)~s*sZfm;~=3w4_q*(aqQK?AUw^>;<qU1QGq}?-8Q!7BpBs>PRjmEy5HmT~V
z_}MM{kTUGj6>^Ww_4}{JhbvwLRSyg*m0I)H)Sj>q>$x=*-F=Ra7&Km9bMuW{VK95C
zQd?4PJ$4I=juserWVIgreI@g#hG}d6lZ-Z>$fGAnViVI(_Mc2FEgTg_wuT0BRR}<n
z+3W7)5L#&@Z^#A)2J|jQ(J(RwAW+;&f;9`Yj2^JE0vqlKIO#}U^Fnohr#_M+=GI{g
z(X@*?0xt}gor>CdY8oGW?<j!K`G}_oY)O7^fG$AJl8Go}-+=?Nv=Zs+SzAGpY|p=+
zY_nS}qoZJp-rUcY&l!1rs(XK58P&o2H?a#&nNdp*KU2$}$&vFTd{txxA9(2QWSUl1
zT#c!@xs4|DQ)wyYFJ8O=0u4;DJs9xk8Nm;^pAyt>|GJ>!*nIyN+WimW6HfqQo4B&o
z2OFJz!4Q&$Wg-`GhmK4A0X&2%Oh1&HUmQf{n%8kQ@%JLq@SiFxWj5pZ?bDmpunQb+
ztfpMl@uc?k^Q!=CX9!2w(;^eDJm4i0zO(sDtA()Hg|(G+Y#tWRGFV)B;SRh)z9qDV
z-8J5mdZ{UHW4lNx9<eXLJuD&bOYxOavz{IbmhE_@j_fsjHUq4!uWuYn6P!&ve*N{!
zSLN$`hfL(dLwvexkDojlifrYJ?<)sQ<W<3)NXb5wB-G{jYAg5oz+Ye=DNflQt)Un4
zPEARXT@h*zO(WcQ%D$a5pAasa&^IuU68!n>yTc)qwb<|Mb;oAP+2yvG8jZn%Cb!}Y
zlisiQnd|c5t|f_hAPP!K!WaY=HbS1%@QP`;{n4^;SWC`&yi+JQ<mIAp%|SkA`!|qE
zsNTMRCfw>&{;<$fH%^5}c4zwr<I3vl3jM5?MMYgE%KSTFx3z~btolHipsdBbz;0Ig
zWIrKju6SkVAFVuE5p(o}|ECysv!>Syic>HO_z-3YOd{i+qs~PrW)n9zm%qBh{_yju
zx*czV=vcPvIP~v;6AvHP!sEaeb`8nLbetOWSNXLT|9(W~v(t5|^JsBvN5}D)<?ls~
zzbL*vrWICHwni>_#BXw>qrk`c=*06*nX3yP2GpW`#X*fR8+M74TRo{AW}daFaA;1s
zIF0{VUjF_!<{gy+YqmB=d^K*K%s5(YxTWe1m3{0R?!ERQX;}Fq7ozHS;@SY>)0WNl
z)@{jD=b|)-2xHeU9jgd6$R-(l`YV)c&zqQctL0wt+YOK!YBXD@VRLqJO00Wa(RQ1v
z5q1_qUt0yEBhP7EIHktj&vcF{dX{_ii}wAc&e@i+8$oRYFSvRWDqnCZacD>`bEI*+
z`(o(GT60#`HE&MbD>yIIaF0^tiIXQ;JVl_e{~;58z$jbbnc*Q0o#%!oB7PkO2KxGX
zXJ5dE=pjB!{hjJ@xv8lspGtk4lm}6ycz`@GAppj~oY`T{grVNCO3V}H9J8t3W8M+G
zi)A}2Q%vAcw=QdHCPQ6Fk0<q3<#Ru+<-_9|^yR}l%q2}tQ<_3zW7AX2B@Z>lbG)ni
z@8RtrsY65v>$J)DLiQnCm?_{=f*J)E8SWSI##UBs0yT~JF*pws{!EoIkCwffT116;
zr)p|TKiwx>cY0as3>%iE7urK}Y<uPFyS)~MKiF#BZBtU9tRBu^Dt(!<oSia1J1N?m
zurSHK+Afw~X?XVSi74es#m12DE4*+x^Q0z@7Vji_{je45pO1H!eM>r(pV;?f!+>{H
z{UpD0$nCfuY*D|;hl0)vqz85EX29)@n{=l%&yTXp`4#@<qoj2!B0PL2%cnP-X10~Y
z)~Ty*xAF-$$my`29g=}WQTo2#mRMr;IyiduzxH2Lsrfb%c$l}rY5#KN(agnE+2;2*
zm5WQ77%x3laSEI>Tz;OI$lhYV#Yy(wy==9kPQQ1y`eb#4rU5L%ehiFk+S75YuXa@V
zImyGGEcwn@`2B%S%e2+sd7LuAt#!SPf&GSl1^m&{TKW0;gn%>GkHrl6`~>=QBTDMb
zRTnX{+Xf{BIW^qMuIJbmX8-EWP<HPrHllMfeQQ=2Sm|OHuT+5Wn(<4~%0siZ^jpyW
z^_=!r%M|jj+gM_{5HTI5U-YJe-EUuKq{^eBS;~x~sudAkY!ge|g{_@F-i87*pJ+dS
z{yc5R!+_jyU4NFEhvy%p)qE>N;)%*7+x|g;MdqRL$G4q(jz=5+sEBuM07A;N?iaP9
ztGI%g1U$uJZHf#%*Qa~^>1+v%*VE&;kIc-eDE4N|WS+;imTvV30;7et5wRg^OFgG|
zl3u=fW856He?~2h>e|DZ0U=I}q43uqr?M^%ziFdQ!vs&ax!-u1q}^TduqNk;pPwz`
zCEgH}r}zYl1gZbUlLU<G+*lqyzK?13OX@DwzZ?EqveA8%OSL0F6rz{5shzd;AZwo~
z>T5Z>w7Zq;_}>n9sY1D~4G*8Hv=qK0HF58KK3#_Spn;9QAzl?0@?z~rEiJ7iDTM~=
zKi{q#D0AR#qjQUQM9-N8*^m!5O)NJj7T;<4nHVCG1)AYQwU2^GFAy>4$<76pKhN@t
zA(ShI$aE8F%evc*i87}nkiaXv={Do1n|G7zfM4Bk$?D|&{I%JLQk(oP_sw-hzu^+y
zfsUjxTZPPxOb5ovLZuP`*hFmlu5ve)1ljx}$=Ax((jaX+c7iF^Y4o_2Pg->}pDnQi
z3oPd@l`ik0r-!XH<=CSzy`p0k>~cp%$=~PZ7T!d*cj}&rnc4mPXny-I!;Rm+kKViN
zypUEm49W0mY=#3JNpC;UZZ2-H1nKe#eDCs0ilU5PzL{K?4J!-(JSw({Rq1N;L<7NV
zi~%=t(+94QZ*G{jwzUmT7EUcJCHbHv2-~ur%suaQ{vhJpzt;*m7FjlWOty+eQ0n$v
zd+1utCm5o)U)65lnMG3GcdNODbf=p~KFQhJU*c4Z_6375C`}mU(F1;!Pa_T%dHh*?
zlGU49_n2wOV_s{2FKKdM8$MQ&KGMpb&v&&u;L^1dnP!_NR#TCdTaW8NUrl(B?4zSI
z%Pv9iBp<`qVr|c|{O|idq|x_&Nauib3@6FOdBZtPF7=aC{`}`tX4N$x$DZs>E%-S0
zS+FrM=$_IoZOz+d^^f)&&s@{gd;-`+2nk>*`fF-R?e{XVvp@%zmX;QQOJMwuh8c-}
z*R7`BhasJP#u%r<bvmJTEx*#W^&>sYzj?D|JEtWa$tYv;d~1K`L}MS|HwM1DG`eB-
zdP*agaR%@b0DFmhRlH2-#L=sR9H5TDMv9P#5P%fv8rZOeJ$pu2SpM+?&CWhcIKEuI
ze256DQ9h=oqceIgWpQxFpZCuD*FWK1e{KEH#E_nzbT~h$S6@zb4^W8Sa_iorP&<mc
z-0;4Du-)c0X;*ss4@8@f%-AUx2hMCA`uWqKB}IkE_yJ=R25tgNeUFHw4)LExUl?HK
zQ#(e>zH@i}im$)Fq3ctwsygbALwvWAWe|}K&E!!B2WM6`?&2rIPG$|N_VV@jJQc3k
zewjEB90g8`8?u{c*_40rz~cNoc$bBh?Ur8>tsNy1KrsdVMRRDE7FSH>{UaO)&&)d9
z^!+T|u0P@#vkludxOz}jT(bOt+|h9cB7ziPqGLU~_oF)Bt)C+Q|D*rkoA4l^m1CaN
z-nvY#zm=_+Wmy}yXx)p+Y+}co-3XYM+jnqDp>5Y;72?3}RWB9y@aVOP$yDa}|Nr~{
z&a@0e4fToOkfRp6Z7ItwG&FQ3CvKerL3j@r6OAMJf4@B=;0o@jdL%^mdQuZ#-8Sap
z43J0dIZgjRzY*EDytyy@2%F$@i?1>EJ&!N-I8<~>u(49zl1rzxi^RsS6kZ=XD(pcm
zs)+*Y&k0tVV6rTZwq5+Nm6{od>v5S=7%^`p{wWO3oC>AIhpw2{*p@4X;s{wfv)aKG
zTgf`>ZeAnEE-cKP+iiDP2L^T|VY^5f8JUCU?oiCm%@u11%<}k0l+D0WXdsY(vQLBS
z6{#;&rWGz{*3*4g7z7-s0|EjX$F^<T_9i7o)YS9@;rt1|x_%7lblV&Zq+X_^)ZRks
z)ouybrBR}Vc9DZ}(>ft9z_<9ocv6Ji17GzpIeDv-g%`RNUm6rGWx&Lg`00p$NDpv9
zCi7*Vfxaty3<$&C$;#Qeu)=xV)(MWEK~qgoXwD#g_^PzDcd(O{b!xVT9f99&QF4?k
z`>otp50m;(DnoA9n|do}=q~&cCHM65B7B?e1mTTD`AB}kuf|YRM~8{jhar2mn0irf
zg%R~P8)3L#1r|;g)ZOZ|@3y5ATKUDMkW2dudr^*jOHPM>d%HSG1U`l4jJsH<85p<<
z0|90urmT#O%gV|~4<9|cbruChn)qcQ!b|M<@m)MTJkQVG-i-j!6CT>~@brWA*cD`D
zQ5z-<ua`eQ{#@w7SA*QcHd4F!MNdypBBvk~$gqWkDcT0(U#y`__@x;g8;`jI?byzp
zJHPez2Ek2So$J8!`aAeXBrzjVfd;?_qodxJ#ywnA%dh_#u?H~q$R-jDV5Eo|86`J0
zHZ`&R88Y%(6ciMCdU~Yd;^J%C)d=*bw6gTQ?#QS@6!qgvj34oiP}PP0u@Z4IP?HDB
z#oG?9u)vzd0~vN!4vrnjVt#@KGLR?*p)Ayp$RIwX?Jb?%*w}c)^XV5(3b2HH^743z
zn039r=c%fi8h??H`-TfS%eS^Rva+0*AJaLs9&Y~`@9COs&38{)Zz*MaA3k_c1jb&t
z)RWrYOJ_qu!3`5aF3tDkaqb(JF$McvH?W?7!pmSY$@4FoNj*VD;~2pbl7={*oJEpB
ziLJWF<c^^sEY}ZU9;IbuJgB$2uMILMEjng5ZFdvkr}<^XA>cJLP<k`wzfvh&g_Ntq
z<*3@hGIL<MzoO9$b&|%_W=;)Eq_3}U8O*l_7x=tSo;oGr;J^zobzXy+X5=fijOxvs
z41lTw^Lg|JY@TIc7vX~nnz~9{`C<JSw|z}xm(nfl#eDWU6~;YE&%N(o;H)z|dzr$<
z{!&eWb^q4M{GUun44vrxTX|`=?hMb}0dX5!TSvon@uAC@)^IM30h<E%^H>L<*CGFT
z7lu1wVPSnQjAC&t(32)c6zAaW?65xHc6WYM1t9SokIq`e&5+w!>Q{AiCg11DijK>u
zf)#*&Ovu5Z74`J?F4xb}v$m#w;B1`n3_Sw&{~&q<$e`}b_|KhleEj^~y*0|%ht=>!
zw;pXi9%Sj``~J2sJK-2gEy~+%w}&DCdArYn+SV7UUT0)biINu~ydu4yIM2_=M|eeY
zAuCBG_?vpNcu|M&<AOmeFOqAIV2n*i{QZH`H+`vumPoy>i!q}XJNc^oHfNikbCC!)
zFi&b;mnCk}@SpL3#FhSr%M@;@`Ozs4eO-cBLbz5pX=!O0doJ<v`aXYt(C11`MgHh{
z*y<u7O~&j(5{XirO9&Dw$3FKbJ`XPu^-S^Gw>kLu_!xTH8X7!cAB<Ta0NaN4&k>CT
zdV7g$VP_|$jX&Mya1Hwy^X3wnCpEOp+g@`0c~k$~$$53pco>LY(%wE-?W2Nt?LpR>
ztq<sQU68?q9qo3)kxWKrSFHPnBeHm~pO%^O3kr((A)9R<IaM@A36=}I2Ru*|l)cZ{
z@zv(d$oZzGrn{T#iw48B&l=C@C&6xiW;8Wppm%e<cc#NAF8@QINR`8k?me0Roqf=E
z?}dXs4ZPeCm5_vWPQPy(Nse=S(z`xsPb~^7LvhXA5caWH=gFBR4pFu5ot?yz$}o@e
z4damyY3c0r!^iXO(OHM{UlPxL64IPAL!nArpE7?o$2rExIKkc55~J93Cx->b_3=Dv
zsrmVb2ulXH&DCE1aoPZXY@L~V_mM_WtY{IjBP}fr2C;nl=3+#e#>n}K+w`;gFmhYz
zFv%#xj;{hv*WKKNruf*;k}B9W>_7=1T!b3FeLLdp=Y}P%<F<TTqVxK96C6Us{WIOp
z#)}Nk-A;?#%i14V9q~2-BBDam8UW;X!t`&y@PhGq8C4WMr0#gxSA!!8b@1qfK6L{*
zj#SND%b4>9i^g8w-X})Q1DS<S?+Ig4NY=P{)8B{5Nm}_u*L>MFsytVj<4?JDyq64+
zZRf_>1Yt|S$~nUR8kfj^i=UxNLVsh?TD}lbh~ZPoam;K!ar!jOXYz9Wu86Zu<L*J$
z8s{V7Irq_`bDwML#;?!@yu8qlw@ZuqYKb>QOPgT4Zo0mZTS^p3-;G@i@Sd4vbN7pY
zxjGxf<qb(ZNw$1g!LX+lmyoyxMdRt-h<{5c$2D`4Pa&{^P!mZ2nta^H;b&6bzWqDH
zZT@72`Ks{7pfHh&!E5cRaF`K>$7&^1Z<DP?hYugV%`ESRLxQM>2wspvp6vIuIqR&T
ze72+v`4r=csCsYy$-D})&ZEP)FpU0r&hsQr!g#UWAn0;T3)it@52&}Iwrkn@wjDPP
zcvA)Q8mzMdoEiz!znhd$eEpPq8y3FhXgg7)xs#p|`xfTse?w8&wXs(J=PE(EI54n^
zN_g#MiaD%~LH|+vK*>5w!Ksmp>(37m!Kv^d=>cl!kPw!2R=%X+)>*rL?b==x&AT_&
zrrB}K?hz#?8Y3W>ysrHb-q<kk(wuklm3EfTwj?rmptB$sL!#)Gxa2Y`J}Zc2vX7Sb
z5iY5Mbw?t{RdMq4X+=9(8hgZo`lz}@ruq54uVgpdj@mC_x>%%5L58IIlb?H7UGed4
z@UO=$*T3+S*?FADr{?OThYzinXKyRiVqJPeDyz^cA^u%I<ibOg&5nS4_wH+Jb2EUC
ztR}n*yP3}Ocj3ykjXUr_Qc9ud^V@gtp2g^?AQrnwzyMsMg~YHvz(y0}k)3llA;MK8
zidzk}#S>3S$h3kAN08By+n~?%#pjU|Si>LI0{Jfg_|)I2Am|t0zFkF5lQ>x;PHS%^
znWHBLJioL3!eiQuQ3PYO?{Q4-jI*Er6$DqUL+k77DYbUkM~4P@PH2Ae>jt7D`dthR
z==-$E$;x7{??ILlrm^PjnOl%WDSo}mLvK1L5m;kbo_)LSMn?6qnSna^FsQh0WK}bX
zVg28rB3O~0)R7;|OzWh?V|h~8Pa+;C)SuMlCf@z0v_1ms!DaFQ%I=MG10^e?Cp&EM
zw-i8Rn0eU0i%3h86A?33euWQ}0ZJB>byz(Nv0|?yz%Uqu!P~vnxdq*KU{n7Z8>>KC
z-|tUV!NVxlQBtLYU<D!KR~egTKQ)+y!wHOO5zx_)_bhcU{S7;ci<rCp`@QhP<Oa2I
z5MB<NjAQsP!zz`^Ue`8QN&cQU^un6IJ~At~>+lQ4&^Mk17-jpqw7m&Q19K6*D=KhD
z+eX5}SMuh~=--<j9$NsrMm_){5X-VUh*?Tkml+?KdF#>djp%3wau!2ovU}K)IQVh;
zZ6Of^kf%={pc4lbJS_;*3zQg=wj`o6OBDnTS)c^sUBbb35O{;|>Q7TW2`q^X7pTnm
ze7G*c06hH!rwj%bPjj;6w$hFLqU1m)1;vx7a>41keB!Hfr0UF8iU~6y5+w4XaV=_V
z0@^j2f#vmdr}N?CIzz_Kh@#X%j{^qTmL=w9R;%9b%w2!;Xo#1{H4K*nrX?$$J9VnQ
zUqh$6yPML;j3Dx}Y%f_F_zNvDP;^5sWn>+ooLW>5b_<kajKF9xRQ-d|#*L&f<{tM=
zS3)F*@<O+L?+y|%J%HYxo_a9f28^W^Ei=DJBu*Oha4H09O^zW(faD`}Xqwmh8R7Vj
z1%vWJZkt8e-HWD!xAQQ^$?U1g$x@LLoo<{r$UOk<NL5ehE^DGF@R&~bb!E2~UW}d7
zI^5RpkFm5@%uI^1_9pSw&`%OEz>_EUc+Xwn=6+C8A_TxIUD^e*TH;rNE)SG4->OA9
zR{P}(;soGBR45ehFPR~qglY!Kn@<6iD}~8L-0`C19#}xzNT?)B6`jA(^@vKy7w@Kf
z)-^p(HXBRkKgI8b0(AL!f}NQwoI&?t=4>>Ompwe|eePNreTm+pm*x<hpb|3t&S55*
z#}Q!{5NU%;u_pRRRKd?4rx0sMyhg|elm~&&vBo+AsSncUvU--`cuZ<DzZf<Cf>@FS
z6PGfhgTKCi+`uJWr}znMkovJHLpMI&|EUOU-PE*=1i<D)t$(9by8g~Na9XYF7V`&A
z)bQC)cD<?Vla-PpBf!{y#@Qt;6JCEu49K78_JYUOK7IaL(dUK}HI4i_Yj@>i&nTRA
zKBvehH&l4zs0M;R^&$rzPilP4YQ9o)8MYl*{kc|gzcq;<<9QlZ3OUQu(9pr@<qKx5
zh-W_ce}Hc@rV)}JgPtNs%F^hGnAhu;LL4za*n$LJjRtb5$*9W8KB?$9U{93bf~A=5
zuFg3rA3jr2!=bS-!sG1>-*Qw@#l#-P4<y0J1a<q!ilwvfLb!?tD|M@fy4_YMA{CCL
zJo~SVKJLnwKmjn|_M}c&;jo411+`bVb*GUJsCMv13zED!ubzJ)pXat-Q1Nr3G|=Z#
z3bB^*))G{bO|sO#egE!+S!0bbL<~y<)BJ0W-L^24?y~Q7O=*oM`}YMu3kw^v;hM0w
zMuzwB2_4AV5c=Hl%Z=;r&byn?Ire@|wP>mHc@YsK!TW)pnZuUgl{@tb&^QK;vY!Oo
z20t2sjJ5i>!BL_FefaRn06$zu9tcr^AhGB`PKf#800l;{Yu>x!1_(if0N|74sNiw2
z<E2IN@|f->JwirhYa0f{rL?qcj6v_Ta?4FWh?2*f7L%-(rf&(XO;-@3J~dFOm>vom
z(o?>A9FOR{K?bo7&ZLJ}C^w4Qtw@i9f}{YC3FI0PA@ywb-|=J0^!m%aCYdOMkkb9O
z=KU9IW8f?HG5gY0Ms)K^+|(^`>4?93xTHN!eRIA|mw)Z-#OP><;(Dk1ZOS<J*U8Cb
zqU7MF)R?T|h6t|eY8Ph4lg7NYZZY}()z{X>274d&*;<pS-}AlXIYTREP$^rQ+T5@L
zI4>wxEQE2*KPE+yXBt^`#^Ht3f8NdrQ48=q<ye;HyKBj&i4I%5zx=Z&C~A4`r`bKn
zTCJIZAcI+$r+XtH)tV}zL>S3XqANb+T(qDbQ&lC2zFa3({+Z^vxM$CvUz3vy;th!w
zu3+^sX_eA5yDhQkxUbuyVq=8uvjs9NV^dR1QmD=){i2%?u_0HHz?6ECzUK*@J42}2
z&6@%P9hU_G5?lHkPtq(ii3t{7O>g)ehCUDcYqj$nK?1YnluQD@CiIsCkPWt~^eYXl
zk&~95Ug>s0Da)bXiw-D?wcvsnhXyM1ZS!hFgaE*#$U7s?VTN^MUU##lvyyvzm7o1!
zWnA@;0vfeUOiX-dIOc`bpwcTKCceUbBP1!8I1b`A*OGJn`t{(ivsA&n(Kn(0l%mRy
z&7CQ<t)<0l7cHl;O=8#~VK;%(+66<;ENFwz0uvJ4+I~b33#e?NL&og2_#piv2cO)k
zp_qRwCz0uMs%~>py)WbAue4e04MsVsyWD-f&HeIv%0l?~xcM3&E|^Eg+x_W!<Ex(+
zf$z}ey4cNBYSaGx`xAiubAPj*JqYl3Ra-lNjL89rk3=FwjYq*a#{o#cWw6rz*9Fdu
z!otI#cZ<U;M5;9ow%dM{<#L|lJ3q0T?SmoKkNFp|_7mSZ>J1f20%rC;|4&6D*+;!F
z6$Cq2I}dB)yQ|pE!rbOlb>q>I<zy$?Mjd2wnZEKbP~Ihvsv0>JRW<Sl!LhNYyWjF^
z0%2C9YZs!++5;T3Umi&qTFYne%X3^X7DSe%>uxn;fmKAaLDBYfJSrwgAIUs|LI`?2
zY!sCN4zZ(1B2Z`5*493K@!~PSs(hRfBZO*V$PF+*6B|1E-0(Qz-z6?7d1AwMG`*)s
z2Y-B(lXE>{BKYIMGuuha%ggHU=p>*Gpr1S%V8HnP|0pd)?+sqSk7`Ev3YdU?E9D8D
zm+uXcZw%{h>>%Q3sa&zxN(UC!-8bd4yUyRP-G_vwvtf5<u2pr0`?^_BT2#@a8By_l
z4$lqWJ_TO}xj3So(p%24&iwmFiMpE};?T&nAeX-ey?l>la@SlN!C~RBGLk$4@NWPT
zE1{6s?^*&oEP`(Y>v<w990Wrv_V}^o?Nxu#DEH}wBn88bNFPr7ORzY-L|_4s0osck
z&!P9#Rm>Q|mH4zY3J5NUziiFW4Z^Y@;YdRBvByo@?$(s@==l1sF^6(dA>~+(qz?h5
zh`0${WFnD3;72qufPZ-(D6nF-wjXl+WQ88!*@oht|LHL3ND757JS!`eUWmk&DVTcU
z2Zd;l=iGOe18_@8Nts6DkZmN~<I%OBp#ZE{;bbl5u6gyqC`%oOx%L6r0ykLL+u7*@
z#+>F~1cz3PIIGM_WjI_6>kdH?LA03Y+4vV#Cw7Ph1RS9rE6mNMgSG!dq!)3N1DP#M
z^=8xv(FB{xXCFgu^}yOpkh?f>W!^(m!ywDT^mIy5@`!Wgg`+m;t$-Ank00HcSC}25
z!I>!1Savr$Ei5h3Nspfp2e62X*yeet_ujpG7e^)9#)yLR1sc*0mhI3$yy+;R2|mZE
zv2U8|z+VSWX%5X!5nkta{&|jW8(T&`5I$gNznEt;vUevLSr(k`kP2c&?hyfs6!0+V
zCEEJn8(>U-h6oRk{nW_0(~sB7d;bRoD04~YXzzVZzuz*l@cTD!(bVcxsSh3#>-<4H
znZ#E>KVbaq)iAUhLTL~$e!F4Fe(8COoDQHR?BT>VdU|^N5w<(~87{M4dm?jShX9xe
zK=wP4WLES;paZ)bq{ESLV{_%?<D<t$AUy!T2($k))|rx^ZsXYiJk2j2Mmv<_+5?35
ze<lJepnf_!V)pd0hyh23BXlKQU5l@GNOq1OO?nbsHdx)PuLH|2&knOqI-}Kx2&aa}
zjb0)tfiT`07yZZwc<2Me&r~y~@;?_p&q_?DBz;0tSC>EbEx?3+<!+MLpy@c{4J9Qi
zf=E+Imo$$~3>Y9%Yj2y-6ye?PMGm=e>6nDVh@c_9?mr2lwWVj1V`Go%?;O6{yX`{F
z?&g)94}h8e&F6N^?+vzlZm3)a8W03e66l86)Y#igMIx-}fdsaYz|wx)JmWf7e+k21
z81ImlmlucWR`_Y{-7MQLTJ><*7I1KIG%lcZAbDubc9BlSOYpu%<nd%d@M>t9NZJ%e
zk1jG4z~(+a32)z;G{<qUE)px=K9z@$gzg^XEZcD)6M`)hF8}pxIV7wPaH;oY?%TId
zI%aaZx{qip7-?SsEC{d+g|^!JDUV3Q9h$DXz)A>2ubt(MJf|a`$P~)8+aY1Z#^T~(
z-03!)M~)sPBVE<iojU(u$%omE=;L%%ODk0?IVvP%E6aBDgW5O2AIjypq1ubJhnN8z
ztV1oUkEIX)XU`x#!UCC_2~g+D-$JVg4-#-yl^(GOXgyd8XaR8b`t?Uh)RVJVZ>%kA
z*%d&6g^7Z_XLb`=-l&c6@(?Y0YaBshf!LkYTanR9w2_Ji0><J+tR~g9D58+P^=(Pv
zA7q~cy`H~6g^z^gv>=U%50+^W`hP@hi#ISZNLobTaE1Kmu9IV9V>BoTxK@Fb2`?9t
zA%8alcA1#TzP^_>homOc#KAtTcoFuelZ8LBDg;BwZK<DZ<bFbN;WVKr5baCND7og)
z?0@pxXs6rb>y{eGU_D`z5zj4W_mkd+WPk{yGf0Rvw6!HK%^^xd9?Y9eRx-A1h4WPd
zPB-+I8rmX{riH$~0uN-+niDl5?i%9kn<a6g51zO<QyDvYRQi72wjn&uPI)Yz`@S&R
P){|r;6vfj;^&b8&7RlS~

literal 0
HcmV?d00001

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_pagination_with_after.png b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_pagination_with_after.png
new file mode 100644
index 0000000000000000000000000000000000000000..5a6accb2797608a6f0b30b1cde61623a992c8a55
GIT binary patch
literal 32398
zcmd?RcT`hb_cj_71(hN;L<9sB8@;0xLqhK@5CjxR=sk205GheWP^togA|le1-cgYv
z2!b@}AWeD)>32pw@9*6Aeq-Em$Nm2M80SRU*?a9(=9+8H=Xs|0)m7!F51%=VKp?0U
z<k6Z4#6BznK^8`N5U#LQ;YJV$%BRjUdd{})W|lU1#03G=pTAw;=e4jWIA0JzU*P9A
zc5vXvSsI%=8QT)L?eNZU3BI?r$61<L;&FfO;pgS&<>D3Q65!S56S^RP6cU9GenD<N
zAwK;-_Zyqz?fy0>#LWv0Tv9PMwX}1#Cs<tmbB8P5iC}4O_oqQV0d4_qzCT~!osG@^
zTy;=zu{1VwQs5Khvy~yZ=(_WH%8>36kb$oM?ISd8`L|bASS~v!6)v=_t%#M25Q<>U
zr|<sfb`gDdMQdRdepwaM3;eQH#x7cJ0$LVmGqfg*O;*#|QCQ0nEoyBlr=@BoWAA3F
zEN^CVfnVB8LsQdA(Oy``!Onu9hjT`W$!WV;K^J5_OvQw?<n?7lw6S)0VP#`wxF%*{
zs>5r`i*!}D7SJ#?SFmtXMe6AZ>)GhZTB8)q`4p{9O*|Y_o!qR|h0qQ-Ic+{$6=PmO
zRel9qQ-UD8&IYe4ETnJetis2~@2;t1g0zEHO*B+J;14Yk5l1x{U3+7BoW8a`AFPV3
zwym6~lQFNQD8H+)q65K3S3uK7P{r0%&rx5^M$iPMigh*7QBjh|NTYa_-0dv*oY4el
zV_9P*2LUYy4?8|lMOU0L0jq2aZJ~5zv9fyRDyEKVqR!U31Y2cMCq*G$8)-DklAtYW
ztnUn+kaj|;^V#aDS@R>EOk`c)f(NgLlBJ5eJwXZD&=GLduv4-XbQ2IknQ95xBW>Ug
zYhDj`ECDO3XX9pTuI=PvBdm;flh<=X!2`x9bvrFyOE(>9byaH*B_$oWCPVPVDCt>=
zT54mAO=TT~adz_VVy2p!y3W=n3OFHCjJ}<cf|7-jxub#w!4hLBKyWmL5$W2QC@47)
ztaaTLJk0czoN*?W8Y)iCHWotqyymK!yzbWK&>10qSq-$C1)qqXuA-^4zP34^n1hy`
z60fC(o`(rW!vg6f;;O3QB&)+Gq-dqeZ>;HV=P4@V%#W5+*AmiH_7v3BHr7SzqIktb
z`ORfLZFKM`4UDR#xt5HYiZW7GMb#Xo;x49b$BV)%=<%zYVU@8O1T&PVsJ%65f-H3v
zwLH`bHW+7BoP)iYsffCj8n2B7TGT;^-_!wbr){k*gOkzrAT7IwJJ!|8Q&d1i#aUZ{
zUscG)-qz8^Ru7}9z^g7IYe{g>vej_oQ`AvZ*APZ4yJ0nT<UB2v@aiy17hQN>6Jr6N
zT5|HzmV!DM7Yl7WlpsOG-a*OCR=|djpyTQ&Cn#qwh(*fSIH>7sz{Z!g;<c8wcT^`?
zn-#CSjTzd))Ll_nQASh~X=-fm>5h@rG9$p3I{G>qvW}L{7%_7}F<m5Fl9qNSeG0+<
z4k~z8q>v!qQpCbeQAL+zr*6;_X@Uu_n5jF;RZ~?ODJHKe!z*p!B5JMU;$mX1si1~J
z>hY@C$U3{3@}U*P+)=O@Nxn!LC4%9VQ<JuEQ{h)YJIknB!8K<K7dNz^o1B1}il{Ws
z!rfTk%+=V&K?B9>q3Z16Eaqs1At=dP;~cOi&Z5d9I6=G|QUePQI%*56C^~sM5ZnmH
zPBz+>mV%}xLdFD)8EK|8m34*1)Oi(9ssi?cj_M-3d}cb<ZuZK;77lp$THaY0>niW0
zEQYpl5)#nC609tEUF1YeTnV;%ngV<l!g!pEwW5o;pbJtJtF7Xpfaa4!nyZ;PnP|!L
zia5F3syget>Y(`*T$PNap*@U~qO6FHjGCMk60hmvDW)M}30HOT_F$&6NEbyJd3&t8
zwjeJO`fcZe6maAN$HHgDtE>RG3p?wW*^3Eb(EOG*DmYtd*s5q}F@BVcn~8=32IFdC
zV<luOsE=0{6Xw@*Mw($zq9RtV0uD|(yvjOq=8giY&?>K+vJAXaT0~S&OGMg<fY;Vj
zuolqLlhcGA*odJ_Wi4d%@b)eiI9^v}lr0YB<RWI~;^5#R=jO_5qT>m7dC0@_uI@;*
zJyKOb&cn&s7%qzG@oOr37>j61JBy)}MR9m%b0@5YD-2p1uZPwGZz*Q0!AsCrz}gCm
znrfo$ja}3fv3zoZ3N9#hOAVwOk`FDfrK+Nj)OJNWxtYsgJrvEg9rZ=|__Z8W+%&aS
z1r^=V8X9gWb&MLXl8T9ry|ag`xvZ-;Qd<S3CC2Y0i{aNKAk}nH1OZiPUTvhVqKYO)
zP95nc=b-_;0OJyr)|AmeqtT{%3TQ_MjEc0eot1~ZhNCdbT!vuJrz7WVZRKW)5mUgL
zI;+Zi%9z=UD65(pW6f-ZbyZX_Vyc#&db09xbVz%Ms>@0{d-5sBh*>+yqD7Im`r4va
z9yYqt4jKZ2V6L+EST(p0D=V+&tZYWmaxw9g!&@QE(W=Ti!eU4#w3UdMjI@HRIqY0n
zjE9M$G69X1F*8HjOA9)w=n5(z(dw3@(?!Grb^ub|Lq|pqiNql-#9S;D32?kgqpU0x
zkSMGh{8fQ;ir|p~I&yAq0!V2=Jt1Bh6-#pwg1M%pzM7DdG8W4xrmcfQx+&nS^{@gM
z*qf>rRt|E~E=n$<Cg$$Eq9`{HCth7yq?^2>EU&hTf;*pxho*p&KH5wftz#=9EJw0P
zHDLiwSvP%4VJuQpTGPXm;G$|{jWjhwBVFyVBGL{xUJJA$+~+E0>FCU_DF$b$tc$%W
z$uGgd4WIv<-M<fV`2BAfA|T_pyWE37oI@y}k=pJFGyPuL+Pcq#cjx0zuZFjaGR>ZO
zH@QL;nf(l3g{lhU*-sO4pD!%GN062LViV8(hpuNA*Pfmh>M=o?w4;v;)LI`)(YSg1
zn7w<KdzioU-98!QqcT4~r$^Vn&eLjM)KR~!gVbTloXG1mI^?37*fXJ-#{9M0+@6dM
zepbaCT@Mi9hgpUS3$}uGeIFr%=Dy6%zJKCtQr*V#ga#IyzU^yd^eit!79CC*#L4EQ
z@cjAn77M}CVov9|4T}99vCB!Lk1{dM&b*;(W%p+dAsT2}SX?q|POw~hnv=tWIz_k2
z@cTJ<1<oEmMjxNfCDsp+J}&U#=pI#&K9o%A+1R{H;Uo4F^kJ=*)RFtp+DsU!$z#w=
zHzRzMoQJk@MgFTnX%uRBem>l`xA6Jfw?}&mZSR$pT}NS9tgNi0ot*e9x0jS=1}YfS
z)6*@itfm$v!otGjRa9i|+}T0J+BcQ=!xta!?x(Qv@%43G9#`orcC7C1aDVx`V-Fra
zl)Z5Sv2WkLh=_>f?Y-v2>xqU1a?(~-SH#7|&#}Q=z<)>SemY-!`RbMHR;6`UHWKYH
z)({=+6C||kYQ8qp?LHDFV&hXKkY!YHW^r**xXQOD-;(mkk?HC)8s?;_Z%=b_ayrMh
zu)Z#b!Ne?i>g%5=uc%;Ut8Z)+*cu25I{0(dGbCFTE07}w&mX0WijD1E@iA|+5Y#Jk
z&1#xAug{f&Iboa9(n?beBqkRZ7dHx`5b+XT!id`)Z*+(c9(<hY$QYiRdl(u@MSk!g
z+x6>=h=rjK`^z`R<69=3DQReAm6fTarKQyk3_|_=_u&V6i|nfh2U+SKGNEqYK9{f0
z#i5!&eDUIi-893A69JZOubz|_TDEbxdw6{K`js}xXY(=}8=J#a`(?xpFR$yJSvM(o
zczE31-EY^1GQ7^rBu9iuN{NWjgZVhPxz&AtXS&!VGI*)&ntkxplvQ7u8?90d=iRil
zi_X`WNDaX{AZ|D~@S@4*=H}e@cGk%d1qB6h*WI|`25||AcitOL`T6;mk{0{j23gOY
zLtIOwSsrhyeyI?7I(H@%tcJK56&y_A@9$rlI5$0gL`q5u!KAB&CTH_sSa2|?@az~p
zHPpycMMa0i;m&`ou8#Jw?<+QTDr;HTWAi_7<kV1@$bcX5_P3V`{hg?c4wIeD)rP^F
zg*JDIL#ti4>fn~Bu{(=3^oVPAd?A#tl%M!hGYY@&?`MLZaB*?b?rbkDIavsvfjJl&
z374u}nQUWa`!$u3^TjTBbJG*{+l`dg+Z#(`zqXgZ4i69Cg>E6<KV-Uoj*XI<x~7CM
z(K0YV<Lm1SZJ=dke^jgw+#{Z2W7~&_c>MT9KyKCUYEDCzK@jH_Y4c3U(XdE{*4N9E
zA2?v#{#wI<K&X!6GaVWq57J1HWxaHX^3kJ5qE4ekt*Ne_p2KvL?-JWcqjz(2Lr4W3
zskW6F8NwA$71;I)k5vRMv>DdxmpG;J&okPWlhM-B=D8Gmt#hNvgK1eXMr~FFapE4i
zOY6^3!BG)9IywjFKE&HsrYox{D+dsV+S9dQ@c70UaO@b&D`nclho_DShuP;eKa*fA
zbDPKP?*1AHXI&ckTDUm-5iAz=%fb*6zbVIZhn((1h1WVSzTpIsl3CmxfhhLflSIYr
z=f%;{rT4)mJ$meze;u<I)$xm}pRx_hjxsVHsW1wE{P-B+hJwPO6;BBhQ`2{Z3037d
zUb1khT~Q<NMVUwzBRSZlagujDi`u}TkKDR-3&Aw}v9VF<iP_l%D%J@w*M=3-x`(T$
zbGZ#mUw$dG>%Rum4x@HoWJ8lbdGZ929B^rbg5^y{Ms$SB#uA=L>3{FuJBwB}PW^n!
z<%zGs#M>jaVKDB+kvddL>!o?ad<#17J9nZd6N~mEz*2`Yaw<Q53_L=2=FA&|N&bQ6
zpojv`RVyOpcynR~rxYhA6`Oy4zTi*iQf^)Pot+(qKUOTC3T_s`!ou<;@jCt1+AQkk
z&3K)8dt2L@feJ4^>rT#4W{ETOJVyCiDk>gcUe#@FZ8P~jJ^Ijl<tO|HZpal=Qc-EY
zVx&mxFLQIVjC&Rl(PCP!sH%z?-x-ZmE2YL#(419|*^k)R*f>fzGgx)&Nm^Ex$|3AU
z)dWA{Ij|c6^Jc-z@SFS32`?`%*a@y4InQnNCuR}O<N|a^d3nl#JL`sDo=KGTMik&a
z9~)b{J@K{JW%^XUewNd8%Q;ceIM&8y@b^S*i_MiuaB_8Hjj>xe4@XDGh2`bxC6qNS
zi_b4sG`U<j^DMt@(^H|NbOyx^WH-LDPH)Xu1rvu_o}(I8n&L&)73xc!Cy$}YVG;Ku
z1Vu!y&ZblG^YceVL?<Rv(|s6kijSTIHv#@mT2{6eCAAl=YjjsOh3`-U$#8oDTn1>c
zSnN@{NMX|;SIog$*6HQ1Qo+P??Chu~&z?Pd`1<vw_KpscLt~eFsQs#-uuwXsl^55|
z0B27+1`f8)OswgW{+&A&OXShADR+~SSX7fFXJ4LKtH{mer(zUV_IQz%lPK<StU8#s
z4rY8d*BkLVBZG7xp~>NBkkQmUcI^1^=pZnbR<Fa@)z#G&tAd54rH}WIUySMvzC)Kg
zH8oWl5T_8yfduyehgq@n<l}GspXhIS-z_W@c84WMYa9M_|G2!Gnyy`4bX1i1$}%mB
zBo*C<Ui+#raNA(VOknPM#SYKAXJH2(r2FtKRY}9pFbq0%^-frSl`qQ;ImX;{t+XF=
z{biT9xiQ)Ksi~>MuyGewR<!Mqc0KtDB~1F7n*Jh#-jTMsXZ^sRYL9`%5%1sEII~Yq
zM&^mK$o5fLa7zor)p4SZut_>PI#k~{4t{QE@W*7x$jAg5N~PuJpFjoE)T~Z-&8{(=
zJb6-4WPdIG^WzH^wzfLs@xr!eYQtG_wrwe|9y)Xg{3z|ivtpW)?apvy9Hkqbn27&k
z%{`iVtE#d$;sC<O$ERWTTC!;wc(}_hVML-I@lx2=yu7^V($iCUZu3Twp6e?cK@pah
zz&D@`4HLU(5!>JOjL^v)R_~0f50YH5m)HJZi>IDHXMFJeyWR!jeP`!wD+~F-zP`}U
zkr%JF_4W6Al(mq7t;*|wSq)80P)JEtakFNmrXFDPSBV$CoWt<!MsK-?fTorf-RaXr
z`^t@jWMpKpgmJ>QPmjF^=fmf-?e4wWp}VlU8W<Z(PYOQHUU#LctgIxRd)ph!D$;%_
zI6U4M!VH?7FMfWARH-Xo=~-DaCMInB0s<<VHo2efQP4U}e!HNpt9zB{;hAhoY_DWf
zLgIBd>5PsSB_#|u>e~EazgpPXpp}$DzMUQr6$Miz9qOMye{P8M?0o&^4V>lsmX?>f
zo>rBXp6TxHwy?LSXmPyIB^uDx-k$vYIdWs`!#xUlRaIFtvsc}=+Un|lD=W?!>j%1n
zNQ<qM(i#_#Sz3C{raSil{4`hx9sGRDd+`7SKxx}bcWNG-)GM%xUP7Nnc&~MvH|X4j
zvuDgTLSAknE-2$Xcq+nA&zR_FWJbre6#?pJo>P}oQ7Q$NmX;stAF<P&Iu$fJiZdv6
zR+x;+&xx6zoJ<$j5G9N&hn^KXmZp{@tFQmmsiR%=(^2d_Qg<>4^;4XztYi=jz+}Vl
zG^IN)CV9X3k_RhGbfy|Hp~MC)4m^JRILhyU^Y%|G!85_M$0TgN^Og;=&8S*hUJjyV
znTz^b_^Bp@p3m&d=?hfBK|w#jqVE)LfBJ+@wZ8Z5n`S^jz@?<I>FJP_l@-Y?PA3Tn
z&R**G2WG-~&1q14lx-hG5%|}1sCs^8KT!z@CN_WYj+a;)9lYunzE>``S(BoWiLXV=
zPj^VZ&eeL<E`6jf{Q78m^}y?#ocYL`0WlVqmPk|66qIBLv+eKp$E7hYE(PC=tidO6
z*eX%6X1sl??!hG{hV{@MJeo^I#X3FHo!4OfkP1uBZQxf`RfUqAHkJ)%4l6DeHP^lO
z^U+5Lm*3#IaT{A(;Gci2&Gs6Oiv(nn`j(S*vnac9R(ijAFeeL3lH@c+MiIAB`D?1h
zZ%G#}UQEf)Z)Z)?(bIcvATyg46?Gz#)#Ya^DGzwlA%<h9jgJ@i;9r~Tx7N&sjTSLB
zI~&F*VmI`&HDzI8LEV!@SF8S-!w>?_FzfZN?`ku#dCGQ)YZRUp%vUj)>bsp5f*iI>
zGoKB3W;^vNJPW=_^78S~!6LrS%9_oXdUP1h^+#4Nb^&(ok6R3|d1hh9azhyvw>CGg
z=u(y*!A>+MY8kanI&)O`^eV~A6RVR<yyM`<r_26ZT9QvsD*ehXJmF<S;rI3}@0TY6
zX*_RauY7>+hf|^IuW)nAVzCTMOG^ocsdf@;-%Ts*>J4w*$_Y@YzEM}v+TI=j5yhIP
z*h8nEEvyiy-9QgP9s!1cKRT{^>&{92tW)51e(i3}N3XYcc3xpW=<exh0wJ5k8iUKs
zcfNqYK(KF<?O%((R@&5}EfZ0l;Kq5uyetaz1A>CsE?kg#QfSq21uY|EygJoE@&Eyc
zjz_5?2YvVMAl^R_FpnCEWu^u*SgGfw!CIO9Os_10j3Ff;6XK^;WRu_f_czW;`IM{0
z;O*h$a^Dz>Wo7%Gi$4OnO%(Ijx^R~8^#Lzh{VdF+OGQNm)9&tW1CcD~9iq%DcL|O|
z#ji8h-R86pS_qTtk3_6Otc*nSy3Xj?43sm#IiVA@$M?nhyDo&E4SM$=HgAY-hgb^#
zlhIQUmZp`RT~d-+KdaN2I?47V1H*m8GS^j4vAcKg!bpNu)8JV1N^*95duPivc>Q=M
z<G3CDL2~j-zVm}sENuQSUa%!xb2-fB58mubo7Cn{b|SI6vIqjKfQX2rsREiPDXXBX
zYPGD5U%#qZZc#X|lxMeEL@iiTVr#>CuMcwD*xQRt7KLs8&TS};96l^<V`GyOqoJ;z
zZ16$9(pwBo4jba9OaI#ZU^u;z`}3|w#}fqBX&9x>uBx)K_NMC13Qr+4Ibou?=7mhi
zTL{<i5fcz)<uz70jvO3-MNp0xriPRMC|#z0!QuDetQiFbC)xI?sj1;hLQZkPNv6|N
z431xgA+x(UyO#9`qP)C()38i*iWx$JNB6?c2p#sUsMKxbrDBMB@+6%~Rot{T)ToP#
zl@-b0S1jeOSM63|loP;N?biS)cbpjEl|qTjG$s~*3w$4gg~wc9$@fy1tAb}#Vk2~J
z-aJBgH#Sx`b}ai=)d0@ObX+>7s!Gb}&T5BbujHr!DOaQ!hmaoDD1LAd(gO(1Bd@Z<
z0N}tErq;K~EG|CHE*tu@ga7R3rxADyis(m=o-4y}<g~R<kRl7t>*C^P!Cbmu(K3tk
zdR=H-D2e1y;rH0vT%C6OwJ^-Re5R{_Q2))UpkXO}kCc%+z2!5lU76Z}%u|tl8jf;P
z$b=w@o6q}@<#kg^uIHU81)BW+{rhmJ&+_3;($k~RM<GRoX(lZ{^v%$2gn?7<E#ger
zK@s}_w2=`rWJ~*gM<uPDoo2@psH(+DnN;zeE#Vg_DXeS~L7Z8bkiYQ>!pB=bziL%S
zw*OCW28=#GAQIK>Od04&(WiXQROeteuD{$v%i{$v4^K`n44ZJ0kul?o{r8~$)%<6X
zktsI1bRQu8enXy>A{TA~+4pHFA92Lc?#>p+J*5!J7*6a9&PI2m{nfLLklB(U;CP4Z
zyQyim%@*BU4en(0c7<i6&aGRtVY2s<lasmIARDHn)5s3}{-Ubj^S*0#BRUw2zK}1#
z4RD5Yd9n#yz1lcBS^eY354)|-E1aBYX=(qORX`dvo*5bB;_h43=Dw^XIVxz`qm-9}
z;~<;Aebr83V?IQUD75mmFZmc>uhIn#$N2#X2wm`TOux4zotPdD_p*seRW(8MUGKrU
z_4z?vPpP5~@cCs_4JvCz)?M7e)XJ(4|MXh!;n@%1aS{xv^J>EwgCQ~!Ejxn_Cnuo=
z7u~lP>sotyre>_-Ae8u&jJyZ;y^uRdvh3sKzkY;#FLTSu%P{^iol`aUt?M{l_d_^~
z>krW|ixa_Di<O<>Af@V~^>n{aq2Hr94-+hFV33fPL53)H7~WS#dv3~<WVfnLi$7$3
zZEV0(2vR;{Q0d*>-Eq$IB`LKN1FSNjEouC^(<r6c*Jrcs*N#d&Af*fmHei#NxVT&z
z%;`^^`q<y!e>q8I<@Ik%$c0?e<Y&us)r}ceR8Slh0}6d7m^GySK>5lyrPGq$#T_+G
zO-)n$CZ8zd8@~Fi31oznm6fTCO-SvPbc{`=B^9P`|DdmW`&xYYi-7xF$;4St1M#hy
zykBEHzLt(mwp@jF*R4aiwmN!Druocm-;HhER(iL(Wu@|NOx#52-Pl=k10&DLRLQ-E
zfE1M==#Z9{=^d#rUw)d>G%&Eyx_sqIZt00rr+TyxA3mJP4e^?AG(_h&4IW2EF1Bl_
zb?<Z<8ym9*Q8D<pw`*rinOnbe>BZi(>CWjqbu(NH-aJTg^Fh|2uJr@13A&r`Av(hL
zZT%6EG{o;CqsTRY=k5<z2ao((9C5|&wx-Adz|(v)0G&uWRaH*sZYB|llz;QXnaD9i
z$f+bHCA}X+yk>+I!5t6E+`Y`rO#??<oRIY?6BCn`_I6yy79%6$A|M>>05!mIGD8va
zn&O|^XCV^<;Hvul-TkEScec04bZ>VDHsK9NM?M7LPNyM||6b)QRcJr>&~c>JxFs1G
zCun&rxPdhn0cO=5z&hRPxc$o!4#eR=dLzH0A`#ip(|5tc-2OzQTUcAGJ;GD&2WeQE
zn}cHe;NO7|iJl}xP}rCRbdYi}XeWgDnuMLfC^*?(JR@OsFyjBSZ=7uUoFc9eo{;0p
zZs{TTV<0XhPwV1H!;e7G>n{AHUtf;3)^AveTzMS1`L-5~epo}A)OTy68Zqt%K3|O;
z`Sg<h`K{8^8`ld{E}79@dB|M5b7Z2$UFgs{PXel@wffS7?t8u03sHNqMUE!lLW)bL
zB%&^Ge795~5@$$Zx{b-?=aeb^Q$Oe{?|-3{x-qO<*6JX1DD3j*Q?WrfiNjT!jNf!~
z(AzJH)D!PCHCxM~+eKi}>N#Q(#QBA@>&6b)zu5lCD)`E1*5&f`V<Eqa##srCvJ{!D
zbQ<%&ZNc-JhoFw`$V!y1y5|DoOq=Fbc@%SBxPaCz6u~xZe^(r_{u;?DBIi_@T@GxB
z3XGj>=lGPu$KGU@I=*xv!H4VYs!Sk_5rK`Z@ppq?62-0TCs-XnvkBr~UC%tvY2;Vx
z->dq49~vz|@-p$xk{*KnRl#jqMo2A8P<5kQPGCw&VW+}Pe`38j*j}!}L}cCM=bU6r
z67iKamWD^@kgkK-l(lNlF*JJow_S#+F*7hqen@10XHn|YWSKg;fW+Au%zxsNM&lm*
zo;FbrZ9M+RlD|l+Gkfpkh21QV*Okv^N4Zew_Pc*?_{5VC{-AB}`Q?eAHl>a9$l`MM
z=aEHJbQ%<-PSivGx)_<XO%5Ig(!8ZhO2z)`yHyU`JA*q+4{dsb#{15u#fFAUNtZ~r
ze!dClD0q=c2nZZ@w>=W1e3?s1N;ulyym=Gx^yz~)Z>~gkEiW%euR{WQJu~~>L23wu
z0^{Qu(d5;FYCqDewysm16+PM{Ldd#;O;cl^tT#?Q&m!Spc3C&eNOeLp-<L-dljHPV
zn3Zjc26gIDWa_I|(&!<;I6E?Q<CRIcG@3lm{Hw6XPTp6^dk{zxhaknF$(U}4zPkA7
zxY`XgFRuP5k@6tbX+Jmm^1$)(c+AP9!QE4A-%<lq<NV%)3TDKbUkVfJa$FjV&D78N
zQ7>=6C{fxteL+J*-fPqHr%c3)ju)f-Zg<z#m}5IITK6(gK|{OukH2bs@KAPB;A>n|
zZ`&)ZjvCw4EwI3ZFGq79goLOV`7R8R37!elJj2MS@~W$&Lrfe;_I~KYJr(KJWaR!<
z@9STuek}J6vN``C7aS<PUwczTBj&09SjZ`9^xNTzbsPOx&(CujhQdU!lyXOxxux8m
zGl0JAei7hkQ`F7$Ga?u9+4It_`E+i+pevdFLj@}M3wH+Vbw>PjC+o<q-Bi=c?|PAw
zUEbafO<!r@;^ow3arBA>cs{4xIcW@l^uIyaAmR}8ilZ&@WG*I4Kh>b=%)+k`y-Ekx
zr_1&?4ZX{KLR#)0S1~Gc5o2caUmq~SweeG5@U^FMGOhIdS^9F?S>AV?;U@*v&ttjS
z8^6wNb({NoKhL68xJPj{r{m&<;mzf*Dcq9G2=z+i{oj&24yN1LnV~v6o})A>EhD=<
zqwK%?^|h!+q2<^+ny7VysgT1r?a8vT5Ptq*1c$BFE)8CDnrs@T2VVxa4+^EJrC5AE
zX25jq#ASW1hR&=!2ijwgQegXuVcl4*A$y{P&>lzwAXJW?I%US+k7YgbYtgDR`Qo!1
z1Z1U3O<m)Ws^xXL2Dh|`rT)ta+g7wjzjo#!LKF9G9v>5?A5HmH&w4(`z;1C9C$(h*
zk#wbpfK_Ortr8Yn7oFt@vY>SumLMZ?ok4HYrOM5hF9Fl3NI&FBHyRW$v^nn+%s5i}
z{72r`sL7xVOWj}^na@jO#bTDnR@g2X6;dG_b~YxS(<9%+GaerQg8Vl0p(W&;<-+aJ
zug}6lZ|$A&q!Xk+i7jtN<9xyQsG4!(0O~@b7iNnF_aT5XImgC9J(S2mTB*Rgy{<iJ
z+$Z0Z)YtD{{TLa;7pintdF|agk#@efyf5a(KJD5&;l&5+^~)t8_<#4xe;;mlx=NbI
z|EYlaH6t5q)J;RCmQFMNoRWx+i0A_qlq>rW4#8@%Z+yP^oc_aX*DZ<#)A~0dAzSZM
zcX#D|mJ|?D0hwg`TRit95y|e|{6A&X-?>=VnR9TgxnGSWCV=0r|NJE|lUDK<g3Ui%
za+4A`jt}J?%jeig#6+}50z>Z8_;|j#*uBs<Q77_G(06NlmzOVWz5B|_!$;?F|9*Y3
z19O?Mo!|K9i+rnUzPTPHTs1PU8ynttOYOzhOt)#(mo5(nx6q#Ud->rWmlX<t3Zeee
zK(LgSxX89eY3r-G<rUYnC8MJNNr`)|qIdI-M7GqPIKR)1HC}(?l}bxUa%y?GsqcwX
zFb@q?J54`aIM}wpJ3Hkz!#Y-w7#GMb09H_>qk|Ch@;m`of6e<BFB>~M9b_UvfP83b
zqE7K$W-O*=d8kpf!?nAxbz^%hOyp=8fkI#L0oN7Dl=2157M9ZT-L9eme`4}lr%FgH
zKHK2Ffyv_L6KbrjZShHFnhHw0z~GeB7aw2XpB%xCYkTjOIN>v4j~g)Yf5LexXrEYN
zv&hP>U7bi0@z`uVn%m>+ei~R&`9zYF$t2W22%opuzVkwh9syu*AaMv%bi@oxF3nj{
zKgfy20iqy*sjjm<fdEhf>lYOjg+M4ODkgVL(=jrJ00e0Aao#t)j>Y#ZtM9M<Yqo<y
zG2b5Bg?xRj;ePqj>&EH5)wI~>Ou|%QGJz76RcV^BiGg{(&rB9epB}*;AdKJO@t>;j
z%IdKjm+njyvUX^yqsWpi@*<_WM&w~7B@NM;g+2QCO(7PR$lgG(<{es+|8}9lLiP$d
zriGoI@RNC<OPJIKD%P11TY;HJ=(*q5)lrag?8-Y^EuHC2t=0L3g(mX@6>$u7cUuPr
zL|GU^Vy?TDo=DP2S@7Nax`+JInMLd_J(-kk7~;EE<a>{Jd-ux|vq4kK^m3<?F56tq
z{=SH*xrb%FMe!$4d%CL%3iWI2B9?M^_X<M&o4$f0uyeN;!!52{y3t+gB7a8w^yD=r
zKbBtHSWrOnWGB}c#(2OwhwOGe+Z4~2uuw7t9E){oK1-3@d+vn?U_>WFQ5Y0zzu+0_
z@h?wIU5$XN{OR+{xKOVCspOq&+dDgsfbvLUjSLLVZtw04E)MRk-m>805xDFlMSf+3
ze@VCMWA1??Eqa=Lcpq!U&*{hIjaHx4td{Tg5fq2W{5q$m9tKUBDR#crK=^sdJ&f}$
z<rV9;VRs%$+qcR_I-mq`Zd7J6dgzRQv;c;@Zrre!FZD~oc`-YmW6(V%j1v+fLp%+6
za80^%t{*eQ^kP>fD+TY&%uo&HEVVPK#^*5fUJ@%w8c^x<$6@15eq3~PwDI@1#-c7$
z+BvcK=KCXceA_I$WcaSUR(%b-b<Lw*?_c=jp3TmpUWJtX$|YWp?qU@T%8Wz5p&>!z
z`U@W!ctso|!^r)M&)z>cd36)F0cL>VO(1a}_pa(@>#aNkoY1DP_??>S3BaUCc<kG^
z#zk3*N=kgrKh<%DC83>VCtbM?HSU^dgwI<UXAfVeTUBm?o-;9+swZ*9gUdM#0S6@|
z<qhE03vIehTD?f9SNTODp^ovd%?%A7i&?I9IY;>o?$A8Z%}y@J{l=ZT(ae;vt@XY7
z>I=3SrP#IaYV>q2spGBup>nnEKki?A>onFNc~cm5N<)f7dSqdyqrUn~rKhR;OmpaG
zWNen7ND_Y-CB!0%uOQYtwoB><@$<{F7}e~9t+^R!TpiTCbIRC_Gzjls4*3HabIXrQ
z7LP|=oKDO&LXV1Cv2d9Jm42G{_Kl=J4{6)~1M!kTh1#UO(88_t&CEWPa{sGJgRWDa
zbdOA5-^mXhA2(BeCeENDC4Qh!7ha}412iB2C~mGo2n0M@TQgsYx~Za)6!j}`*^y@=
zC{H(pc=m?v?`1Ik630j4a$jqtkU$jx+0TkOz0^&D^!}v@WOH{qX)*SO<?eJoDRL=U
zg@s*X%{B9mvxG+Gv*%vys!^xlzYFr$1{@;g`inn8cw8-`><>Z282uNvordH;PKdxk
z<8%C8;pVk?r8~xC&8kULGdiqn6i(w740nY1NwDs<?4P&FEf&2Pp#N9SpC<=^KX0-^
zOiT=v6gr9^SeP5E8l1jX^Xb!2YKwZlg!^s6#$16zetXw?DL1;^SJXP6sw^~gcp?~b
z(vWfU`WHT?vpofrhYn3HZI-%B56#Z@^R+kDKhmr6k?85|ZQ@P=(q+DKD|_j}Gcf`O
z5LIc)d%#!%DPyiV;L|G>mdD~X!<VsFgCCln?!})zO9xui(^g>zg$prSTE`F4oFx_p
z9gJ5rS>bPwjp^CmK(|YYdFE4jg@-yWjVe&FNS<|@ADDHN4C2&;FpOq6(QRPz+qq*1
zVcQ;{p+`SQI<EZG_>v?AP$nShafY3+Y|mRQ-kN`9P7rn62f!BOs~Bl4s1!hf^3Jr5
zCN)9wPS4!*_io6_`5b?s;|J$~OaNp$zo6iGRu(l-<$5Jf7trMKBKC7S{rmRscbsWq
z%@+~YH(-uBF;dp`k>M@TAc|eC(P5?jbXU%;c~@rWodk#g;8+7b(D@Md!-o%$Q9oXC
zyLpol7}h0yS=oc2UU>BQu|EYZ^9}S{*I9kM4~nN6@Hzw{Q8l=~pQ^76P$3W;3`MF*
zk~9_&Xu)n#1TPKoNlMB)_eB%5oE-3qth~HO;W@oLGis1o$UZ!KpQmd3+Y1+vjgZ)O
z&OtcHAS(IzQJP2z(F}gs>Fz_isl77{_t(ZbLKHndo=k|B3@f6%ZxELv+vw0xf0~S}
ze%BbW0sQalLFl(;Y(xRfU!>P8_^G3G<(pF(2tUXKq|pw5rvoj9M3ZzjUy^?Fxp2<3
z_Vod?8Ok8A&~P<ps6+RbjIwelf6lPgQ`NNUAZo@aq>9w;FH^(~cXv@VIjjls;lm(E
zR){w;I@qpUISe2-9J4@L(HeFoC!hONTia8f1-v}n(W8E#g~8!)LqHpV8G@{%Hf+Ep
z{;ltxPx;Zap=&WQ%u0CAGd~86{4&2v&2~)C(P2M!vzuyz{?H?lHDr^Tz}lz>q65$d
zDQ7DK?K}*GnuWEsR<=F^Gxb3~(CrW@Nf`6!__#DWxz*w*GjsMzcP`8}NG>vg{~Fr?
z1PGvXiWa(D$U44_Pl8YcLVFNXkRe{CrmnhQZTk*8Ke?-S;JBxoZSMB=HuyHPWhb(8
ztgO#RPFY)9$A0T+@q0Yab8fn=sW{h}Z|egaTd+oT{pmzLoJLivR(;QJc$qq1-?qs1
zbtUM1xOJWM_4T8!VgmyMVYX@k#UXPRFJwG%f}9TN;ZXvF3PVqTkf7i>fQm^Z!K>MU
zie4O%2*e1HD5Lwjudgr4=cdgt*fyvgQb2PBE!8(S*FKZ*f?@L7_6Wwu9zoR9)STus
zA!pXsPTs6_=_@%K{IPA2buqE($7s^Wh^1C5?eiB`rv!+^%;!Om_#U!I4UDCuf;gu{
zAQ}ax8-FRtV|n~Zs7FUPNYOw#Ggmer)pg~{73FMi7qio>;QW~9%a>`un3Z4U+$^GD
z^MCsEOh9mOy!eg<uz|*BG7n(^jQ98{F2UEuapb3kh#6&I#bTB3>eW2m20eoe@%27J
z#kGgTP5&O*T4G3u)~*@2rD}tE{(zw7ii7c5aEv^9=$K0dfG6dnhZ!nKzPn-|`%u}8
z<PXh?PD;u#`20r1>OIrhvo=m;Z*!zEw+ue>)91cYO+1{1$q?);3LI8E^@!3}x_(1j
zgg>Zt{zMgPyM5ddEXj8O=MVIw%7f=}17L_iC0(9<4QeHrKoa!}tB*`;yQ~{Vb$1%T
zI61I0*O~8R(Cqe+&qs63zQo;yT{wmr21c1|#kPJbL>N0TFwn3@ViUkj&avsey?wW-
z@qmv_qzq{4nqM_M;xlXd2$CHHFHS>hX{nJX-r!hvdivy=aM1Jcbco-OFGnV&5hS4x
z2&|$voUbK*KFJOdiwrrmOj30CJ&Z_gwNM^lId$q4#3$T1hM=%w!UPQ(y|J|VvPg~o
z%)V$x29O3q($n(on+doFmS^1F!+}Oz_ed<)s7(a}!~UNZvGEBBp`=)Lu=36&PR<#Z
zL;xS7t{>VCico53YLc<D%kH+cwY8O3Qkr%uYliqlRrO(aoy(RYNVQz&`Yema)@uRr
zraO6ZY{n`ASj6;jcG=pN=~a^0Ws_TQ&a0)>Q-EI<8d{>&43jlo3ZEVb;DTKNDCDD>
zFGAi$v7qp{{W0JW%?776aGK38gdJ9Xn$~O5%7ukKij7U{<06KI=`inN-<brmW7^R6
zvbDhA27{yw7@&w}&u9=33(Eq@4vrG8c<L1Wq3RMKxY1;}v!W5c<Gfk`fqJ<vb^Gk|
zckk!`Msac#lD}{|x4l|}-PC)fRqiO=iIXQUx1|9c0>na0OpK2Je~@w9J4g;(p16*G
zVIZfVh|f$Z062AE@pep;(mA#=Phd*kf!x7dxB64pEni!wT#l~Vh*ZfnW(L#lTs()Z
z3fU#yTELt)o9a)qva(iG>USJR_3HSbh}u&C8UWTC1E4-2_xpeyaQxe&x&e06)7M;t
zLvfCKyLT>J0;Vr(Ff{ae+oW<&c7F+h0!TlOG2nfLxfp*fUbZ2%mPx2{ZGQQRW>208
z#zbm?q{s`aaRI|Q{>8<`WycIhg-Y?c2Y}L-coABXJ`bENY~>ZL-a12}m5cTEl#d>`
z%zbZu(%wGIlD;1mvngtV3w`y9W9Iw2{h$c^P-xprI?=`yb$l5ZMo4m=Kk~->goFg6
zV9w+epY5Qd=?4EzA4F`DY@$N0w%B`vpA_PMOGUvs4V#xN8HV)^C^#S^W!E$`G|C^#
zj4FaU;32rTG;dd9<L6HP=lTE6XbM2uZ2lLNVv=9II%wUQd6#&paf;{9K$(>6d-4xK
z1WZ!moLO5J#=TR4;L~Y+&X9`fTKnZB3Ba%-eG85;{IyTLO79YdiNp*{mgcL~v`2g(
z&!7X>k*h)iJ|Me;^NFOT5ax+jqknwmFN^UD6%rpGFM|ho{8V((&W!n~lc3oPY53~9
zO9*LbQ<K_hSqize{n5r_{E7KOAK|N*^WJ}03{6^s%Ut=h@j{IWTWh;2=Ygce@O!aF
zo}Zsjs{y>}nZGK?FRP?<L{n3<rKRQelBe%khLksN4g;HaiHB$Yp1uojXy^xfO0j5S
za(@2Ga}vApg2ZlUkl2maz;5W1*bUArz;4iT71<BY6`sF%aU?zMS?*R=H8?0L27YoN
zy$q*rXE!Hywe<;4mD@JW#x`%|Ejzwvad8>mO>P$Dm!*K637cPQ@w{zCLxUnIHUnzA
zsBtNrS>iAZS7(52bnyjuA4@xfTrDpX!@a?yPFJ42w56wm1T#hMDz&QDG%2WFT+~?A
z3J^DH58S$!pfbyDy1*!{S`+C!|EZ>ir0U8uYm$ceVJYBYDj<CSVmaQ-Q-suolsfoE
z<fY%iQTd?i)7>A>F$U8xNkdRciX~xp+YDARZLQDC0hRZy+XxtsW5<q>!UfWG&~8)%
zfyQh3?WK=^HcdD^4DFnd`tm>H>R*Qgj-)RuU-)>0#B&ho*hxZx(9?YTz`MEw8*&u9
z*$R!S?S~N=!(u6U>UMGdgH^1f+Tse4Lhj|SkE~Oq2kOh!4v7RLJh*6?d+_f&G)De;
zhf3$r?@4;eVRiPODf)co&up}Fh>3L%vzu<uxmBS^-qiBXeE;VeVMxe+b>#SrwLIc0
zJ)#GGQj9_E8;+WpXX@h)(ke1OKE!u-!WRQh<-eZ{iog%eJmULB&6@T@;c4dI{@Y#)
z=6qlB&k_h?@BNwIp1yLA<IK#=W@%!k|4cN8^@6(w{T!`k{4?noK5)P!lRNpZx0_nl
zJDvEmDF3;a5waNef6Wawcy_vHFaI;(aflv&rTK1NG}lG_cYBaM;R60=4hsNY<^LG@
zKYavjl41B?LjeiNLipaV@aF6w|39YppVxp|s-E&+UH$*swB2B3*e&28|2H%Zin$S>
zHC<hWPW<;0K?*OMDW*U#C;Ox4XRDzR&;19|J#A_z9{&?rr!LG_9?36SFU~A{dIo?j
z@^!TYUPFwtAOOF$FZ-SeH~qNw_|Br7A;~IjA%P9mb9$WJSHXCIFadzviup6XCzw)`
z11oIBi(7*!S2zxO<WwB2pqyj6hI7SIcXwZc;EZ8!iHB*qruM0F)%eIgYabuDsCqeZ
zf^}jzyp*)>dPsBrZuER&b{p%?6Z2#i-ejfvQn+`<JZWb!uu%9sHFIV;CMhal`m0oU
z=`VN0jg25`5{&(_v;+V;5^4)rq1m(sK-Nwul*TcpFl`YL(s%;xD-PsCssrFH2_TjG
zkRVok&G`~P;DPN4l3_0{C^@+NRDWqv0DWry$b}kT`1e=|kDGngx&biuUN&n_kjU8X
z*Ti%>;;s8c5$`Lig8>)r5E+as&yl>Gu2gSjZv{YF2`g*yZrR{)ZL#C)Uo!&u(qXF}
z5_X>JEoP_sl)QrSK`hsPgn{p_2Vgx@<3Rw0MhLp|uCS4itc^T#_K~hCK&zW%WKQJ>
zJo)i=f=-+`F+}37^D>^3e88I`NI$fYWc&b4K_{A?2r%&!LYkRPV__}uq|2b*s=fjG
zvPrg|1YbYe9*t}X8Csjp+5d|V*HKfmqj%BQ_q^1`c|R8EPCqh>3SSn4dbth53ft@N
zr3E7b$B%oJM=Q|Q{dUsle(#WPx~$X9!7S2Jw-JvI(iXm^js_6gdHNIy6gO2>tviyH
zRll@0SG=jM`67VRG)UOkc6GIQcYC@1*J@6*<ygEhlE*)0$q8|TV9W~d+3p?WG&1L}
z`S&ZPBRV>RZVnGaUoq~Y`d6-S>c^Bs;8klTlCDBjGu~X&!HQCT6^oXEwmPS*NRt?u
z#zGA^@H;vL3Uh1dU*<GvTYn`^fWnhbd%oYgV*(&hx6aHDfNkbubS~$d<kE+wI71*r
zU&Y!M6f~?@OG<JS9RcBWh}6_?r>CW-M+v9TUk9RNkHP>2pxNK==(gn=Y4UULjpXG+
z-MhOSv#+Ug+-R`TWv<Yv1gTv*l>-MzMh|ofyJ6b?1=IM<zKElO{iUgWSH5`73L&Vl
z5C5Ege<s$XNnvx7@b&Ut3Irfk*U!9(zl=?hB}2?HiJ9z9ejLT+g|&nw9c~XfH#?cu
z8j;w~XA86v1(kZKFEA0kgSSd@J8bK%to9**h;RwW>@UmuE{zNQI|`CVLPuYmEEI0P
z$nhdQ`TZz<L>No`<cY=Qs|49ugQr)*>FI01$HR@`2}|cCoGN?5fGQ?>nQ}L)CWc-O
zq5m<{{+aaa;}|*iiH!c&@~Try1G~<Tg}W9K&t^z5@nrjL-OF5r=mUwKG1^_0+H331
zcmq~yqxt`fT1Nc5b#d}Xs*=}CTF6Y!KkpfSP!}?t#kZ>1QNa0$$NTsb79YQlIj$+g
zR>#h0J?7%3{_J_eXI127j?w*JGWI2-u@7zPexIrJXR_VPiwDj`HvKQy<|A~-@tCk?
zBcZ8_28-wKKn_OYMM24kh=`252NI1`$jOFxX;Y~5UL+?YAgZz09KK6+5A>cRkc7!A
zD7<sWW*1A<yZ(Ji$I~|%j-CxyFG;u~!YtG8=%dL~Db`26w0E@_+#H$Fxe!hG9GOoE
zr8OTvencQZA#B$BJRmUedFN}|qB$riB2rfJdHyH_;0SV+0Fax5^i#)$JvZtqGf#F=
zEiSs$-#g*S(qXIPKU(7+bxz2jTjCxCJ#CD2*eq~pr$2ekD_Wt(VCg)Ue_Y(@F?*<b
zAhiz7L23mO+K)iCf|#(}gAm?W3Slyu97q%-5^4B~$FMYtHDsptWH^1-P19Vx*;(=P
z+}MCuU!2QM((!FvH(uP=ezMPX?M<X&$*4kUd;~rdKmay>oea!sab|a(Ig}wB|4nct
zXKIO@r^4dY{?3Wa)49Rw$;&y(m#<c5%b-ik*ZQr8EeeMUDN2}Q#TDWYVL?t^UtfO%
zP_5<!v3o#@5Gn2Yid$!$rlzM!=o=&h;0OWda!j%Gk`Lm{y{Id0WMCimnJw*NmB0QS
zwx`+n?gFBGY?sxs>>-%!go;D*fiMfU9JnXekz*4RU1JSV?_frVltB5Ck#yw{j|o2s
zh7o`MGh)xzq0~u3&5!g14Xe!7+1Si(@rZdJeZtsv-AgN?p?FlGN4fqCD98>UIijJb
zN1U0l0rr{#X0Pp)%CxH(D1L)688tCnH{aqLPld8b0S7z75)=kVbA6@3qPt^-&?{!0
z{~`QYVImSw?RAQ4-}>s~p86S2dV{|(76FBI)O1J`3KeS^BzzOpsDCIf5YJp*=EFUb
zDEYDY!_!(>;=wIZmXm2!D6MAd;1hI{uKIuV0eK>a(uqpXUUE@kNrhn`%O?RwmMq>2
zWN2~#BRO&?4jlLZB}-rsh<|m?F8YE2vUV?1hG6%w`T=o8RAOW#Ts>ROdF>Tzv;!FJ
zlix~UsMH~`JpV=<$PhzN=R}eS0jdPl4-Ej2kXdjy4wMisqRBz_DuIAC<N32@={G@j
zlJaZFM{w{<K}nyeFU_FcKqz(NV9j%$${Tnq#qi}2`S7-owRxF_sb?%o7kkr7L>vjQ
znEjV=4F5N*VIKnYYCPxI0FJJSzN!o4<yx<O8E08;?lCrhu*m(u1#LOijMS`l#+AB=
zbCRow5Ly!4+NLz)69YHeZt1FS_86n0_n3Q2QhL|#%ZE4Gekpkv$x}5tqq1DDNwELX
z-_h0KOoNR9nPVW-eLy8pmM079RCnax-H7pc%)E*BMJ~^Z$2aVOtdz~)Fewu?k`-@J
znHZc9GHBYDw?{_zp<sF9OQjl`xpXEVHN;V5>`k6XE4xBd#eFy3Te|FQP_zZ<hUo1@
zFW32jFa`lLy;U)&0;vX(7ej8n-5>Me$a7lTrarJ$DMQ$`%}{Di4LM53nZVGB?+FW`
zU;M_h>&JfGE$&VZQQUcB!^<>+aXI?mZ#jPUY$y~S03xin&0KAZQYt7aVh89K_FkNn
zZ)MFqp=JkJNcb~bUlcv(4WrIp_aFE7&S<=A+k1{pw8}oIWB%l$;ASoF(W8%bx!u+{
zJkP`0EY3|SO?}uwb~^lh_CdT9ZS*32tETpCm+s;>Bd(frW1<;@SJ`M2)A;ASK5@CX
zb;tjF^m2UQQ&|R2I>kB#w))Q=<e#2NN=xRxdK}1POssv84-Fl1bAy1X(nT|0Q!~UI
zY~J0dN~pNctY9^#QeL+C*b{<Cp?{_)8$=i}k4@qgmnP@I7B=(L%9P6@TlpwgmTK(d
zVPf=F7<AcUMZJzoJZ|rccXwO8usXDR&bs)|jxtN!Sw7K@zlBn=yx);3Jbx;`I_QIW
z`z65>r{a`v9%q7rx4`fB%t+%f^f7cj)x7KR;9nE0NjpcI8}yG|^xd>i<{v(+KiBsz
zeP(M(iAY&1v3^$7dzt!}YU0N?_3}hYqc~pVllkvmw?^iJsXlb>ZLs9`m9)|2&h`EN
zWqT)rRdlmM*D%J=V~oES*M0w~*KrEJ$ct(}E=p}20(2<5ogP8b+$C*~UKDlw5uh@y
zQV0ns<W<J?PKSloauf4^7)JTH9m^WS3&%FG_)s=Qsy!8q+l39uBviDlJkBWSaE>&}
zSs)A9{D=3FYu=_k`v^k6Chnrq_Cx1$JinHPDWB4SopA8qf*?CPyI+%Pz7If2-&5S#
z&e+G&90{7^gs!l%Nm8i;C}IJzyMJeE4T^JH-i(>y@vJ0mY=PJM+~uU`*jRHyqTvpy
zoBK%J%$u;kBziWa^TCo)bkJiHTx}ieMjy8Q<f*vCiHcMuzT58+sUwPXAN<Jnzuo5X
z<-6{SoFQ9_#9ss}=(`PNw<Id?9NTGr93`4uO?;6Ylc{ICn(O)BWK$OTH;^)?fM&i9
z50y(Fs;l=y6`i0*1pq#T@h^8tIA2A@B1r$Q7TxTS=Gv-085k4<)nK<r>mL=n%`+p;
ziHPWK)IA#ZzQP9QN8u$KP(ELs=M!h5LO>M`sX!V{-rCwK+|}I?P9Ma1QQefM_vB{<
z`OpXG>HfpPQ6KIdd_vxUym!#$y8Xx8s<(A+*GZFGdytm7Z_M2>>MtdwQJTw3Dzqh1
za;QBEB{7Y=+fb>OAV#R2$+ZI=1u!(n0Okh%0z7X+K453S6@6%IJOVX)?}0WW9hx9~
zFUwBiN+^*s!2T)EPTz(?2vCpHLIE!;RI(sipa?1;fE>aOxFX^FBttg`vo_LGU|puX
zzPdWAQ@_t(>-Q=ZtmWPT@t;Nd>l@bi)c(c?_{J#TesPd(x%2RUoAGXPn;RNUDi!|p
zs`5E(>#!{Sf`(CdEL4-KG`<T2IXj@!0CJZGWDX78R(>j|uu%pf2}sgCxS;Z!REfZ~
z1?VFQt|4j1r8_6v(pcFP1@<BIprjH_4!ZUCq{>f#e$*s4NR$thqP&M#COVkz|DDXr
zRV%zNupWGM`fM)M-svicCSpClLZAVC0Vvj`OdJ*8ATr>-AL1aWg`445yA{BxD`|8(
zH{nKBh0U#<+ZPm7lccR(qEQcqL7{}aSDKjiYt->&=EnO%YL)O4)m1@>t2skZzUOiX
z3#9f3sCA64qMmI55x)-NJ)A_WY@)6+ai6#NeSY?Q62;xwoJ@m)#9oc7=jH#=0^9?l
zq2$|O+<#auUavJ9BBkX2g6PtD%0VhF0l4%iU0(?yO|39E4~92&HWv!OI7{_An5q+x
zLWQh^*V+wqL`;m??-9Ls`E8QC^toROK07({^y2Rys_)BZ&RT!Nq>0&fVIT?b)?>J)
zU7vjkOG*~U?kzO5vD^RQzx~>FPuc+XfA#WZB+&P0auU;cE!#%IeIZ$?><WR^diY}?
zr~){a6U7L!*k`ObC^Wj-25{ie+#F3ZJI+$@Oe)g^K;t&wFalg$S#>v`bULl=I>;oV
zVpP)vEHAoGG&7MOJoq#U%-yxD9Li**)7l^%8mywF`|zVCL}h$3BVz1L-4RsGabQ!d
zCh=QKKLTGXcc#qlN|eRcmYsB89gA&M*RXTl?EiGNICllgn)xN1NIE8urBQCR)@zDt
ztk%<=Ss-a4_4Gsfbr8fr5LXsJ(z7_1JjQ=%;mCacoDA&o^mW%ve%tlAevX~k=$IJz
z_YN2ttrxGYf9eLO0LmC6BO^umeSZH>kh@K-iM!F^A`U40276*~uw3l!!sZoR$<*S<
zh%xdQSHxtfQDH`24y(_ibbd$sipTw(aYjzVd`jeTj@wbO^uV(%%=m6oz@NMgjYmjV
zCtt{juFMu$WTYdvKW-Gqw(ZPndgkN%N<*q0i{2XFI)j;MF<l&2`sMIdhjYOD&{fx;
z@8Bv;-59Gt&NtRoKKk6Ao*rKN0dXiiZi??pMRm@>3<A#%#obVh+F%Xkz(0Q~WdryA
zms^X;gJNhRB@`S1e`)8WQw=3)QdSkzSgT%^?AL^P&#`FTQt^`(kR`R5*7Nrr;@jQf
z?K2UU<hG^8iW^<y#fjZbWo^V(*qGaO2jmuu=67_imCp26FtYk?voiySubjY3R^~bj
z)jgb0zzu3Agma%+>+~uRFg3v3@)>Wti$lryuN{k9XT{xH-jr(X#kekW3$w`AB@|4&
zU5gj|R7*cnTuDWr_r_6Zp3JV#vZkY)qBu?`Y-E!kzB9E|zA~OE5zIv)5aF8l(auGH
z9(MoH+(IoG;Bb$=CROBi4R|lBq&9^OE5<ld9-*NTE;0Px#j4cwXN_+b*##2g?j*Bb
zx$>qiLI`R+e{F6)E$?h^CkNsNDpjuJV2|gzmpj+M%7Sq3sb}{=KY=!m5u_ts&(yTd
zl?l~neqXD07{{BR+=H_a+ux;TZG9Cg>q4NC!gvKRxy|D*<dp1MCCc}T&f8pf-CuWX
ze#q1E2n?p67#EvAWbuQ^+h_Ee<gc5@>`vVrc#@O)C6E&;d%#^^9yCPpoy}ojV1US5
z;IB-|b7AQ268T7hbr%p@8o)$*OfZpnX9y{ip}??2$HLttj|YYE{r-Cytt>4yo@w{z
zTOQBN%>{nzArzopw)LWBod(eWNew}E!$aK)N`DL`O`(A1C><0^lfC7{ExJ!K!#0G-
z*lGq}R#JE{Ev@`PAq8zFcaB>8K~OG4re%Aw|0y%TxCq?Xshf-JTHKw(8Pvbdo%+;g
zD3)Xts8ja%?L_;kWYz@yn*=sXhHui-`L^CaAm0A*={~{_sL3aHN_hnY+HBZY;Eal-
zxd6^2itzsWeEI$`*_7?qXI?R8+qlsGU+sPOThIOb{!2)-(a@reqEMkk(vVbEDw>p1
z673yI6KN1>AQkPQy-V_vwuYv(r}k8R&!_u-f5-9t13sT0KF4w2j^pmm>-8Lu$Mv|b
z^E%J-B8ZCXti^np895}a-&f3ziv08TNKYdp{So1VdTMaar>3TYa9U~{=|V}ehf?>M
zgv&pj9lLFhc9a%$A09T~_N!2?LCk+`^(D<C$_ejsDexMfg2<_>r`+YE#ZK%5^`H!I
z{nk>x*HMQlKB9dDHA<_|Vs)=~=O+ss%V2##1W4!rJv<1SpGz)R)B6t=rKOKq?n?IE
zjtmQv3TfD5H#rxh{N5}jNl(Ps4A~NFMbO~32xrYAe<hPo8X0wE8g;LpJAq~T`v3H0
zY#r6qDr{r(o+8UWNTa2ypWT~0r<=L%by7AJ9{&SRDZARvmKJmJS*81z<Hx4TYMcKh
zXK5F$n*0%}IA7qC_3<Mp5@3$3C-|O3=e}Xc(dO2S0=dIcxZR%dLl*m}<pYV}cnA6v
z{j&M&i?hXhMt+2#b^2SVedo$4q!FOWr6RD#N7lbW(L(fPC;!+XWkt^pk-n23Ya^8d
zYhxxvH<LEh%<S%5&Bb$X)MT8jE`|iY4E2RT1pWU6CI$xmdUbiXzW1G<f&v3~@qDdi
zmr<l*VFWqj$j8HzZ+#t|7u0=q)T+ZPhov>nJ7=wSKf9O;s_K^*Ax8SLl{z=DS9sw8
zg8GH|v6<Po)~=_}GWVrFD%;`DG9qdiP@Z<Y?a@Lx_4$_pPv)L8f6V&$Q}yoMkU|%Z
zKJ==Fr>_cBqmun(Wob!N>_OYc0{NAL&u`>td}Tl8egluA?v0?yDF?Ha`S-sEvbdJm
zP^X}u0lSDVdmEe6?-~uYeObCieP+LIaf(6NsH<O!6a@8z2I=DQyyPEwhbODiy*H?r
zX~UBjX`d+QusC3?k<>3;-1cfAIPL(-1+;TUP}8e?o%LC0$R>qJI@EudJ>vRjfp_xz
zn*yh8hriU+D4sjVAh)3*R!u`Th}Usjm&32z4mR?YE2{h&`ty5i?@*%zva!!^K~LhA
zWq0YuSn<&DTZk>-Hdxt;JHj%;XFaF6FwNsGsT1o=i5vDCH)u@ai;Z|qYgAs%*Zb_4
z<jO?L17LY2J>|B*ZMOYinqiX=%91CB_*<y?sS)+S{SXSLVN18O`1N~DrOS9_a3(WM
zIr-DDH2KEJ&|V;6=sn%4cq)Hc>K}>lKU_1jrc+W{mkv423%J7d16j?ViL(8b@o{l!
zW){Cb<S;G#8nlUx40~M3qL|FP(jV2_70Un5XE_3*NnnNn2m<J==?(`6ha>o435(80
zV5z)`iHXsu^z-pKAhmkk%>b84tF|>1e8oR&V;v56g4GKTPw;9O4NK~D?)d%j>&Ip(
zhpyq=!{Ys>2}iEvq}DoKr(`rx*rs5b|7|2#`+@H+4Q4$aKf2wN=L|RRdgUW_)svt4
zQ_9Az6k3wY6nxwaY5Ef90-uVJ=T~?e{ckQ0J&lbVkIniWJNzd=H=-|0FLJuFA-2Y<
zIx*fykYjgQ_aEk1$%c#ljvSJ=pYKyl6ABxD*Dw{Dx_Iv42wSb!`<wp0o?KpIcL%dy
zj&*x||D^oYhsQ8PtVKFPufz9LMb+-2`my=RQohQK+NoEv%CD8cEXAX?_8jYD1*8}2
z!4(UMfQtSk2&-svqirt=Z;<cJ&3R*Co`+1o?=GL``3RaFGr>o?xoc<c_Ishve!<V<
z?(c$m$(2=^f$GLjU0N=(lLg-rjHX5`B+t^VWgTc4I$02xO8?t6pfAm8hTpWc$M9r$
z*&KuH205qfr6*gSe5TjGGg-H=U?0MfmHz#c9|J{0myZ7YLL99UgY3^it%0Pcix=`m
z$rnnV#oN@t!UR-pfuPOANws-1_<ApbgR5})Kv~fhCrp(9g);2eF*IlO=K~<up)<aR
zpa-Po-f&hRDENJ2b2BeEU9wc)zkfecFotd_$dI3g<~JR*OBB%6ZT3{pQx4;D7A#s7
z;BpY7G8VcrddAfzzM-w4){=cP=GvvE<qAnN-snu}1f`~5YE7*f6**tcTsydu3ZouG
zP4++o+mdeVZynVSmw>$4e9tHe-S%gOi?aEe2XG7O@iyoNoT4IBEXv7hDk{&K<Zx2m
zXP^KWTt5v)o43EeqMlx4OuS7+c{%r<J>(BdaUhK_P!Og7PUEoQAPh8)k)7TH9_yOC
zJ;_(26Ymq-`@Q?z?Vvcmk;7}1?@cFcFVThFlyginPNH=3ZJkRI(3%`6q|2T=XQjAN
zKV_#bj6G)Zqb8&B^Er^7Qqj|ADW?fDQxgJDPAS`6(30YLg4qC!mqN6qLP1Wh*zlkM
zxGu!82WI~rga)9Jy1Ati^~*(Zk6G*lv^u#&E}u=)mKihcAeecwyF^6P99?W|#61`Y
zxj96w(GPi`w)TcT)&R2n`e(bqu%*1Wd7A)D9&`Pj1Rr#Oo?QH06tuEDe;uYtw|__+
zHD2jbzWc6tQHY~SNK3IMB1@=0R8`%537g?oi=OR3&;+k(TUn@KmEOnFB<VB5h4kKY
zclw`fDb~Nh1R+RPL3h&^sQ)FDF5{ujG>(D>nBuzPh&2ytJkdu6hFL$2^Bhk#V0E=@
z=jyJ<Oz82m)#c!>xHsrJA7yKscQv~hQy{Hj6WAy8cLRM-YBE<j?&<2*)zGk>d&BXS
znTudEGs;q-_8nT!?@<i;-Da7*#@uy3$%2t`Cr{olWn&9|`jo`&(bgZ>*Vjk3z1DlQ
zvanjwHhP*|d&es6_|?2qjjvsE-)^hi7Vc-HhXv;ODkx*|)%SZQ^v2`wNi@~$1vVqk
zJIunB(mboX_wLz)MFWz>g}{t!<y%PZ^C=mt>u)o0a!UUar)&INd1re5yMR{VR*`>S
z39yokMgL8#`NFpf0*!P;Zg%E7u(Gli!`wmCWyyMvLEW{C+wopIU0GFBRP3C?!|)PL
zQE}_E+Gc$ItboV%d0(5rfbi)rC+qkJTu&ORq;aubmzfGkx0N5`*kz@|!pxUF5Eqwq
zp^dAF&+PN)npgNHwbtz!R=v*A(qTDKrFX)V(wdTV%;s~!g*mO%gxu%d01f4OBAg8U
zw(E4*1g4SQvHdbG`BdB!1BW|H_gEFE_$;>##03fK`LGCR?SE~XF`kf+P;yVo@seXg
zMuvLsR0duq75BOGlRave)gq7YbE)kpxH5kZ(Y&C?j3ZU|0BHM>9acc68D#arZBn(^
zdCtzc*HK7CK8{k?u9}>SeJy0i<dEwthG*V>RIpN`wd|$TUYd%Re3ga=mHf4YnekSg
zL4LjvC_ZzQ*1bgkkcPTaU^F&1@!P*1Dm|xuuame8pab850=NEpQ#r4cq~yEgZC<x4
zLwBR%%XP^ZfAd|NJUldXUpKh|oE!5)cI#Nf>=SJZnUf72c4}yoEj6&b);8w_#wQu(
z@RFyV{awgqcLm67p<*wqZcuR(yx|Z*bch1`lKB4p=Im=3<JdtmVBQJ}ZbHf+3KppP
z%g#<+RvJn)YY3m8BaSn>5z@gFqVX&L)zp~lcBU#!_-94$0fa(WCO!Od>oa)zqy0OM
zxLc*=*QCkKTBUI<7)$?Zb}`o|Z273%_<CH(N>W?N+$sCef3A!~U_ub(7vFZO=F>t{
zCQMgAGK6FXhX=r*(J4M<^ZdVm!QLRSk0MDk5jaiNjSTasIuon%L4XaStTYleSKZh~
ztN&h9GIb(Boeozuz9@oCn3l73fMzwfcKQ8^O}*L0wYF~Kp~A?KOSHp<QzLvDSZZ1i
zLnxDTElyiH;Mt9Jf8%7jSMq_za&5z^^&i%+lFeVgh8k*x*fGc!>x&X{H_}g0@|9fc
z4>R*%ktv25=KN}Yc<9F3iM$F8LFYp+-bdv9{Ch-J632t~(}ruQM9vIYFSx0gqCM}*
zyc#H}+y@SvpS4|DS~>?qB={)6>LvT<7s_VxRBx$^p$PxLR=R$PTxS_u`J;FG<J1z;
zd(PaV@4BIq27!WmQqulQmo6R2_wyDK)%|`wuy0d)#+9rvSRD{@`Os1253r#)*?29c
z*O4itm9Z$krH3<3d-2;Pk2uGQ6Q?H?@lg_D<a&x8d1(PH*J7P`8>uP!wF!C&jr#l&
zVmCX^n5gZfB)?c(RJwHdsNL^FcF(?kKK^Ygz$r3^t*y*X%c3jF_N(XCM=Ulk3<IvY
z{pr~m5EeE%RF;zJG=KY58*9M)=_BVnXZ|qz+kHEw+?sRamg=5)>qh$xZSKMP`R~j4
z{I*NkPweV+9NDLao)lz8XlptwiJn%tY0jP*6MvPyqR~is$>Gv>hqWrBj{9RL&)`-K
z0_9Z+g4rE#5^;Sb!sLy&P-TO|XW#ILU-phn*bg|r>61_m&gAVhESx^Md?0hvo)Y`J
zTtUK?XKZaVW2TEer}Mg2s{3!W_qv#}Tj)Dnds87bNWCv>GAo(-T-Tq1*!WLTEnM$5
z^prcCP5W{aQJrf|To1~EPS<5~f3Ee9za8$1P`puR$2Io)(3WI_<~qNKq%FzCbG!Ii
zMXGUuamQwAPl1#<_oa}XjqTmlO#v1!iny;fnoE8UF3sKVoKm-JQTB%a?}eRzqQv~6
zzNyJ`6PJB4?{eYV>hj%{B^&?IS78l}*Gra1(xmH^YP6i#qzgJTX1rrlrB84E>}Pp4
zO>7Dde!t#$aan3|K``WHgzSs1GTCj#%&S~q^oX$ku_^DeDG{(;=qjW9kDF@1%gP<h
zp|#qN$4|-15|pnWJr1CLdP#eASG#0OvL_{ZnMHNCHl064u;D|SVxM1;%oW%BDcX7I
zky&_0#BrPCPk-<6t0=kNn}GtJ26W07F9wy>x3mnV5JrXuH%(0LXeMdr{7NBQ6%0Nk
zCx`5V0~cXrFf^A;ho^A|4vJAA?{%jlC!}|xD+^z~V<VxhL*J}WmXR1`&rn))BD88u
zXCcxiwqv#Nlz|Ql0F$wF&X1S>z7wO~KY4=lJgdh|C<uE;F2_M`BK6wW1^~jVM4!q#
znQA?^Zmy#+p7<t3zbhT}Cyhg|PL_N=G&q!DzjVok;_vc%^k{9qSC@x@QY9V>kMLap
zZQPbTry4H#uxn-9Zr!X<sf;g6Lmjo|b4~9cqp|%%VQRsd*R`&#v)!5ZbLir<(k=Q6
z4<--h7Y~u8g`ZNYkYE}`gDQ5i>8gc6O@#E|*qHjvD&QIe0CoV7<k93RPIPB7nY8>c
zMEOhQhV!$_k3Z($xFkNeXZVE>`|?xUq#b(E;fnd>(TgL4_PqbBTj3N(OZqJzPd4o3
z=idkvKN~JPU>iUD*YN<xoTsi|=Ow)ctrum;e;g06`PTumgq7ym;?BK-=X#<OGHGAY
zJ?rTZNlUTRIDoY76LO!hq(P6IBx;r`x68DfA2u+B9|`Mv;BK76<En9>bA^Zc)y2Ke
z{g>GbAN<{WqZ@Cijjy{eX+mcMrww7<d{!8?5UfOEWkGdv4J(jnxWf4|1=0e4kvqe*
ztRgZ-E>iW?+NGZBjWi=P?`_<C)Vu8t1@%_T6ya17`&<aObQYKTEN8^=@Aq~!bKyX}
zMITshzvEMcHZO;m64v^$CThmTt#g`e-9Kdz0eVw)y}yK{RMb;#+JqOt<3B4aSLh-A
zT;a%(rwB$42`oHQ{G+L2r6u<fX1-i6U<eQ~@Q-Gsqr;At=NftF?Y!AZ`0<@P#BQC^
z6p`yyZn=Kb!+kxXL_mcjH;-N^mohI02eHlm=d1sFJ@DT-0}<{Fr2~~#HPQn^aeO?q
zDT2*Zn^dq4es#4J%H6*oY5h3mB0t{j>f<rx?W_w*%~VqA|MS29YaWYU;mX`q!r7)6
z5{Y$xS_%pAtBC6)HSje1sR{2dDlI`~9_|9zd6Op)t~`;`meHS};od-;Xn%&GZH3qD
z$j~WXp2G%eNsM%%#G$+<tXIeZ!3@0zLpDxJZjWN=`F3}J#12cf|IbINoml=+v&-Y@
zSBM3qT~5pODvXlFOHT$NEG)#LV<(pzYEvUUPdML39OvV)<elqf>wc|-CI2U6)|5H<
z8sp-Lx!&8B2zKo@%{mJcW%TR*95MM^UQYPh5*D_C^#1uYJ^Xi^r^tfY%j0<tOn$pb
z_C|p=Fb#%;4DDrVadGkb9=NFPMvn@Xo0+#ee8GU}#si_tn#Rq(##tBx1p7z+z*Jvl
zeW9e3l#U}8{jmuW;j0J1_(`h!_>%zU|DK}tD;p#~`>hd}?B&bMpuA%M2`#Oyx#2!E
zkJH+ab!0l3TUn)7nI)KC(bgWFvjSbI3`tU5TieK-3uAz>gHfRRg$oqi8=&!-_+cCg
zVQ*+CDBl~oH$Xvxe>@lv#ZSSva?}>pwz<H|D}Ji6ryLz6N%{~@pfCWSf^uNLwEw=V
znLi7c$J2kzyUcfZB^NGzjb7et{fK3a-{YQcvZA%M7)c)xeVRF+2P~9RMkU}v#ZkD5
z#@XQS--?hy;M*Yo&~~NkvoSv{ebLLtO{6?6nL1?`_a>YKnopm)8|ks=cXTNSIQDPd
zyFVk(xl68BOE=t5Ttb3^1gHVMMM8}VV16A51ZLXwA2bEJ^sv2kdRQuH@;o^Bby3ky
z^wtUcTvUnZ>fkTkD-q%zXBE3&62I+~)SOJ=-tPT>ueliD^Sh#0l~<k+KtPk&`s~RQ
zx*z7C>_Y+d1|Nj?I5<2U*eWR?py1d6p1;m>!)HyI+}$!eI<;K3#?L?hb?!FrlkM84
zY>fnc_uKTyR+?|u8CJl5;fG~!+7%KyFFvrl9Qo<9d*ALva~twqh5+M5xj>_XFR@UQ
z1ZbY2-vLILm>2*z<1xsNl+C#!Aq4ke7#ts`{MmWZYOv8qrs&@*4l&&ESV6uGxXh{9
z`FUP=<N|D|zn*kD%`{23BDQP$wYF|*;!K~eV%9dvk^Xg|!|<e|D|O)+DSxJ}?Qb(D
zJ>z<~d1|J7_{>nqGsx0NMJhb8sXYrbP6vmh-)<a2Lkb&AZ*56q$Yz{F?EcPV)eTGP
zo9ztp7eo{_($I?={W{;}CXz=x()<vJ1jHJO&^pa%Uc2^oMlwUGsoJ8Zry=}C*xujg
zf;Ers)iUB-;QPQ3^KDvn=Qc)%=W2Xf2M!!S{pOq1WAfxN0|iV1gLMbSPg+$z-?#9i
z#+7+OgTMXZ<gcRMKw(95F);(SuXSO<DD4i_b^PEPSx(aZrW5)2db#<2r6kuYPnfa{
zRy{e|M^kqv%kWI?jy#<P)Xv;4$Bi$+{RXIfY{)=in%vvlOL%8{G029J#>P*k$Hs2j
z>GtP<qoZSc+KNnt{iL3y((@918CTarottK6K^>mrWK$Cp87TEl&CCK`zVsmwPZ~-Z
z8hCQ-C!3m%l(x_Q*!|)6UF8Qx`{YA%Cs%VDOoj$+3lI97wmKeQn5b98B}<hTsk7eQ
z>XruslFdw~>N<{B<KwqckQ2~L5~tYJD_2tP_WXrW3Bm}M^Tf$Vu=NA4;-JD~wuhT`
zIx`SICn}~}5d3tx%!d!VP!i$5vN=qc1iH-zd~{XS#@ENlxvi}apXK>>gleyRbiT1y
z_WIS3x6^_=HIqJkl}q!$-frn078NB>vzD`GxW3lC)`I6B_XeVFE*5tuOeY`0*RtN_
zdpC*1<VVa1V1qHot{7~NZ{N<osJa1#RZD&nq|rChcfgj~e!A-LWW3(WmYQSJG!WAN
znkih**;DS8bBMgOG?L8iA!B63Pcl+!qVI5dk$3!R!-mQ$tHxtDttaD8@kIXIro>Fj
zM`{b`1LZC5L0(mruG7AU79dVvh~AlGc=U#Tyc}p#s}0>UjLT4KK00dEf7(nyE7|(}
z4zYO@#XzFB!$2Z%mG|;63UeZ0Prich3*iB4%6|XRKdT5Fgm>@w@~*jbAZG=!@i9DA
zNhe%&Ow1d=_UKk~TiS*QxOsCxW+ERsG;jQ4TM-Y(czoF+`)Kl~tpW3sFZtr*<Eg>T
zNqv={>o9%ers_r#V8HyTuR^3=!Gj~#k|09-IBRcnqxPewFc87ip>K^~>6Hm3=RauH
zb*kzQGqFd&c^nccpw-kT#-U=k=^jdMS?`kBYSK>}3Ll*kOZ1D0pxwIE<9LZzC2i}W
z>OAwn<<rVBIZRTAM6$CpeZDk03y{-r0Rmu;-i4>#kH|q|LqmPAa(w4vt!u?zRS{=W
zhb=W-`j1C><GGdNW<r5j+g<jHHv`4DLL{YNZ=e0Ejq5QVIWEVMGm?+VQLH5GxslJq
z?C+m!K6>ZB)DYAHr=s4sgO>?z;U+0?X?rek#^12^8$`C-)Q-Iwd=WO=a^3&v%Cif*
z4DxBFD(o3$_2EW<en_!*S32Q;9(i1+&J~?FPjuNj4v?2-UQvW3x<_Y*2@~co>2Ig`
zc+812>EcCqm<qsP{u(4qzMW<Tv*gn+&kEesYf5I}IBGk}DscA2Ym;Tu0+{L@ahQ4+
zvpggIC}ij2)%>$zM;Ku$k0Oh6(kVD|sJNIgy8(LdgB5bbSw~4lC^IH<-riFD<1LjF
z{%KbhqlLV`Oy?gYPbnA~87+)ixQzt3thJ#l4&$j~X%?1rNHh5UZI%SSi88L~(d?98
zjz7QA=7@Fsqx8NiRrAC9l6SnKSGUhK_5QL>K#P~pV<7J9wbY*w2hX*vDjmhHbTFRX
zOtd?m8?R0uJ+@Y=oT>4~meZ4g!e5%pGo7iL-$MPdi~YQxu$l%f<I!S1vke5ZDlCk{
zpNr_}66W&++(3hi32x3XXdK@fThz3CGcdz-xeFWWla<Kp_j9>%$uvDG<?j<L=B=3+
z184-a?7*(^giCi_gV#C|q33!U5YRnT_Syi6&BZgSoOFE>Ieg?R;S;nT3@;`sn$NlB
zD9`36tT$#0h!_bqI_do-<Aq_zNgU66_vT-(KBc7OQ}xTI*9A%S&A&MM&(L8$v&8{D
zq$VtSPZZRzCl7BJ!BNLiZBgR6Vib|Y!xLD-XU2;D3K+ikW9iF2Bj9XLW|wP4>XmGy
zH^7^hc2PZ0-1@+GMK0P0IiDBDX!pemNv0l4EpAYklRNmrkoG!ksi9}I8!o^rLiQAJ
zMn#2oX?a<FX9J|eVtUN?6ckkQzw8ka3DMD4N3mx17gdhF-Kf;Gw(?s`Gi%=tS*m=A
z*&>}l!<QquDZ5J2tw=tnBi{0v!2x#x7(LoUq2gw6dZI)!1QUI5u)MMsQ#6Ga2BZ8L
z*x0s2)p>)Y@Dtq_(ml*nfDBzbGuv{4&8M*NI3xzrszqIOi6{DNBK-lBs#n-H>)0)R
zGQXtFC~}$b7e$jaE#3V0kLRH6qeTS#mss8S^6a~(meo@lKl^cjm5licah*?+KlvTL
zdUNlEXH?SDku}}q*wSb{K~>+?>7V8ig-SL`Z!;`40%GI6y$v7jCZADKBAnE*2C#vv
ztk@-P-D99YS}E`7m}^~>4cd3*Z8I3UVxWfT%d-TF9p?CGXo(`?x3_Ea@$t0;qiNdK
z?sZlOh<-U7Nrz{a6Auf5)~#S?cbIU-g%nwq>OOS6I*q9+p<<h%H`K_WwX-zJN49DJ
zXLqoXggqDt3fYV{AP5fzZ+J66NFMFfv;w^6?#LqfJiCac_A^5Vr~Cy9K+|kXBc=Iq
zzbA@Mj7;L+yGiwnIl6@EwL>A;5cmio^Op>-zFiAf3myou-xVz{FTZIXiLUrsS$P1v
zVLJ;;R9+stELDPT!4*drbm=@8(z4cnh>Lr`K!GT~p2Ww`&n+RrtmnGO|8Hst+MDwH
zyQ^u2o0)|*@1bc>Y$8VZF+gRACYe{Ai5wO>dg2G(`f8=<uLF7D=-cM6jIv+op1Li!
zb?x$yffGSPo9dY}#L$Fr*P^_fy}I{GtZ3=!6=4Le^H1(3qoENp(~^C+=N-ATaQpwh
z>jy?Y!vlsZ*5L^%N?z}jCc=W`dn32I=&)|vcKxtP=vjd<X{XCec?AU>{iaoLY~JNj
z495=GX>R7;0IA=*W(^GuwE2){x7^A?0t)XVj1&muO4sE)!1h=(>ozBWN#cxL9Ee;`
zBFt>LH{iZgF#P~05*0Vxng~ygV{3n=8Dw8aNB2D$SOPnpXWu>*rP-D{!GuZANvd^0
z<ldP~7o&*Bt@b<O^7GsGlZOWfWps2nNvAbrA2Pf+Y{5n9@?|-ibSBN2UpN1ykgLvu
zo9kLyM~_?BF(z3m=hT}a4Q>6&)IRwk2o3K+{lrRd)qXjQG#~2;+crA>GK?weoseST
zCXrg0rV}pTRNVR!Yxe6ejl4cOlR7wPf}D!v?j8e64f+#*NF>7e3;8Ej)jATI5@oL9
z;@{y+@#HPfz`)TXX9x-zJ`I%1@J{HZx#50-7j*gi=gM=)-x|TIHSaIbDRka(&!XIq
zLxW!{!k5J@G$<s{YV#&5cAbN6UmN?1U&d<-`h8K(5hk~yzle%t#<5^jhKi>8Dx>UA
zyz=_%%zpB7XD-XhZP0b-V|rDQ;NE|(>F9B3Y3UaSjkZKU_cfG5SmIONN4Wq=nbjd|
z3+usJ&KmXPW`ekiJ{a$lzyuIkpDeI)5YF@N^v4HhmNVW;=z6m4C#Pu&6Z`?JPuQdg
zy66llPx4f#D?M+T{N-;og|dg&RU@@x+uoe1mmjErmF+)a%yU7_Ca|%q%O9jIgkk)t
zv_3d2Awigmn;=;Yr8YHP&Vz5e1Csh(gqP8Za>#!9bLXB`T_-3;3>1U_0_)}4bY!|s
z?Z?$nHS+7l(e#?QCHd!3d_o5f)b*SC9ipV9oWKtyS6ma{KMr|=6ntcg^^^<Y7a;o+
zRornV5mcQ-w7k_HlCzgwFRA;-Mz!->joRB>a*h*AZu}*QIRob3I;VRxE(vN8gLN3L
z$z}b{wjE>hU?6P!XIfxYVxGiBa;M%sY%Mu6JNqNQYpH9pR@DZKD+#@|Y|~mXRvHr%
zlkA=mjsWE})W;ZHvX?VC9We6)MJ@-qMv0HF@f-t{(@<TG4%aVHS7VS*q;CkAH&op3
z8h<5f*f%F=^~^{l9%B+&l@Js`xmG_No)?gwcjj+f;_j-Vm|U-JTu=g3K7?C36v{E0
z1FD#A#49OzC6wimK`FsUM%4iE`F4dUMl=R9+G5(P%oD@=L3XaIt=;7^D{5TLL8S4K
z7%>ngg^847En8*v(e1wAf{2T-BTMzhG>`NY0%olLE4c2TzV@ks?1t1^w!Ax;4g?pz
zImDrX!dyR9(|NCM!U@t#%%(scMx?@Cdj5O+KG;uY9d(G#FmDNU?d<VstWD!zIktD$
z-pYi>B6>G@sUdRJ1I9)}zke64b;ek+U%_AtdJ>T@Rk_8We_0>xHsbaY&DnYh^cJys
zus+A;imZn&+^l{)y8?u{{@E5q_n28<O~~;*7@#K0>B))Hxq3Rb;m3Dat(Qfv{V_JY
zaYM2|B_8ybA5|LD3Q689@xH!W@^YlsuU}6Lps2Eaq!1<ce(6F!$z7x0^K%s*Qgm|W
z_lZmS3q4`^Oj6VV>P_8~y~D^F!giYj^PY=j<eA#fm6xcBV;*JY_5$NUj#qvxB5w;i
zT-HkV>Ev#Q_{6Ght`R!1Lj(aCO`~RFA;G-hJZcxeavte%ze&rHrhSlQJ+e<~J#D{N
z_s?BbUGpAVVKw0y`v*2?46V-DtQ&q+v{UOkLxAGK_X6rZNfkR}moKW^ayokfhsa-M
z7R>A1++*}K_E)*yK(EX6n1dm+%Rt=*p{NNqTh4;_@9BI_I~{*!2tK)K%TcbRx#`F?
z?a<`zeOQ~5YHKrU5yxpFi|r?G<u6Q!<u9_QsdwB^RN0d-Qo4!Vft`~_@8?DAZEU^=
znA-8V!OH-viE|-&ZApY^xasG&Obr}$(2-`&FWTS6tJD;h5nI;~@0!HLn6on|!2l-w
z9MD_L%^0-6GpAqUp|0=buN@JgLCy7biHj7`V3%l*jM@%4Fa#`%l5^d=)>h|j*VLWB
zX59jpXnuSLt^4FJ>5nghn%g@cu4&n|j_GkSH`y3ew>F$j@ph&ON|1ulb@_FF>HeWI
z66w!!(VEm=At7lORxz5-e)F}as=6Bf8>bKV{xmrse|2lZSu3IAE%ubs1<$2+(l9zO
zAsH668`p;ag3}Buv_tz64OKcHPi}p2R#8M>>l(M}^Nc*c9Le*oPmFvvwz!OzhTEyi
z>G~)&QLW5n70GL9y;Pjjxpc_`yzF+~Wq|=vU5bY27<TW&FDKQnh}Tbro^Nc4-JKeD
zYxEShuk$lou1SGI%_Tfjch9D6Ul<y$yMh#sD1F4cL_Sp5Z`L-#Zn1vP0rC)065suK
zmX~fI>!-E6;5QqcY&7osbN8bYLNr7;j#)8H=J`&JvuL%1T`0NQ$FR6rKx>P3o-Hk2
z(zB+zyIJVGKH`*OPE1S;9rf4to0KJ;)9QNi@lZ$#!pd_&X8n`0beBVY2?(olD|L#2
z+m3pxk@M=mbJbUUzDR+9^d2=cDqRs^ckQ{6K(4xXu1)SFribO&oaohk#KQBoxSX$2
z2?!-0lr-bd%`GtbL``}&_-dv~M2S5&&z56n(=LHZSH|mq>;Y=l9789-CZCAjABI4E
z;cw&pT}u3#Fn%r9vTqAfRlt__I+1x=4+XxRZ*FS328IFF&u6pb0#6)FxdSp}bdtTj
zDK-TOv+NNT{sgPF39QLvRKg{3>hT2Kh2zK_5>AwC$JxC|PEg^k!$=&0FI9@QLSSZ?
zz0@}DncdsPDk3Mh>aX;i9k!ABn4?4xr~w%g(^f+CTz9~1ig1_2keW#p_ir)!qrvNp
z?!8G_x!%YZaA9X;%vl!%V|X5(!}@{p>yptt=jZ27i%w0gi>heq=pfqVC=b??YT?>%
z_XwP``N0EAY?+4{Z$4CF-gwNt1QeNDFX1n9b-tsu)fZXc5sr30KR;y5*ajqh7`~-d
z>;Qoe&LHK>MW~?>bDxHXCk`KTR@#+mr=h`u$$^`r>Zp*QV;mX==X~QIfKl}U^4ojH
zqO23mMXO9$0=9i1)ZXr}1GeG8K&RnhCpIV{A@LSDYIt}!(VN4t0}lp(Vms?xM}~(}
zV9iD>9$D{uY<JeD7F@q}4P;ja78Wm1%m{g=ES0sbZSH8h_ZRf5x7bs<uY=*6^}-))
zg-0l#fkEmy!sNpRvl5Gu-5fwZFK*VfOH6D#WFi<VCfVAy$ztNFo}NF>0FL9%tiS_d
zMnnu5NYX9vtqc+26%)IZdl1#KL6(K0`)x(9F_&@3TG!z|fjg4i5Bo+SsR7At^e7%V
zH!^bYY1X|o+<3w1sxULKDvY@qN<~~ox&sFEMsY>CGyi!gz<Hu#Vm>En3Nw#(<gv(7
z5!tPy8lJ&t%sL}!A_w<iSg6!nePA=vRH846BeC=^HR8;Y@4(7@R|RwrctfxjMkFOh
zno)6!x~)3H`?-y??er!c{RvZ~Fbt&ESy}jSa7Of7tl*bP|AkNJY3nlH1QKvwqy;?E
z&jSM1ac=<F9+z~`$3*jN+U}pUhZSR!lIV1Fbbv8I7eb;OXw=;F9w{5r=T4{JN^O|_
z0fHQ`toqk^80t5)2#t)gdsMpKPBLvS*oj;o3zNJs{-^aTKRBAR$uyAZ{TMB=Apl?E
zA*Z$R^E9LTzph4KbeE(g8=Potqj9CAiO=j7xK#=gKo9|1XXBcPhYS?N*f<o$ga86i
z)h3iQdPTZy)*$}ATS?SPrvwq^p4p}jG^dGKK$7z^Drpp{1$nu-L};brh63UVl3&K6
z5brQBDJVL_`v*xfH*N@cFkr^vCulUIb3~hxb%2@NLkZgw3}>&KwVaOZVT6xfpZje$
zw-dm_0q4aGwyzf_Z}~VkJ~}Fgax$3aNv|&p<A)03Q%_Us_?1&2Db?8wJ?lmi@hVhy
zt#*6uBs#pvkIW<n1q1}J7BIR<exRC9Iie`T4w*85cJv(-XB>GfX$7>lPvE;i=m`i8
zHq-#C|6Q}zKrs@kA+zY!Rael9N>GzQbA?JDF$n+(K_26<hDI34KiGsuA@p~|25+}z
z(n8RNiWbvLaHICnd%V;81ZLHzPoH+}*>khSivByX6bKoYEY;a?NhbWdg#7I(X~rBn
zVn1P%&<V;aDk>@`S5{WKGt5z6zO13ad*q0wqd!_4PzaK~(B(oe{*1EY{{3}BW*j;3
zTd@r!G%moy#n|o<0vDnEa$V@&G~~j&Vq+jLzY)p4>!0k>E7Lmnn>w44kMx~!cFy+=
z<$EiI#n4MZz-(YIB8SV(%VR1kf=e)dWLp*xAeB<!W5W0U$2$-OdMVFhgn+kq`#mLQ
lM8g1fQ8Ez?E#24X-9usxD00@jV$M8CNnTYhNml>C{{n|fGQ9u*

literal 0
HcmV?d00001

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_simple.png b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/docs/resolver_tree_children_simple.png
new file mode 100644
index 0000000000000000000000000000000000000000..f05963c0f0b677ab0882628de635bff7714a85c1
GIT binary patch
literal 22889
zcmd?Rc{r5+`!+t7kkCv~gfOLqFvd<Xj3xWNN7k|LyKEs-5mMO+C2Nw9Jt`@Cwo*uC
zU$e{7b4|TJ&*$^~KELPqt^fUw<9&EHGxyy0Yq?(6a-QckH?%dC>1j{UA`l4rODcF>
z1cDrmK#(1vp@Mft*JC9S2&(5kipD;!0rrkAb_i~)!ry;!3kx~8d;4%>@!Z0~RvsP#
zwvJW=FDqAX0XI7zcndyvb+>i2ceJzpdyTM=u+VuSvGZ6VeGHZxi^GVL{$K?pC4^1?
zUT;OPbNlCpq5?v210D@48%H-EcW;Mtf3NVf^YV6dcl&!o_%2oe^Y;TgA1lJ&cQy3&
zgZ%Z}0({Rq1h@&w2jNA$yh+z!6=CTAj1g|__|K>=VRVc&12IYxUOKM!YLY<)wwmx{
z(&gf&KI$%_-UKBL8*X7GeH&2^C2nDPAzf!19d8LyClz-mjBSvbx{tG?r<0GOsh*Cb
zsj4<s*iX^!5?)A1)Y@It#mO{4OO&9c4&Rp#u<_MW(2_9H!uqKyVO7M1j4wHRsCYSO
zd+Qpzi`pn*-F%f*L;?c?m9hGl2*SFmYAU`i@(y-dIQX_J-b75;%gg1Gt&f3%qq~Em
zx3RIIkp@A?Lr2NeRn5u3-NV+$*3n5%%|qMRR_l_HiIoaL!Ae+CPea?#G{D;4?vjC|
zo1e0~Btb%1-&xF5$WYV72x}66*D>%Fy`+j23G&w=csfXU`Wf1LE9>dw1D*6R;(n6O
zLB5_w%6cAl?xISzffD`>nwma-UbaeJ9u8uzcsnImPn@@^f{D1Wny;{imX*AVn-<>3
zQ9<3%%1d79(j|3Y7gskcKgmFC8x0jFd6<cknwy@as)DhHv8$fCqK>1ewu&+=tEQs1
zk-P%V-b%|EUTK)BX&FjNh`1|T*~yElD!ZwQxM0<ML;~Oj&SF+3L7uiwaGAK4uamQw
zla8{ei;0GwfwqB`zJZc~i=C(uPRvz78KWldASUdfXY4HRZjI3w^3d`T7E_e>_Vv*e
z*A#ZuRJZfj)pXNS4m5Ug))0|5G&Hme^fdK!xnyL3Ay`{oQgy<pUXpjjsgicUTS8GJ
z0B<ZR?%^bFpzRM&*Re6ya}~BSbqp}ZduVDa8Yu-St2>x#dt!7Xto)okT&-+z&Kg!a
zcqbnMUfEj$ui+4+<BnBP(u6M)#8u?gm6h<`Di|?OJsmX%D_uQhmp}uIgO|Ovj=O}A
z*d-qmYkwC#7mSday1tjLs-doOkTyoo)>hlv4{l(re#uW#%t%AjK+#RY#ne^b%E#SL
zUddY7$Vp#ULsH#P(b`)RCn2FMV(6@3Xe{Ar>?Lj=pd^e{v-20zbW<QWiU-;#>j$`a
zI5~@ARqYJygiYYK&Nc*JyaYi}!cWynGa$g-OAqg<hO@Gllu(0>QBrcX3D6anCm0gk
zeF(;`#yCS$Yl$G603UZ96)`ugil{tZ(n=vnLJ{KzH`8_!cMH_ghVMB#nCJ%Rn;He`
zke1R~SyI_p1Lq>7FJbTQWa6j>6H+4Bsbc&*Jlz!o#2hYN5;L}P6!x~(^A0fd(f0}R
z#yUv`!9~Ud1FWr<e1KB`)&%da;^*b%jdvDu^}%87MD(4NgpF0aRD(?2jWCL8&VF84
zJrBbmMQ2|>S6^SlKo2ZdP1D-i+1E?b*H_2M*C0?t+}_Jq(%Q?#-%A{;4o*v6UrYpx
zH@5Qkz-kK->?Cyc0*!?XyiH9nc{<}HTzyp?T<`{>I4?<iZ6^~uKNAsOjJz$*4!-Cn
z<n3hZuP$yX?C7auVCAbP>8c~{t7&3qErB%<RVJCZnzfyzp0<)|ps|gZzD|Irr<1*#
zzK)KTyq>PVov(_ix(nDn{*o(RQ&UMyMPAcCNM76DK~djP)Ky7RQ_{f}Z=+@EEF|iz
zrJ$oM9OPkQt?A_L>)@@RrDU&-H#M@oq@d{FqpGj(BSe6uG8M71HFY$xmI$;8P_PLk
zxD&9dRvxBSfes?tYOZjBj;N`mV}LmPOHx}y$3w-?K~l+6Q6ms<W9Mv&7jX;>uv73b
z5%%y?x3ZDc^>fw@w05^r!ou|qUXHdw%6531JKobyT+9~dg?AFOQIx-=<|yW>EF`9B
z?QVio4pPD3a5!UE?*Mh2qrROpURO;=N8C$Z#93b6-bvZrz}H?^Sr`mL-bdcR8*k!;
zQF4bDit2$j4*K3=^6u_foUj(b$IeApMAccsPz65Ju!6@6dHG{SL>+BN{vN9UZ~V)v
z|8eo~`kw%WRou=vWrjd-A}--^`T-g9Bf-Xugf#K}oj9evQw?speSDf)_Q}3M8`h(C
zqs_?&ss+Vb>5lj^%hR}Bw~T$FY5wzNF~-T~b%aCi4W)`K4UrSR{a0kTas%%3@QAdT
zFygyt+HhSxB4cA558K^pS$9;7`ZlL(v-rx3Yio<<W@ZHkv_=%K#9~^Ry^&sPv_h@S
zHXXj6NGo_J<&_8gpXFXsQY5Rm+t=1O)`H^Vqx-*m^OSE}h_-&@Y{o@l?DbVtXigtF
zC?g}2kdi`k`0!yQDmO2Wy}>EA9Cs~}#-^hnApzNuEo(W2v9z>gK*wUz$2nV=u{TMd
zjY<%OT4TS#>k4twM|q^z^Kqn)cu22<zyCkKl=k4ki0o{Rjis^pXU~M^$C@~VQ)45E
z^uB(6=nEIv$3iyQZ?j2W>*!GT@$=i*$+&%+!PeeBx3Y4*rd^z1VUw1Y=J9LI@mBUy
z$H|LViPVQrN(6~giT)WT%y4{Z>2O$B*u#epX?}-I_i!nf4L?XoO+D!E?~g>mg1~=7
z8m}6*)YMd^Z2zUv3rN)BmzvctLqc%xV*=(xZngWyyH}NmUwEFnlazEmbU#DV8+qb{
z(<@QykUtwh&BMckKs9%FABK?I^4-M5WO-wQ3dPdU?im~`eOL9-C4yu}>QKUuAGS!8
zlamvFP-EVu(??uBJ$v(Q${SfOOB(7VqJq#(h04jzm3L1&^N`>C1rqVp>J=4UQPJvq
zYh1!R+qQS_aB^~pmDN=;gsZFT*7B>vT*>VyM#iX=6lO|l>b%@s@<)#zwbZ|P^JaN<
z_0{(36bgw%6zbn}?90!oum3U~L`6kq-IXCJ6~8cCdC0=TLYs$i>(^Wv>g37WYRLj*
zh@haLr@nKB0fB+dBO~mqlbs5eFS8?3)_z4tN7KMIsh@fE@KTb;?v|&O>DXpYP7YaI
zT%2*G6O+t^3#75YePRxCkRz^LyC#Q+A#d%jc9S7GJ3EO)Vz{|L%;U#r2TRSU@2PUv
zw@$PtleVVD{Pvq$$8CPC&9LF;W5J+eCBy6Lq{%5L;xsqc*Q4cg5Is9alBftG^4PKK
zb^c4UyI)oo>z1w&kt{4Xo<0?_8igI7-WAE)4nwy*vul59`|b!5m9LfU=5yhp?zt-W
zF@fFS?yL)(=&Q@k)W%gVsZZ<OoA!>$Ep-Rtqf9F7t=`^dhp{HKPiPnFcZckyrJYbY
zedI-5-S^_M#+ENN-Z;F3-+W5*W=>@#)A;y!g34**YB%<c#gRi`Ls8MuWC(_nGBjv;
zIABjKn{H=io!r{q#-S5Ag@un~hyFT8q=9cC!ee9UxL)k8mxVEfihbv_wq(OI+eB)b
zo3o)$okB4)6Muex`>L~({^(iFsPuH!)_9KimoMe;N=n~g2n;4oi;HeZou=;sqamA@
z+iZmq-HqX*vf~ahhdMtc?d@zH>K>q^w87c#{aSCSSG&(2QCC;j>>IH11FYNA)3e1!
zw~!G_=wjRt*_b!sBK8jrMG}|CV>oF0^z`&__!mAiAG|HYI@3fs(fUS4hx#ZeDAvhS
zH?&L+9T#|=cuF}cENp$ih%;zoAb+o~<B?jj9A3hEGFB)Atb`LSA|_@%SYpD7eqLEg
zhRC`Y@*Zc4AbBNv+Q(YiN**3U76Ic2)YHZ2!9J8+T=?&*a`W=>ks<EgyQj^2j~EyC
zCPyJg$ahwsjzyRfwx_BqxlayOIz`(5N$*V38I5aYWrE?Of>#6u1+CKjUi45#<mRHS
zeu0ti(4(u}MvhF5)cW$BK60bk_eJ3986r(hO$~yRl76B2Jv}|WJhCQaM~p~AiX!FK
z2MkM$BVY>Gh)=zzx~3ZU@1E1+OjL=QdSYBo-q_gKvevjnfhf@DWs~-!YflzbR#72(
zwBmO{1}PKcSjEBgP$({bSrHLNd{jvZf7^stLxp~5Xy`u{+)>DV=1j}mx6~*UN+NLO
zbiY%jN%zv?V(X2gXP;haCRa}pA`^EXecqQgyRxxy{qf_+&5m$JNV64nJ_eKg8Xk_Y
zs`Yyz;q`+!dga62yLUq)Rf2+Qg_f#ZKgUuf_C3}*)J_(D=MEUUW~LN(N1kDEH0Pa!
z1O!_C$`#JZ?(DL@BS(&8?fe=Y9ZgVu6x2Nsdv9jvBBEhDnuug$i>-7XvL0`VR*GyZ
zGANG9w*J+qq@#m+s9U&<jZ@OrMpC1sNe<oH6qY9%e6!nFqifOxH#avfM|(Pi<<qNV
z%g}>p`Kwp!N1tn?i$xGgA?3ku&Xw=+ve$?nU}09j7Dwt_kKo-#Y7d}WV3)`cmoHy#
z*<y&x$YA3l{+ODIBt8w^bh8Tb_QvMs<|ZU1fy)hBYS@I0@M*C%H_s4KdbG5Ykep17
z{=o7omj&DnJDzmt(DIs^w}mc9OS9_e=r}k!M#$%c$Hc@4mDbg<9=Q<}Nz4SV-0?0t
zD(XsKzJ^qMWmOfe5fvP19!6U88m~7vXNTZ{fdS?VLC-xNT`#>{AAquHjcrakt2O`Z
zDuQ%F^)nPGtM>cnRn*iJoSce;KI#P{9K&!A;rzoX0>7!EqJj)9Dpy20Iy(05<Yr$C
zk%BNnieP5dZU>W3gzYR;YZnhd7`SdOpe!#>{;Z-RI{PA6eD=;SIE~<oc7ML*5fEr?
zj-=*FRC#)J+beQO!Pi%mNK<T7rlg=i@$K8UC{uo|?289_r1R}I=0A~+GA}Q06jlrZ
z3>?=Z;B%w1gZ&nUxp&v}O-ybamfcNwOQb_UG?C0{ZB=^x`ZZ1DCakSbzH=i#$;li)
z9s{8ug4om3^YwvfRc3v?jLIY3{=vcFb>E_*A|a=Ko-a*dV{T<SW@dcm)<q+RrKZu~
zcdQyEy(h1{zk9BwNz`)s+_`gzps<@imzR;Wd7bIvhw)KhiJ5`)2O<_eSF_Ti5f8L^
zqOz63M>n~JgtU!^mX|${i9%OIWMwUlk9YpcknofzH0%V2XdwHZlS0#@M{mCFAY@p-
zs^Y;|KbG52!(!GqG?2;cNGf?B^m1`2K^hW+ZoPG+YVz~-wVLcmZ4pUTZ<X!*XR=^Y
zu($AE181&op&b5WrE~If%H;c-BX$0#u-KzyWMmSdyAr#5dtCQaF@!EQu7|H%TdiS2
z;Mke3hJ=hyOhhj=?l4SsXUBk_u@z>yFL1eNRZ&uVWo1PuaODSChz8^kITkSuBI4qw
zL`9jvyGV(iSMMDhybfCqkr2mYnlD*#Wifz7fq`9$5~A*tCjy8Dqh>h05AyOTc<-q)
zzbs-GsI99@%+8KqTk{#GW%LF&e2Sa<0GzBdont*c;k&z6*Vfh$(-%$^u<NI%rS*)C
z3hdUEmeSA6%(QiOif)~}cmF<GTKe;RNHhN{NbAm?h2wG!4D}G0NaTkPy5pEm&K6R9
z8!EFrzW;4!zM`9yMvSXcBeo{f-J_ZWPMtaxt+#}4I8Y@L=9(=N=p|QOQCoXLx6nt<
zQt$gcBMa0`uN!fykFLeUP|GVQBxYsZCRufKr%UBkEiJ8a)l@jnuU@^PFnVH+Gc>&K
zv7xbZD+}Wd?!M#QIz2k%(Zh#wXOeKd_i`H>Eoji6t6Yyxeu7;k2C3b2zDAtfXM<xS
zPeT^elydsWyYR6sx3%eBzu%IrDMdxRu`JkDt}@q~>EiCz-(KI4ze0ELAkM}nuk(I(
zS{kqUps9gD^w+Of#w%gl5;HShD~7C}#6a4h*=3A$baj2RGSQC1LtZ2Q$yo#0+gNDo
z=Lde@sLX;1o~&O#c}HWRSonvRBy6zL)cIh0$o2eKQ=Ez*%+a+ChzvTox>mmH#^ggT
zFg-oZoG@e^$x4lC&B(~%{Ls_G8O!mh#`|%X`$!t6uA$)>nfqB;0_ORJ2hk_eIK38z
zMaRn{=+HNA+<*j(HDM?y>)_EdoafHH>n(2n_@ITfUj!Z^DLa70dGW&7JyZi(6SQ8m
z{1MWk_0Y6l4<F>upFhh@GLg<B^?`ak;)@+0`ucPX3`9B04B&YgaTSJ2O4l_5{lz5y
zwccqvksTS5kTzuWIBsum%OihoY_vvFA4YO;9EJoX=l$c9Yi%=qk0BaaZ4P1HUORBe
zCp6!SO7+o^?2wJrW%nEST&z-C7M+2D=vycrqJOFu78XKA<lyF3H86`oedTOPNt%=P
z(D#mx&8c$iJHthEIPA8zzRtA&LF5=7avlMhGs*3~Mb5)&9v;i#mYJ(E7z{?!$mrW#
zS<_&#*epK|Unk6qh`N5=x;Iy`%2@Qw5y*bLF|dd_IuWz8PBKAjZN0^|{f7kWudIJ<
z9~?B~@^Ew;wU6uS(xhV*>zJLOy9@a-ZFR-w>Z*c)!95R~8Wya*9Pd5(9PO`fIl>sT
z`o4VO*PmQpTYFvWJNK)!&~tw`5FRMcdyjO`Noj7hV@RY5IO8*#88mP{q1>^xwWaA3
zbNLuvP{8Bz<poMOl}_)mCKK(gkp1l`L^!x&+P!3YhCgE+#^F0en5;^D*QRy2h$SW!
ztyIobl$4ZTTcQt%ncQ!fn3xzJ@gF;YvVvsO!O7_e?=8(#;RB=u5CW_A$n(dKsUb&@
zx3lPMFpIs6Sz8`g$RVGFv?nUP%TYet4_R|{TbM`#xlRkjPK@J+(>aU{_7<Iuw1*BI
zU8FyH<On(=vACp!@%__^<_Iu(fiselEO2aJQt_GcLaqs^RaKBAIJ>{uEc_L#sb7B?
zK|x`m{N}{<(6pbMo5%M<X8X?}QSaN^J!d{}BT-NeoKhdF55yANuDITTgU%%(Va(%@
zUx>|<jD(2GNE_Y79`kv4n3N!e7aT+nQ|RvOi}dyN<>?Jwm;6(^=+M&9;lWEAwDX)l
z&(sxFVph$7?_P9pj)T=4FRdPZ79>gWMjL5T=U2MC)Zee4Q`G^6hQmWy@bV@T-&5;1
zwBxP55Z9=Ze}8SJxC*PEf+a9Ogu~%KKDD9<C*U4JbjMSI|FNp!Gb{<$=VfaB(vgZ)
zenFPGQR_sFLM*SWc-4AJbx4q^DV-Ctp)yc;8MOD@E$i;=WO92U<~}M@JanF$Tk%C<
z8a80`ioqk@bCjq~jc+ZlUSY!auVxzR>p!fXC;2+@_**ct#*iJD^x8EQNKuG15cY%G
z2fmC9^}IAxz`cfQ4{P7?^wZ8Owp*|l>UY0<`J!!N;`nnlI4J1r;^LFl<5f`ZKtif0
zZrx`HW?pXd*0eG<!d4U68`}=W94encAe`dmRef>jNfi__5Q@hyxH>yy1C;QqwUFZt
z1@3Pwe1@p~SiEebc7q<RTc~e*(HqiCW}93Q&u{qRtn7>oe!AE%jUm!d=P=01%BGJz
z?H*odRe_p_62%39YGh<&k1FxzO<E)hYO2J0_oAWFYwqjQTRM9*&aVAF)G1%bU&REh
zO{45P(;!!y9VpH*EcR`Qp1e;n7P@o(=B-;Oc6NI7tT+)y*pYRCRVzz|Y<ZrShfqAx
z5=+Vxk8(SA6Qg2c4#~1Oh@<5_Jf0fNO}Y^9P>%DMpIe>oJ(Y*UW2sJyi5aF?uAV$m
z4A7=FXMGty3eGT%)#-~DPkK*wG(#4SKtRSbP-ArxWi?P_(DLm0)IiU!z6gYDgq*!S
zWc5&piiO0dd?(cwH|~hq;7!fUAc2aKZgol*b3H*+**f(3NSBxr<@DaWhfkh#m288h
zCZ?x5f4HXv)wz_>fWE#ybLj<e-q-KmWlS1+Tv&MN1up@fmRqxltf2p6J<leKQlY3u
zqC&UEsT&-XZ?lo1W*A3=lPfNZVvV8Lkw+)eaF2cZ`Vw6F8P&wZ#AC-x)5KiUdU1s?
z0j8o@(^)uoLE<NDH~hDj$I0qGp;;yV?3>Tx7fJO@se#^NtDYb4k`faVzD^HZanS}R
z%Y3wyOX2#1y1LK3#W{J9GrWp9?7!wDB<ApEwu7JDo8rLD1G?dJ_4nRpP^A#F&HX>?
zUka7omF8;)Zd=f^L#-*{znGC{6j_doBw1$v8TFL#hYwFHmr)@&F_=U_cDs&N5`KeU
znCwi4Pzm2cgvZAphAe;K&sa#f&(Q`*+hQyqdBJ!a*JW({NK>6;Y>j1!geV<T?`LAd
zVk?}gV3A(ld>bCqaZV<1g)&bm&a2Hio=sBs@l{Ei4nKIzMw0(%AT?yzm^w(BQb$^E
zvpehTY<Gvb`6a!xJyvPC`|Y@WwUK4WK<-An<^G3<Vs2j~>i2)mQ49-O1TTp0&Kfld
z2eO}cz2E3RDW<kjT+{jCBEhZV$Lf_!6>F<bniW4JtS?pkV17I@8aTzC9!8qm#!<99
zM2SzO&z^mlhr?&3!zU;xUI*2tNx!O^TBjRiT*oTEeX~w73ks652%KQ5`>n1AHUX6`
z8jI~KS+96*@@q8pGykVDc<4?>P3N8NNbb%L-NllfcfJ$3JMY+J_?>zd;sX2jQEUDu
znazfdkx>lBrj-;A{7gcxUX_6~@;BQnV-DE&ic<{euCp>SY)8+izl5CG^;!Mv*Z8fi
zt>pnsEDH&rlm5o}E#uCeJCHk*YD7rhA5>KIl}!2j_<Y@2YEljekl5YbeW6KXvj>k%
zVfRFOx)Hjw6dfFRuG6z#hl-I+!UOSGGgDqwl@{s*1cHf)N#)X|=0d&49$#OQsb|Ts
zfIYoko9U}@k+wPW&rMil1k7KM!e9ORpc&LFt&o0Wz_rA(OCN*cF<`E=8p*^ov5a<%
zm1Kpp@d*XV5c3=d{GBJlw#Tl=!(YGGFoV`#Z~xAth1q5g%#t)ltJv~=QZ;s)WN*g5
z;jg_i=@^uR{j(^sm_bqq`TxglOSZ!Y9-h<jn5X$LsCdfp66KT5tQ*pN$=`?PQ&mil
zL_GKH<&p5CtekNaGq-7FW;On^NZztn1`7QX8bjHS<Tuez%--XX3_wg^lyz7+VjkZZ
z>h%<-*E(93Cw7s6^ybxN#NDuM=7W7>tt0f=xl*EUG|gZ`HvZU{@H&NInBd`e?XvjA
zWXlKhA5qW8G!&GTYTuP!xP0T8O_;()>$-}?Pt=K(rB8wF05OaG*|PkrFTMQS-Y(d2
z<eu5*ml9qw9VzO5gWk@2(>7A!ji^e%w3d*n5$V|_ios7k;d~XN3InNq({1mc2Np|t
z(;5+);-5_BlYOynWyT&R*-qO>>XJv#DUApXF_U*~eSX+}Dis}RjOJU4$*HV&39rt;
zw5tEPqwpG;vp{H6zX4xQYWjsM=j|qhpWi(u{gwU7zf9{_=u4?=v2X87HhWT&v0oQf
zcC4nI-28f^o0)B{|1mze;z`HV!=3N-eMZ|^mj~~9QNxIq9{69ww9@^tRL3xwpv$Z8
z-sRKvVck}x!i#iX{%-zXrD5r6|13e;VdD@B0XM-NWai-&_R%}Crm@#|wi!YRV9du!
zGg4V4Q?qDftTYnHtN0r6%B=IztrrbmHIZX1a9-ZP;;_~R{6t%XZrhO#s@xKFiPQwc
z#l7Dx%bQ`F{u0$;vbD5_*hak?hhtCJ6-ADnZ)Jv|W#FN-bNlil0+9U&PoHWNOhZC0
z2xGB2mX>9!0hcb_SkAb9{W_W15X5i=-g_+oAmXEX?<6n3AKPOmIff@O(e{<~d`1a=
z0-6ppKc|*Ye}D3+edhCftxUPrR(gt!ETPsE3>!X0udSnl5=Fv&;ZgmmRUYH=NEG1T
z1*==)V^=9^%o)%vfE!V{T!zXr{<!5;6g~>P<u#&^&$M>Q<qcHr$qORI+q;YYoalyQ
z!oIw--p@KLvhsZyzr20pKZbFx<3*qHbZ?<-c*~cUo3K7xtbK$_fmd;2xKd6_tEpXA
zTy%V~EioW1;Xz%=w1aIt>*KzgQym!R3oJHW(UCOXw129FoYep`Gge5edZeVJeDbTG
zKc@>ol7*vADNR$xz#`-nZzX=}obqo{XnS5b%@ahtof}io)$y{H3F^X+KW82vJFnNL
zYgqO=DYmYA<bLfbW$hCvGH%qfw{d-`hU=dQ+DFEl)7^6~o}r2#4dYNni)3AJ_Apu4
z-YyueWs>~8BG|C{rgc`mY3h4qFztb&YBwg+u|Pm_4^g8g8DkG5{>d8vz4?oecKIkD
zNTg>Kqai3>XJEPJ+n$_P{P5%a<o9*yDE0LGRpZ_TAO$Y&1w<>h_dmaL6vGoMx$(vI
z-Tn5&3vO(86=G%&BnDr+*cP@>NjO|Epu&og4=52mPro@9Kym)vJ4ARIyL19vDLnFp
zjw-P(PbtTKNFZ`fr^1GsRzY5yg*{GPT>J~W<PkfL5K13^3WVzM^YTBbIUe}*qQ9_<
z($+NXolk>0e!Ixvg|ri+@IzgF_YtRWCv9Wt85z(W=a>(n_43tmfGPqv0BP;*o*wPY
zncKAJmlYN0S6~E}A8{WO<q#Cy9qm5Mk}SyeeTCax#*fjxVVi`(ia#-{|MKL+5&aD5
zTWjlc>Z4h^Ll%99(4uwzd6(uI3=E7mv$#@aSP(tT$Emqdv+*25ffmlDX%@(tnfa(Y
zG||n?FMjWgeQ*Bpu3&GH)v9)~q+>)UPrJsA{iJ3#12>9yu!IcpCG0yr&y9qc$?G2!
zZzYIXQ{KhHLXmSHI*y(aZ;H4>b9rLoj62q*V;_$4<10MGyUEFbe!n^_i$DNACWn`b
zG-PMNlL|qu-*aJH!n;j5yn>Yl+W~<rY^PS1Mt>h?VwpK6Xk=h<v-TlJ;`4chr0TcY
z$lgH{)0<zy_KbLL^!ThhEk!zs_Mbl=Zd!^h1GFG38D<1K_-&unopbL|@`KZ)g+~M&
z!<*i@lU16O&GEr9=-^8&ob9x>k8B7nqQJO<N)_F|_<3k2t*~%!-{m#4H{G92pha6=
z{ds^$1E5H2)`j4w0Y9ygD8NGbI=;7Yei#^te%JJi&`+?HGthC<S^c@vlAdJoHm_e_
zMpZ*m^BX<eXbr`kWQ&%0*}Zq)CW?69gM)~44%-(@s(#$Wxw6$Rn8PN;=y*ygMI`@~
zHgblaSAHf}ahiu`I^;neYvAZ;0|CR!7tNWgfmKo*8NRvWULTP$wyTt4SmAv9E?#?}
ze{C`TnJ~`{?ak_@)cVd?%nr$Q$&YaYctP?UH}K@C>SsjI*W`1MS>g$}(*gnvkTlcK
z(Y@aK`F(tH^7=ur!!LlsZjJ3Rgau#`VJ6Qg%VQYi4NR<bS6P;#{mFkn*xa&|{Y8V1
zn#_$kBiOE8ceLjHj|D6<zTb&4IvRH=D)*^Sfs?a_>HQo|Yn6r3h8C9lABZ$y{JMl7
zJAKBx_-QwXmwV!)JvBwjNAW?SCth}dTlNH2lQh&j8DFHYU~{@BvdyYo$WY_pOAzxM
zc+KpKaez0~FSi^@fdYep<6`W`kH$RrRP_xF$q|6)=IHaHSXpl=#4uRRrn_6WC2-N~
zzvA#%c^O(z#2Y7;{qy@z%_|Q^zyDr;?9au1;RO4H-QLBfrolVeG0tIGb}LmUXwi>u
z9fR>-KYF$!XpHVa;@fnw@vQj6wUwc!e3s?ps%Rg^W3&W(zo|d6aq4^CY9Ad0oD7Jg
zlZ?Np5+P3qaNEb%cc#NgU%x+C@!jKW@~4)_OX})TkkzBnXpfa2mkM@bBLcDj%mw(B
zd=)C*=FhC+);2joyT)bPu^jQgcf$4$TW>5VbTo!+1+^dB-D%omCDN!(b&GGY>6wjW
zem0Cpz4P%_$XCC9mYQK&L?a|&@VUs3o$Z;}xgMEOabiFFMLKR2?f#as&;9$kL34%=
z<Cr5{YS>;@V9;=mr}=r0gx(Ka3teK5mLv*Ive6klpbDp;X81ahY&p0?(Fc%FN~a@r
z;>Ly_%!l9fdE3`|D7q7VuT9v+a|-(}ngeh)4i&MOiG{B25ys#9OIu67e+l{w>CcJ0
z(aKS%3*7xRWL)9GBE`$MHYxttz(Q5-*L5uoi|(DWCV?n&1nmDbySdYYi8zkK2nQMe
zu4M!4%nTLvZ70ix+|%-d#bvn{nl`CI9-&a$4D7t-zlu-GH)dyhTz~C=oSCOY_}ok0
zq=J~2p7ab9ZGW`@9UrA*CB@4PA1#_i3`6vl-TBll<nmD{oj*I0rb5ytdFf*O`A8Lj
z_LbsK#zF0E(!j59M8N!IO4t^){#duNziZrxnd7`;(kziqqVhy(Vc|6Y`GG*=;8>Ml
zHv#>Df!oH?tr<6si*;Fx<o3SZ68u)teX-)*3anvz-&L^5;V5bU#gw%S;1}n=)byR<
z$o~h|Pm^Ho(={+KU>0>^Tv`00w3%dDS9Mo33{&{5$e8&=$$RFx?37~NIim+B-74(7
zkyc_x#>O;&b8qeJ*Z_!i=EBr;Z(fTxq#Nf$7vQGq`-O5tazB6XEhPp|G1Sh@&VQ&q
zDckx+Hu_?iBL1QE`fTW2icss?jT+uczXP+R9AR##toqY4N#avn-XDy)pQ~)|Jzv>_
z{AsRQ)>+q4UI7ca)_g&>XP0BkBTj7;^~)b{V$Gr_lYnp7{#RI-Y9x+c%)LgsI_J#g
znS=%FSbDZ{qer6v4_#+qcj~L)LQtc`R5~)HhukRiG?+Lz;se9>vHe=Cu7g<*N1HPT
zIHY~*m~AK&<_!w#YHNkOC)IuSeSFhPp}N)-#9&Z>&XG#tmr)0gdaSP46{M%Re7KV=
zsA$tnq3nLl#sxtv<*m%2?f*YyXbl?};5@Efy?WKf@a$_-;P;}eTPO?C(@Wjr-S>&X
z!5Xad?abbx)&;7rItOM8^)R+=$ojpF&p{N98jzezRs!O43XN`o+TW&mcU!_+hH7^3
z*ex?>lXFixGZ&^cfK267HhffNaA5Ypp<`=VERBJEKc>83@aH8Yn9piuJ)f>QaNq!>
zag3&hhR3q@eawQKp^p5TnSd<#Jk0NwJa#y;sB&P|*D6->u(H9UDzyVn(d2*^oayYw
z*(Q8?W_RdXWaRqEF(6WbehF^B9UO3FXJcV{W(M<u?w)Eiq<^&RA^W@A4lXW?`R<>q
z=xL+nABXIg+feB@f`ha_>rW5bk%l|-_$bH|M4U%TI?XdPGnvI)nEMwNj#c(gi#n7R
zJ=<D`l+N)%vF_(O@^xVUG4>tIfF3*?+m;~G9f7L$&Drd$x#Glw2w=AWk^-C$1>5<D
zvGrJ=HHd6CZM-T8B+>1Y7j8yHQ3eDBwS4|;Mk4_9F31#`fmDn3n|RMu=Wb&OY#W@B
zv^U)#CLk5d{Sc#_L}%yb%0u^pkSM>UQP+Xm0|4XheyW(BnHH+4G%)-MB?Oy1v$qa~
z$-STleA;6`icQO~;i(P+!Ui-GxTglrBOts0RQ=Fz!{Py;ty*j(B_(MN9a2zIq8c6^
z1`_I--7TS}{4`51FJXk7K=OBDVtOL`#jDJ);2*18SpnP}hkR;%ZYU3+O$3siJ?<W#
z5n4*>1c*@p#8uJMY|Yn5=S*&gFGK)4)%DQzc5Lixh)Wt_Nxyn1QLc7&cARLJk58Mw
zO^`SE=kGe(o(`&&(r^+z=kF1+$hI$e9dlev+n|tLH)42<V_SBFu|kjm9oYdG!1}c|
zkO%pO?i3dn1KA0%4kFxn=t%_817PzX6B9t`-noPB$j;6_jBWuSv}a%dHljXob$K*+
ziF7&f#tqcuK*qhq_6dLtVm$Kl%Nl>tB0!`;g}w&BCn#@#Y{QWlJ>t!qEg&0_!w2kc
z{q(LD6%s<0n^xzGCj-?6oLnO4mVm)CZwO*)Zf@p8%LH5*;jREAqs0t|o7O4(<?8#%
zL}fpKWo0AObzlzkPUqMzN7O!fqPgS=vx&{&%mtX|$o~Gm6hQ*^7FPcO@Zl94Y3(hD
z2MrDE_^58#-)w*!a-w19K(KLe=y{oW&5@TCoOgh}ks%TJfc(q3BNJ6lw=l<&CW4Rp
zE;|x*k&mx<EIaOb9Ea>l)khOd%5iZh9UjJlsuj0#pg|jC3BLYwm5UpG`ui!w`ZE9T
zU9<Ph&qiUyuDsTcs3onndKk`jtT6<*eOL&kw?1sLq2^1m;lRCg5%1o+#|7IBavemF
z;3vS)DN#B3`ARhCVG$es;m@B@Ab7cybmm|m$e(icp1de3qQ%>ONM#Tg7ay<nQ``FW
zi^Od3@bM`C76-B*Phcisf^b^if<eeBDjoo=?N-&Wsff&r__x(b+I|zly0Y7R0{iC}
zS<=OG#V&Lf4S}T0o0vns9)0Ne+LQcoPT@9YTC`K8DbJyL$TBm78P|Njx6&g~0+x;Z
zGKOYm#oknp1Uoail9G~szB`-!a%AK(;TN!1I6QD3^2Wv~T?QA@ICIajxM(6%B|N`*
zPtC;VV9;_)62~+=p0)noUoWH2@*JNuU05HotS;if*dMYkmdm_*_w;UhWE-aq57D8~
zc*k%G`w-#<zF||e2V^F6#Gr1|`H{NgaKNS3#Y8scdCr|fbrGLC(bv+^(tg->Y&FEa
zK1RSp^7N^K0EI9uh0FOI$x|)NC=UD7?>C;1R}OA6hRIX00CeBicNFpp7+aKPpMGOI
z$f_J13WT1V0=qnNgA%kPpx-_A!>h()19w#Q;?`FRNcFybZH|N;l>Yz{kigZ+oRSjt
zEff2h504NotaulU(rfTP0kV*sP)Ey?{m~)uTL>(>#M0P6R+D$*8TtCP0}{a-{J_pf
zcGWF47JCClRrqfDoQ($kZ3vQ)1)D`I2olFnqV>1o>0PPR3&od-G=ReK@bZ%Pu;QWU
z?OIh(P>9B!ZoNj#j{?C^JPt2Uy%1k%)af7}<F~rJET^x}sLy-vP5Xh+TBpg<>Jn2b
zRyL@5lq>SdMSG+*g+Ngk!@%D1F6pd}p`rb{)EiI<5FTzHZHeXO=f_)F<up4wRh|GU
zCP+5UAs%&(hes%&@O~*tht!j!;Ahq-%D^T;0t^98K1#-b{$_KFw*SQW^XEPM{fFwR
zRl(|xoj0Wf;xQmN`1@+NZ1oG;=anUea+i&bd3Jlx0A0P0s63P4z^hFGOB2U(qQpsX
zsw?wVf1w`rkID|wz!lr1)*nxs<0FXyAD@x?f-t3VXHi-`Ljr|==*?|SAe?2SJy2g?
zpOBCceoFba96IsJo1092BNr9mDI>$fw4`ST26BNw1OaX<8eo1<=)gNBm2TiyUwDj@
zQ={z7pq5&!zI~&Vo<;a|5$@4OPj7Do_*Us4(G(RAB<ipkq^Ci}DtwHz;{=BVPA`Zj
z$iyz@DkeU|aAMEk;G_ssfoOI83;(68(dWPvqIq~|fCD^so^|?yHyb;9C&cvX>akE(
zAZ9(*oTj(-cb0q^96BmJkthylK5b_(yxv1-%dkCBqRP}%LPPN8HDW?`_7dDTGBUFC
z;#@CBr?J$2l+a_p$qp8N<EJknH8=$rGOU(2&;p5HInfsf4Id2J^APzh8_mmNe+?8H
zMNddVSg$dEg1tWp20}wa)8hz~G7Kxg&zCDqKBaHYjO}gWYkd*o4GL=1&+;nrN-+hT
zEy#g_aHlaCouyc!7{>6y#>&bybAjXgmn|*hNdmo}-`=FihFv7mScbW7hddKmzrS^~
zCBtIuo5bzY`MEfCFfw9%B~w8q3oRM~$pGJc0EjY?C@{u8{Rg2S?2*G46cqHN8)|D`
z@kNpa4aLiHxoCqB)ql%?mt+8do3qz4s9*h$8>RIm0_iWaLDH#xKcDf4d>ulO9G;50
zRY_6tCkv|e*9ojW9Y|N$R)!%Mk_dKJHvH?i$6#x~6;xG;jla(b-dyAYh6x{~b#a?A
zd{zH}VWEDD0j|z(LEggRBq(#r?K@B8WD!MiQEwsZoPwhP8S`BQi{Kw^iIC~|v^irv
zzr$Kr708v6s3ecC4yvj*HOZbrj+0|ufi-v_aPAyVTRWjE_!~rYC=V&AsJ^AUH<kx{
zx;hYhG;k`@U&y{AWl9V@chWF~OARO4-`m|9PQs}j4>xXE?zTMKm@O{5SiQHB+$8c5
zs8R8+{?Z`}l|#$LmV2s%3v{L4V+$f{C)Y#V=@*h4cPiXv1K_4qK079WslO0_+zjNg
zAmo{qS&U^Wn46n}b-M{dM%EGoL5%}W`%w~PBtm4s+sw}H(WTPd+?I!i78Y*0e0+S^
zLXecC^{c9?W_<>(FRlutDfKJw`TTyT=9iSv!3o3L+vkr;F`G^`es-L`FuOB)VpuR_
zlQ0(g((>xJmYvA;H%tY=j=b8dXI~#&j_A1R>+8!5+XBSGmE?)HZ{I4MNxHEz#k?r^
zuZw;8{&lSv<TfcnR@X-93;FMXhKz%QL&uW+)t;hxK$wv7(cr&BznEZh_T0IHw9({;
zj`7Q>tH%nhe9>oTXD1yg(43NZ&)%Vf<NIiVdRcI`4dkL>@)-z@Hka@7pDJkR>ED0?
z28l%eDK^2)04su`-2fht6Qnn!JR^dF8bm&}bQ~AiAPM(Rd$#b!@^$nk^-&6p(Su1X
z;?b`ZsSB51c#whMjKqk1U08?%HkYJNVV3sehg|vRpqV=tFYo(t#Si?=e@Bl&djD(m
zpp6Mb9UtXT=YMS)ktWNf8GhKdgYBPZ9EHR7_Zci$>doVx<9p4o@vw>8N54^S$+dR;
zbG!0OT3Q^-wEay`ed)jv@;LE#jwzBanuv#%4xbT&1ZNA>r57GB6~sj&!y}1$Un%~5
z%lxNLk-vAlfAgo&_U|6_B)`gOGx_!JihXprM!cT)uRV!Pjoi8QVtN0Hb)Ps9al2Hm
zGaGsKCAF|U!`}_O(FrtC-00pA>VF;Mj3Cj0wcvk!K*|X`743f?FL?h?|2aWm9Xne8
z<2f4O`S)kC_dz_v_4Ust{ChUnBWbX#9Bu!e{Qud_I`fp{m*anL#Y2Th_J4OI^bjw^
zE++iXZFGTvTJbaD-z%kOZXRp7zmoj_$<5&;E`v9a3KFIK?;8b`sy%i}&Je|NBlzf<
z=?fMtOwlDqmeF@;Sai?v4m~*#6!h!z{o2BV{>rys_eD{T*eNQX3jQLIX(&Uu{cf&p
z{#Mi0AHxPJufrvut!?%;8_p3Acxl^7aZQ5h03jQ2C~Eh{8^2PRWrBW(0I(UbQPONz
zIW?6Bh|Z7Q_NKM2<E+KlJ;0|H&oKffZr~6yWpx{%VAAQn@n@;@7;HazNdlrC={2q0
z!0FZfmU_FaVPl@G@&tg4H1U=BkH!HMeZVcrg3tz}8m?5xPfu^=^z!fL>7O6A^SI#T
zH!o+ULc^Pvmk6+K-6`eV`Mmh>MK^>TAd@`%Un%Yim_`BI%>{^~V&6SJ9?MEvf8{v&
z>-slmOU*Q{5>mK!-<&1+gOC3#+Wp_d&Ox|`_M2`Zm+Q{#ni*Uk3BGQ-VvCToF=xAr
zFMz~+DzMbi5w3Y$aa0w}NJag9e<>`UI_YfQ1_<Y7(kg^WPnf9n4Uh<tf^Ps^i}3gz
zCl0`FemW}&SRW>$fYfk(O>>vuoCpXhz`1}KrPp_=9}oL^<IgDth5ptX!O-#P0pv3H
zOJi32b6=43ZCd_j0<Ph5!|=`nQ+i*uLk|q+I-Gfk&!;AEmnbKCa$fvyWmO5A;RcX(
zx0xD|bs+Kn!-s^qA5$@F$rj|xdPo*2#u2S-fFuV?0P(Ke*;sG1cXDcyWi6ljE_m^e
zTOpmA^wMi>-vyhZU}pfIv-*(2pn!W=Q9uI_WKQ0L2b&R#Za)HpH?!UplrUZ+ighwG
z`8xA0HvOdX3SDKjGVOeFS^EgiK#u}3&C3^ghsHN-C;i>$4xgXLv;X)E;OtU6XE}2X
z^LY5_U=abBH86Aj@Qm&NO2KJ!k*VwHT_yZi;CZC_fCYk;^H-pNyI=oPHGJsnB?G^8
ze)&IdHq5D8>wvn8hlawIk|9w>{7LuWD4;~9pOhUx`Cs7C&d!!K_&`dw(*s#9xc}`a
z$>qAdfB&8{=^b0c335^tbdFSky%M$)mXY+3d+azH`8@v-*I2g}!8~U2XCv<6;<6R2
z@bX*P+=}On17_7|*i75@2}D*L>Kq+|5<w?%xuPR)bBy{W&X)7Pj5CAc)83Hfad|R?
zkGRMhgMetyN^3kdLL^I?uvL`0<`YSwTv_I)bA)Sdz^FGXdrbN~n*4o^LbO`gJ$&2d
z>d~$QW_omHCL;XF%E~AwD8E^jkbSNHd8~9!w)Hzb&(DXU=}%cLV9*OSHQEM7($)*+
zX*@f(4t<BnaXpfFtLTzm?$?i~ho!faKHQ-(Prq=~-%#Lf<tJ?7^V8&xbGak}+NrN^
zEo)AlT38{{;L}U5{QYmV5OKXpx(iNpT{S6E_^jpAZXLB&{(nP09|-qmZ{syAgG~Ei
zg)CuK@JaY4H8zHC<M`0$Z)Dp4SGedzH9vKG$-l8D^%c|3tvT27%!&Cgw?DUE#B1!D
z_}GqC)*58rI)LKx@77dyKjD4kNdRY^@7yt<P01eV9z;NU4v2^Hd!9Xew!HS(sWBf^
zYKovHk_tP4FZG1#_R9-T3KkX?AQhN4sVg%6jLuqm#>L^~J(H!J*$zh^Tf5=sC{$5b
zM$5pbrM%*rcfINF@m<`9ZAthBWEck!P>rA1y(|MzLZ_*yTP(mLoM^V8+B@o{h9s>l
z6qW!l+LyB0<a@o@{}yECLVf-b_Y0}H3nGtC=bbv+J{d>sNlc2)|6J`cu_yHWezIgx
zQYx|LM?@?QXenEoLPA1NCr;2-n$lOA#{K#gRASi#DJ=+`H|t71SGz|NL8^viW-bs9
zS)Uz%XgKo1I?S`-d{z16H)WN}mE@T<pZuKh4_BA&-fQpCHJzW<AfPAiPz#^J;mrU(
zAkwgkxlH?$x;>%*y{U5fM2?pC%~tCHm^t{L5i4YBv3lAK22Xdimph+AH@p>S;<zqw
zR1<?8`VM!Zz`cg<H9)~Y+tv(~2#Sr34&4Gm)L4PXpqz&l0AdB_=m`BV(*CozyMcF^
zfA@Dk=`W{lpG><~I9;Di7*fIq#fv`r(hMst{p<V{^pC&y?qNnjGm!sv1v7PZIwB3I
zTM!7SwcXv_GXo(W|7(z^B&Dmyf7TfLj5ZNAmGD#?WwFwcUot<l?->dudcLDbjo=iv
zd(Q~i3)Jv*pqG^hTH^sI5k%!SK9az7M(FdtA#rSk?vv`E-^54lX1iIDdRaCmZtlHV
zulh(eyXxf`{3&MoYJx0h95Gf?ZQlWNVsT0~>``jF2Rz}R4IaS>zz#kNsEh{3G|Xw}
z8W2uZcfdzM-E4IcVsDmtdDDy0W1r<#Rvr~Jc(G(2I85~rmDuYjnk?{b<Nd_#P_-1|
ziysjkuQ`Q-H(Wq?=i~1`r?CU@Ka^2rWkZ27fK~u#1+_ZB-u9MHK3bZ)-zwG5^rDvh
zU2))Y^Z|-NV!_yqq@}A;obW)eJN?mv$ubEnG-$vR0Q#WR%#er(+1Y@Gj&R~rmrufo
zmw-M(TiZ<#MS%nz0LxRSPvhM`0a!qe8V7|fB?!PiCI3Aee2>a3V{T#}_pCqd`L^-3
z)pz%4u()4|*{zDP&|9?~v7u9Eb3-2|XG=xI#_d_&Y2!aTS(JGl=2N1D?2Term;^)<
zmI69#5HF!bhL#REj-bS*K({~_!-MMi+FGeU;scs+AW;O3<^`WrzcH*uo`~&=IWQfx
z)-yktksb5MTNcR>`=K{4>UWl`PtWu!OnAcYuiU_M%?#^sqsHlR`MR%YNF?zb=<aj0
zd7$&*%HZmMm`ik;2=`s*{cBIYDIcr+Elyw{(!^A|Dk}FX_%O-JH+OPiwkv-lP~)R<
zb5z;N`0mSo?`Q7?-0>Xhb?<#}8fMixI5dDnfsif+N{95_45*i`jMfL*H+1dq?O?#t
zV7J}=?zUOZ*Xc3spcQJLdyMHLv~DAmD68#Vj|RuXZlkZI!?q~8*rgnnYw&AdCXzFV
zII9kfa+6}@os?p~6K0l1M;RF@ftvxDW%@2#r<O?m?92?Q9}p1Ka-SL9r0l7iJCP<`
ze-9MXhl`hQy<eT`F)+3ElWqu;CDMp%W{K>OZXU?nm8tmam+$S+TU6W_qXm(wMs*pI
z^Z&<V$bb0ora-Onpg~~aC)cU#qk5as)kz(p0;miAS^u!#|1qvJCn3j@{AYsW!`Xx!
zZo%V4H@zx8AKuvjKqKUP?Wb<;+^Md<e>ms=?RNn?)iy9R?*C9`PK6rZac>+<-;j8`
z+3GiE80rGcV*A1Q%MJ61>1qe<Bi;j=HgoN-BmZYGvF0=1S>=EJV+_=ZALa*l3uwSD
z#<8I?!|kfR`K~u_lcTsW8?nt(M|!=J$NqA!|Jz%g4tY-Ld(Qts(C)`vzm>WrIeg0Q
zuQ?ToP_}c)0#*vPr-?M~8kxKu{!oAZ+&rahJ@$L|uzoxTkb`gI%a_9Tsl#NwPJfGM
z?=$lQ;#5ZIwdQN{%A*JYi+Un-PO(rkuptMJBS=6R>E*$L2amamSI{jTCe>JI2DEjF
zed@+1Q~k@0#KknHTb~ypU;FVW*@sGUzv*|@t^9AwQmgbFVsxY_ZXEuNK)0lXC0MWV
zm0ba`G*z-$;5o7x){CM`8un*Uuu^dVYyC?bL<tbY?mR*E6_mvMU!3geM>%c-lzWP8
zs8X;OfDsift+yaaCo#t0B2z2B0PP2Kz>Lh`$B#VqgHT2BTM&$v1as+0qcrhYbLWY>
zr3f6RL21J?@|t&-RGLER&)Yqsn%V|M1RcASK2NA3o>|I=XK-&qkZMXW?n0+8ejeXp
zAT2uhUv)&w|8SewV3R>0PY(Sj7Zu%86|&<8eu>%qI&dw+mCn$za{zirp%o>syj&;c
z39#_c><U7IX!(fqW>p_ugZa7d?~UJ-mzRgg_;q}oYc0K{MSlD+P3O<MM5y3hbvX+Q
z3XoZOHM8^x&?x{C0T_vo&+|8P^Rs)3{W!eK0KaozU&0Bd8;fTvDLyFCaXdL%d;Ktn
zo6jh)sN?U8{LtV4hLvKObA~Lb-UIMVLd0p3G0vYWosSb~K$MFI87Op`(4t!)Akqss
zZ?8-M6+j9((4Y5pX67J-FPPQW-n>!OSJ17d0IiW#ZX>klBNJqw6L((SBXzL>;nvb*
zW@ZL-5d*Y8+7bv9h}zm(AZW-zTOlY|HYMN<Ey69KB8<=!6H-cx4tL%>{`e4jm`$fs
z*y`73?SaAEx+h(W3l*ZyQFnJq>)h9-61nPoAvE?@*ar@ocP<LBA(gHlpW+@jL1r<U
zJ7L@c3U{FQB-C=w1F{Lu?f8DFVKHzz(Qm!HyhzQsKsZCY=M4M&caqwP#8-hE#Nl}a
z1&`-<r->edhz~$Kso@jEtI)Yf1?qihtF<Aus3N{iPdk(V3Deu#3!S$BQ_2BP24prR
zObMFPuWpX`iv?=2)ySHgjB(~}N3M@H1P85J07*pR0QL$6JDJO%Gn*5_U{+RE(CSAt
z@r75IXAvj*y3>9CCgb?`e91i{+OnJ)-iEdy!B(0od=Ws#lHT}qKF&V!=42VK@}8(@
z$S)tLPk}c93BB1?wY_-<^dBJ*Lr*SKpvHH%SKHd#DNtO{Gmrup69+yDBBs@!9$AoE
z9PAS%7^@~#i$@|5M~q3o3!tVJT_FtYowVQlOF%Pm_${d85eO?QD^4_Ulq7BsB>Y<}
z61=>$(B=Vg6%bmnKv}j1S#zB+&LeDWE+0$|+lUbQp+g$DO<FWC5%;@fs%X&Ra~sDW
z)1t4p66t(I+h_Y3e=H8)UTnQi=9s<bOAiG2O|794jFi@5mutZ#BhzJpie~#)*XiNl
z6};L{6K2FehxVbCu`x@DS7d8hT#nApk*1}`x<X~HZfOT-LYq2~COd3j@-~O;6YSs|
z@S5@|BxD<jhm#RK6$5=VXOhUK>Cs1S;F*m!28=9c_yzxxV;vLIaLj&Dp-7ms+suDp
z&PvJR&{hH1JECDPj`-ATLNzncg$Zw7*(70rM5&3kf96Zh6S#bEy-%sG`u5q%l%I=r
z4rQeniM>m+>|adw%I(~RS$)9LNmPA9@hd9T|0L61cum}F4iv#D?C?MSL#IJDVbzmk
zkEqSBeEysUhflYURfUPQw6q98FOAhO2sh-`N*dJ+448;C<>lprjZ6r(ravp6%d%Di
zipu{EbnjI*+c|a>Xk|#~Y%zEOzfpYLwwUu<(cYWFYeeHB6R{s-3M=m?w8cd~)xS9@
zdwYP-kkeyUKX!BF8gy`5?8N^LCv|cM2Xeu?B^Kr6gs?5L+59u71ubv3l7E-gC~rRh
zzbK)gNqA!;`R8|1OL$wGN`|z*o7^CX&2)+fjOzn1M4DU21qb<N^A`Xn=0uw}UNs3Q
zsj4!ZqEiKC1RBwa2E~R}zxVe@{If^v_av>0q*m}QVNnWGXefkpo4-0#eun74uscYF
zDqlEk)Gtn~-y97NGOBZ6WMo`p#e@A-Hpz+*zCM5T{1Gl{M@{hYVf5`H`_wwZ@uH+V
z51=iqHdDfjvN>$`)ZeylDW?D0*1eYX!SFx2y5BSY>FU;8ev^tNbeQ^2e)+4a`Z~HV
z?3(7dXZP>6@5?*4fY05wX};T{4o$j1Z;#fS1k3}c*)p{S^qTQ=hs3UldJ@r3OG}Oz
zk5zGYF7EPK$hLQ3$G@)svzyP{$1Wlhn{jOb*Fx{hIlcUsLqkSW<<Lt;qDQkXm<4oX
zaJK9zX6qe5VGJrL!;8J`b4zpCNP3Im^;-v*x2wYxUgs)8^Y%kztop#n2&wOa)L;Qv
zHM!epz2k<M&=e>=Nq99Lk0(|&0ci?u2zro?T&zpW58MMn8=B8(ze_>W4fLmY%nhEm
zwX?$sB-;RJjK~`BCjDvx{Bp%pXs1IaKIPXyri#0t1gs(|+fKv?{YjW8@oL{g5i(b3
z#Ds#3Nb_&LB08db7-tJ@l_`?mXAm^U#a+f4FE5Eg1#@bbjV9$7{zVh>ln4$VJHTI;
zmhNFUNC)zd4mXaDR0{B7nZ*Z767SxnjFz_=<j(I1Bnf8D{c0z1lB*{0>lDHgZRUE1
zC=sN#K66nD1a$kL8YM(*a3W#n$X`NlozG2ON6W_F5bA(>n<la6`VtD({6vQ*ErGjz
z(EpWn;q#K8RQsRd(;%S#m6L}@<?-*Dy1G+hV#gvPB1ny>2n4iGAzPUp<)8SC^%3La
zhqiAASs=&vKgd2lh|Xu8cDj$~F*S(*$%uA!b$Wl1s;W@XnuB?*&%4~A;4C-<)*UGr
zAWUyuzQ3eGp;NgEst@BDFK+0%0Dcg{&6(YS?=)aT0-r6RgHFfT*uf(W7+h$d9Q`N+
z=m}_L;CE6gW~6FX_C1bWzeZF7X|=ANo{pZLjZaXRQ3#6-KhYx$6IT#P#Oi~U+`s8%
zp1OW=m_t@cOF5?ZetIGqv=I&uo8Gc)XZ%NJwK&$~J~YI_Lt#*<r?+D1Ejb2p3k+a+
zsA=C9QKf4Ml+)&MEQ$5xtC!7CfZvROwvMM^ze6j^E|N?Dnul#ycH=o@TcLj7N_w|;
zjb`(B-wiRMgqo;Y+>=RrQl8t-tJl*vP&nj;#bSWCD7JWIPLe+)pOY?*C>l<^f1e8d
zq3|43bD&`pPcV>PU0He2WPAmFs^Qq4;*JbFSlP!%1S$vk1rGNQA#Kl7ci8V_W}dIV
z?-xG4Z+)_t3PrfL+39w=%=~t3hRa%kKIkx(U*wYO7WQ+^t%88-<L=t?ypMHG1S6y4
zP(71m9H195uYJrycR|}g8dN1UO+=c%8SNze+66WJ=Bg)Q{cYQh{b64BGu9+&m+S?C
zIyhqxlYCDYsuB%0TA&QS5WF!>U)29)H26W0pVuGOgv69|yv4n~?R2+rtIsyfyf&aW
zXU-D{OB|+lc+^0;qM`zahlX1P00tU&SJcMo4u+Ez4oiY!u#VmZ`#*}f(y*qkEeaGx
z3JL*%aK#uCOEDs0kU<m?1O(d9G6~3NKq{z+sEA<*V~HeysE}esAq>ha4-^?h1(`%%
z2}3HgOe*s{2EyCXKKp(7aeth9?z!iloW0N5Ypo8qQR1^#+z5VM<E#$ty(O8<vW;-N
z=v5slYHDuox8QAG3%%%Xu3wQv#l*w_(pwJ#nhBSucfJ-vpiV+QyaVSyJT&B9JYJW7
zZT=&vLVR$S=~6-0>TLa<aoa(?fEg@p8(<&)g<Xwb>pxKQDN+C<g~P#Xhk%0#0Hm(0
zvi(etA&Klcos$BnK(S{t|J=*BNPx@;JUt+(=zQw^<JTe(6n<)T!BJx0KjbcN`FM<8
zHALnjuuZtHPsNZ(q*Dipii&j~HYoRNkK0W4lz2(^^!7%L0@i?D@%}3(g|ol}OC4~_
zK`wBd{`+ZSqZZ*z#Dg$BoeR47w!v$DBO81Dp%u7TM07av>xRk6Ub86yDcLW@?Iq=D
zIe$z}PSO|*ICb(x`LaY82H*n~7p<xMjlX#Mhg8Vl!aznS>gwOc3_GnMnNwUW4T(qb
z%4&oe)%J)WR$E&R=0#UTF!0o5N!CmLc5@C3Oob-_DNbcC?ThuH-ocoPuZl=%9{8D?
zo|(C2YHEtId}2R=U<iCIuyBDNoCU5GkTvSwFN?G|zPbRJvX;Z8pB&m;X_V=dcIHQk
zWL}*0#^o#?c^RwztF4+KKWPSN?mY-wfr}66{z0c%)mv~G`Lf|)(HDytNU#W3r{Hx!
z#B1N7CWysi1>{tmo~*1EymPTVl0Ql0yI+78jraNUi>Ij(*GU5a0CjDoiQ<58+1|Z}
zlQbyH<pDXP`g(tGG{o(2+SLL#>uei%Ft8!&0Y&nK)Ush@E<_{%;qsuC{ARPiud`B%
z9c8&5?q+wwU~jwX0Xda&Uwm4Ur0<zsIXhV`>msu5xmV>9cc#<mR?cRY+9rT6nkymu
z?IpWTpSx>#!954HzAf#~?^OsSWTuj?I<MFqom@6=_F&IDR<i#`#lOt_DAO9h4bDCf
znlJO!$s3>d-csnYppFY&T*ReSpwtL5^T0T9V+_EVWR3@V#WNHN!sT**&mvn`Sm2P@
z9LkF->gJ9*G{gXx(rJJfXSf>|H9fWPQa4M2E4*2<FRYH-SP-&d(C+ebG*ceS^-)Ys
zB0r&<pHTEzY^5Hb(#jx*i$)p4gR!yOSBt;`=56zb<0Dsec7ET;{WF+)!N;e1(!WXj
zM7|bo#7`bLEdfgt^6Me`3Oht9U5NkbR1SUnTVDN;fwFAP%#12zrEzYmG@@(O2gu3i
zekN69CD;)u2r75nxcW(^{0nO}P%z`8Nl}J-8F6uBfB#btEL90I(vJ@rJ-f1N*2MJV
z7$BuNJf15o;+3Fd&T*v25hsbSHZ^dqe%6b1-FEFaDFgY@9!6P@9*vJ#2G=Gc6IStH
z%A$+E-83=-B=vjfMPQ6@Jh%ZzG0&X}%7>o5m6Q@rtD{X!Pd7EWffvH-ckjdjRTGS^
z2?J7;N3p{VDpoSIf0{|H@*N0YcLo@j&ABqtA?7X~@^TNIPS<o)MGtG?{MqzulMJNK
z=I8w=Ye`{;s|+=Wa-yM^v;PqA1+jL}%8bFl0h<Bf>$x#TIo-F-Gm$E`===w^SWEdy
zqsHx(2%A6plew6LF)lj$waOwGyzRg_Bd#y<ED4FfD$9<C*u|o<r}mpYYMbL4sN=x$
zM}V-baEE7>h?bZ4IwBouN6cTl84yczULcF&S;mB{yFa4Dx6Uq4yY8eL^OH=Tl{QYs
zdJxD9+bdGLA)<w<DgJ`@CINofHrhV&K2kT}%Ysmf3E1QX_ttgaY58YLf%BilWS-aR
zd$7BrJv|Y%Iy)rtdvx?`bPXH<9ksKp-T6Xc`{lsWOZ`c)4Xv%WD}UK(y!yaOfY0^3
z55&-iLqaQy)##d)6`i@&pk~FWALh`giqEw+c-C3MN0@fBJM5lwypfT!tIes`37(o(
zDp5#AG86nf{+{ga>=bktU!Ll<4h{;v6co8M!#VL629-L$P|XcmoInXqSjKyrc(}Wt
z@Uge`+medlrRcT8^>0Vig$-W8vN?;l(mSFOLnaZUr0~^_5_*9~0)hWLJgelYb+B^w
ztv&i7?RqlB2qwC+v{VFE0GyZq?!CPRIZ4k3-v4q#N~Ej?jv}96(M~@F7cl(x^aNCA
zXJ;688yZ2XK`_o5%2va5)RBXOcQe%93|(%HrG2^Q+nai3+k`8{_?9^ZaF-6s%E__2
zyXk#>E_a*GI$NtrR9AQ^$txHBO|Pvr&MPc*2jd!_UhD1t4jL2tN<O15>nPAn(yuul
z#e6~>e;hN;#h~;UH0LpP1I_f|`Q_>ULhd`JXU(PF@+iLkYxgg)D3q{ZQ&W@aqc$`e
z9g5xdzORqdLp#UDvzVwNx{J65&Lo3eke_d`v-aLb>)A7uEHWmtl#U2IIC?|KK+@ZV
z2|gHcqvg~40v2(LhMHZ%1|Rs3jw;3IQ+dMf;t;oyxSVk3v4lpCv3uOi10D#--_HvW
znzqGO=}3f7ZSadBrluxF<t5A_bHlmy^`ioZG;!CbdJ?Er{*$M>O^oQdo;gH^Bw8)m
zjqy}wg(D8DA_+B}Z>82Wq7K`LU)lZpD51}P#@x8o*l0GDD--&57i{NZqgRo@z(9nN
z=jU9OJfLr+cY4%VLf4XLBN2#~PY5^~2P1^4;UUsEN2pay|Jfm&cgq2pVpOAt6i}5k
zhMmmi6%>ZQH^P@hFOUyD#w=xZ(a?gUQ4izPaFk54)(~*zG&R&urP?dAa&wy|&PZ;@
zzOWa|i4IO+4c}naCmyE^q`Na{Y$tFZBDz$n2BJ0JH8*z{jY)IDzVsL=Wl9XXg<{`a
zUA@7GjZM~LAVOgRw;MA$Yp}?1N|CIMgrR7L+_47QXHzOw|CF6wGiIxRo0nJiWCOWc
z!Ia1eA2U!2TVP?-ak^0XBA;_LKd`p8=Ix_uYA?}Bf0{~>G{?Sp9L=EpS6E1}ts?18
z<G#B3deZLi*q98t^9GC9yT>V(BJ!y3fdBn^Y3bR1u*#bEW9Xfc__uQfb==k`#l;bT
z3*PgCxb3sf+vvV~MSASZ+lr(Kx6=I@Xy`ZaM^sZ)b^Cl6WCe65mES%e7QOgy6Lo0P
zz~RX9d9K_N=VK2~UcU|?yqV3nCO>g+q166xeHoGlE*fHDV&w{(K%AB|W+$~>G1B`s
zTrUZAoFZzQa7%xGd}5*uDGua;kyTa4y085tJ!$a&Nn>)LvxJTg+vmMLFtvLz@#!{%
z{cBuu5v{E3FiZw)@s7^g7D`{gE&oe2@5Pe^U8;g^CM2K~fWz%lD3@R=3}|Dv4Paz~
z0-&OYpbyZV<V_=09UU5^SSuSL-EUT;y1soYCZ&O9&xnfJ5?ONwV$gFZ6`d3d@Dki=
z@km;QDR%6k#DMSng%*Ws<d#d`mX3&Dg+?>0sfB@?EX%x4n;<w5Ff+C=Dll{l{~vZE
Be#!s<

literal 0
HcmV?d00001

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/ancestry_query_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/ancestry_query_handler.ts
index 9bf16dac791d74..7dd47658bc4c14 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/ancestry_query_handler.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/ancestry_query_handler.ts
@@ -74,8 +74,28 @@ export class AncestryQueryHandler implements QueryHandler<ResolverAncestry> {
     // bucket the start and end events together for a single node
     const ancestryNodes = this.toMapOfNodes(results);
 
-    // the order of this array is going to be weird, it will look like this
-    // [furthest grandparent...closer grandparent, next recursive call furthest grandparent...closer grandparent]
+    /**
+     * This array (this.ancestry.ancestors) is the accumulated ancestors of the node of interest. This array is different
+     * from the ancestry array of a specific document. The order of this array is going to be weird, it will look like this
+     * [most distant ancestor...closer ancestor, next recursive call most distant ancestor...closer ancestor]
+     *
+     * Here is an example of why this happens
+     * Consider the following tree:
+     * A -> B -> C -> D -> E -> Origin
+     * Where A was spawn before B, which was before C, etc
+     *
+     * Let's assume the ancestry array limit is 2 so Origin's array would be: [E, D]
+     * E's ancestry array would be: [D, C] etc
+     *
+     * If a request comes in to retrieve all the ancestors in this tree, the accumulate results will be:
+     * [D, E, B, C, A]
+     *
+     * The first iteration would retrieve D and E in that order because they are sorted in ascending order by timestamp.
+     * The next iteration would get the ancestors of D (since that's the most distant ancestor from Origin) which are
+     * [B, C]
+     * The next iteration would get the ancestors of B which is A
+     * Hence: [D, E, B, C, A]
+     */
     this.ancestry.ancestors.push(...ancestryNodes.values());
     this.ancestry.nextAncestor = parentEntityId(results[0]) || null;
     this.levels = this.levels - ancestryNodes.size;
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/tree.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/tree.ts
index 9e47f4eb94485b..3f941851a4143c 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/tree.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/tree.ts
@@ -30,38 +30,9 @@ export interface Options {
 }
 
 /**
- * This class aids in constructing a tree of process events. It works in the following way:
+ * This class aids in constructing a tree of process events.
  *
- * 1. We construct a tree structure starting with the root node for the event we're requesting.
- * 2. We leverage the ability to pass hashes and arrays by reference to construct a fast cache of
- *  process identifiers that updates the tree structure as we push values into the cache.
- *
- * When we query a single level of results for child process events we have a flattened, sorted result
- * list that we need to add into a constructed tree. We also need to signal in an API response whether
- * or not there are more child processes events that we have not yet retrieved, and, if so, for what parent
- * process. So, at the end of our tree construction we have a relational layout of the events with no
- * pagination information for the given parent nodes. In order to actually construct both the tree and
- * insert the pagination information we basically do the following:
- *
- * 1. Using a terms aggregation query, we return an approximate roll-up of the number of child process
- *  "creation" events, this gives us an estimation of the number of associated children per parent
- * 2. We feed these child process creation event "unique identifiers" (basically a process.entity_id)
- * into a second query to get the current state of the process via its "lifecycle" events.
- * 3. We construct the tree above with the "lifecycle" events.
- * 4. Using the terms query results, we mark each non-leaf node with the number of expected children, if our
- * tree has less children than expected, we create a pagination cursor to indicate "we have a truncated set
- * of values".
- * 5. We mark each leaf node (the last level of the tree we're constructing) with a "null" for the expected
- *   number of children to indicate "we have not yet attempted to get any children".
- *
- * Following this scheme, we use exactly 2 queries per level of children that we return--one for the pagination
- * and one for the lifecycle events of the processes. The downside to this is that we need to dynamically expand
- * the number of documents we can retrieve per level due to the exponential fanout of child processes,
- * what this means is that noisy neighbors for a given level may hide other child process events that occur later
- * temporally in the same level--so, while a heavily forking process might get shown, maybe the actually malicious
- * event doesn't show up in the tree at the beginning.
- *
- * This Tree's root/origin could be in the middle of the tree. The origin corresponds to the id passed in when this
+ * This Tree's root/origin will likely be in the middle of the tree. The origin corresponds to the id passed in when this
  * Tree object is constructed. The tree can have ancestors and children coming from the origin.
  */
 export class Tree {

From 827e91c4474e8790374417d30b433296f909b110 Mon Sep 17 00:00:00 2001
From: Spencer <email@spalger.com>
Date: Thu, 30 Jul 2020 11:16:49 -0700
Subject: [PATCH 09/11] move and unify postcss config into `@kbn/optimizer`
 (#73633)

Co-authored-by: spalger <spalger@users.noreply.github.com>
---
 .eslintrc.js                                  |  1 +
 package.json                                  |  2 +-
 packages/kbn-optimizer/package.json           |  1 +
 .../{src/worker => }/postcss.config.js        |  0
 .../basic_optimization.test.ts                |  2 +-
 .../src/worker/webpack.config.ts              |  2 +-
 .../kbn-storybook/lib/webpack.dll.config.js   |  2 +-
 .../storybook_config/webpack.config.js        |  2 +-
 packages/kbn-ui-framework/Gruntfile.js        |  2 +-
 .../doc_site/postcss.config.js                | 22 -------------------
 packages/kbn-ui-framework/package.json        |  4 ++--
 packages/kbn-ui-shared-deps/package.json      |  1 +
 src/optimize/base_optimizer.js                |  2 +-
 x-pack/package.json                           |  7 +++++-
 .../shareable_runtime/postcss.config.js       |  1 -
 .../shareable_runtime/webpack.config.js       |  2 +-
 .../canvas/storybook/webpack.config.js        |  8 +++++--
 .../canvas/storybook/webpack.dll.config.js    |  2 +-
 18 files changed, 26 insertions(+), 37 deletions(-)
 rename packages/kbn-optimizer/{src/worker => }/postcss.config.js (100%)
 delete mode 100644 packages/kbn-ui-framework/doc_site/postcss.config.js

diff --git a/.eslintrc.js b/.eslintrc.js
index c9f9d96f9ddaee..b3d29c98664114 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -529,6 +529,7 @@ module.exports = {
         'x-pack/test_utils/**/*',
         'x-pack/gulpfile.js',
         'x-pack/plugins/apm/public/utils/testHelpers.js',
+        'x-pack/plugins/canvas/shareable_runtime/postcss.config.js',
       ],
       rules: {
         'import/no-extraneous-dependencies': [
diff --git a/package.json b/package.json
index 51a41cbbab9ffc..880534997cff0c 100644
--- a/package.json
+++ b/package.json
@@ -480,7 +480,7 @@
     "pixelmatch": "^5.1.0",
     "pkg-up": "^2.0.0",
     "pngjs": "^3.4.0",
-    "postcss": "^7.0.26",
+    "postcss": "^7.0.32",
     "postcss-url": "^8.0.0",
     "prettier": "^2.0.5",
     "proxyquire": "1.8.0",
diff --git a/packages/kbn-optimizer/package.json b/packages/kbn-optimizer/package.json
index c11bd1b6469332..4fbbc920c4447a 100644
--- a/packages/kbn-optimizer/package.json
+++ b/packages/kbn-optimizer/package.json
@@ -36,6 +36,7 @@
     "loader-utils": "^1.2.3",
     "node-sass": "^4.13.0",
     "normalize-path": "^3.0.0",
+    "postcss": "^7.0.32",
     "postcss-loader": "^3.0.0",
     "raw-loader": "^3.1.0",
     "resolve-url-loader": "^3.1.1",
diff --git a/packages/kbn-optimizer/src/worker/postcss.config.js b/packages/kbn-optimizer/postcss.config.js
similarity index 100%
rename from packages/kbn-optimizer/src/worker/postcss.config.js
rename to packages/kbn-optimizer/postcss.config.js
diff --git a/packages/kbn-optimizer/src/integration_tests/basic_optimization.test.ts b/packages/kbn-optimizer/src/integration_tests/basic_optimization.test.ts
index 2d0d60da1e4a06..bab47d4a1e412f 100644
--- a/packages/kbn-optimizer/src/integration_tests/basic_optimization.test.ts
+++ b/packages/kbn-optimizer/src/integration_tests/basic_optimization.test.ts
@@ -161,6 +161,7 @@ it('builds expected bundles, saves bundle counts to metadata', async () => {
     Array [
       <absolute path>/node_modules/css-loader/package.json,
       <absolute path>/node_modules/style-loader/package.json,
+      <absolute path>/packages/kbn-optimizer/postcss.config.js,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/bar/kibana.json,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/bar/public/index.scss,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/plugins/bar/public/index.ts,
@@ -171,7 +172,6 @@ it('builds expected bundles, saves bundle counts to metadata', async () => {
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/src/legacy/ui/public/styles/_globals_v7dark.scss,
       <absolute path>/packages/kbn-optimizer/src/__fixtures__/__tmp__/mock_repo/src/legacy/ui/public/styles/_globals_v7light.scss,
       <absolute path>/packages/kbn-optimizer/target/worker/entry_point_creator.js,
-      <absolute path>/packages/kbn-optimizer/target/worker/postcss.config.js,
       <absolute path>/packages/kbn-ui-shared-deps/public_path_module_creator.js,
     ]
   `);
diff --git a/packages/kbn-optimizer/src/worker/webpack.config.ts b/packages/kbn-optimizer/src/worker/webpack.config.ts
index 3d62ed16368696..ae5d2b5fb32922 100644
--- a/packages/kbn-optimizer/src/worker/webpack.config.ts
+++ b/packages/kbn-optimizer/src/worker/webpack.config.ts
@@ -152,7 +152,7 @@ export function getWebpackConfig(bundle: Bundle, bundleRefs: BundleRefs, worker:
                   options: {
                     sourceMap: !worker.dist,
                     config: {
-                      path: require.resolve('./postcss.config'),
+                      path: require.resolve('@kbn/optimizer/postcss.config.js'),
                     },
                   },
                 },
diff --git a/packages/kbn-storybook/lib/webpack.dll.config.js b/packages/kbn-storybook/lib/webpack.dll.config.js
index 740ee3819c36f5..661312b9a0581c 100644
--- a/packages/kbn-storybook/lib/webpack.dll.config.js
+++ b/packages/kbn-storybook/lib/webpack.dll.config.js
@@ -127,7 +127,7 @@ module.exports = {
             loader: 'postcss-loader',
             options: {
               config: {
-                path: path.resolve(REPO_ROOT, 'src/optimize/postcss.config.js'),
+                path: require.resolve('@kbn/optimizer/postcss.config.js'),
               },
             },
           },
diff --git a/packages/kbn-storybook/storybook_config/webpack.config.js b/packages/kbn-storybook/storybook_config/webpack.config.js
index b2df4f40d4fbe9..0a9977463aee8c 100644
--- a/packages/kbn-storybook/storybook_config/webpack.config.js
+++ b/packages/kbn-storybook/storybook_config/webpack.config.js
@@ -91,7 +91,7 @@ module.exports = async ({ config }) => {
         loader: 'postcss-loader',
         options: {
           config: {
-            path: resolve(REPO_ROOT, 'src/optimize/'),
+            path: require.resolve('@kbn/optimizer/postcss.config.js'),
           },
         },
       },
diff --git a/packages/kbn-ui-framework/Gruntfile.js b/packages/kbn-ui-framework/Gruntfile.js
index b7ba1e87b2f001..bb8e7b72cb7bd7 100644
--- a/packages/kbn-ui-framework/Gruntfile.js
+++ b/packages/kbn-ui-framework/Gruntfile.js
@@ -19,7 +19,7 @@
 
 const sass = require('node-sass');
 const postcss = require('postcss');
-const postcssConfig = require('../../src/optimize/postcss.config');
+const postcssConfig = require('@kbn/optimizer/postcss.config.js');
 const chokidar = require('chokidar');
 const { debounce } = require('lodash');
 
diff --git a/packages/kbn-ui-framework/doc_site/postcss.config.js b/packages/kbn-ui-framework/doc_site/postcss.config.js
deleted file mode 100644
index 571bae86dee371..00000000000000
--- a/packages/kbn-ui-framework/doc_site/postcss.config.js
+++ /dev/null
@@ -1,22 +0,0 @@
-/*
- * Licensed to Elasticsearch B.V. under one or more contributor
- * license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright
- * ownership. Elasticsearch B.V. licenses this file to you under
- * the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-module.exports = {
-  plugins: [require('autoprefixer')()],
-};
diff --git a/packages/kbn-ui-framework/package.json b/packages/kbn-ui-framework/package.json
index abf64906e02539..7933ce06d6847a 100644
--- a/packages/kbn-ui-framework/package.json
+++ b/packages/kbn-ui-framework/package.json
@@ -33,7 +33,7 @@
     "@babel/core": "^7.10.2",
     "@elastic/eui": "0.0.55",
     "@kbn/babel-preset": "1.0.0",
-    "autoprefixer": "^9.7.4",
+    "@kbn/optimizer": "1.0.0",
     "babel-loader": "^8.0.6",
     "brace": "0.11.1",
     "chalk": "^2.4.2",
@@ -54,7 +54,7 @@
     "keymirror": "0.1.1",
     "moment": "^2.24.0",
     "node-sass": "^4.13.1",
-    "postcss": "^7.0.26",
+    "postcss": "^7.0.32",
     "postcss-loader": "^3.0.0",
     "raw-loader": "^3.1.0",
     "react-dom": "^16.12.0",
diff --git a/packages/kbn-ui-shared-deps/package.json b/packages/kbn-ui-shared-deps/package.json
index 8398d1c081da6d..3c03a52383f770 100644
--- a/packages/kbn-ui-shared-deps/package.json
+++ b/packages/kbn-ui-shared-deps/package.json
@@ -21,6 +21,7 @@
     "custom-event-polyfill": "^0.3.0",
     "elasticsearch-browser": "^16.7.0",
     "jquery": "^3.5.0",
+    "mini-css-extract-plugin": "0.8.0",
     "moment": "^2.24.0",
     "moment-timezone": "^0.5.27",
     "react": "^16.12.0",
diff --git a/src/optimize/base_optimizer.js b/src/optimize/base_optimizer.js
index 41628a22641931..74973887ae9c1e 100644
--- a/src/optimize/base_optimizer.js
+++ b/src/optimize/base_optimizer.js
@@ -34,7 +34,7 @@ import { IS_KIBANA_DISTRIBUTABLE } from '../legacy/utils';
 import { fromRoot } from '../core/server/utils';
 import { PUBLIC_PATH_PLACEHOLDER } from './public_path_placeholder';
 
-const POSTCSS_CONFIG_PATH = require.resolve('./postcss.config');
+const POSTCSS_CONFIG_PATH = require.resolve('./postcss.config.js');
 const BABEL_PRESET_PATH = require.resolve('@kbn/babel-preset/webpack_preset');
 const ISTANBUL_PRESET_PATH = require.resolve('@kbn/babel-preset/istanbul_preset');
 const EMPTY_MODULE_PATH = require.resolve('./intentionally_empty_module.js');
diff --git a/x-pack/package.json b/x-pack/package.json
index 3a9b3ca606de6c..2d7cb148c43b06 100644
--- a/x-pack/package.json
+++ b/x-pack/package.json
@@ -121,8 +121,10 @@
     "@types/pretty-ms": "^5.0.0",
     "@welldone-software/why-did-you-render": "^4.0.0",
     "abab": "^1.0.4",
+    "autoprefixer": "^9.7.4",
     "axios": "^0.19.0",
     "babel-jest": "^25.5.1",
+    "babel-loader": "^8.0.6",
     "babel-plugin-require-context-hook": "npm:babel-plugin-require-context-hook-babel7@1.0.0",
     "base64-js": "^1.3.1",
     "base64url": "^3.0.1",
@@ -159,6 +161,7 @@
     "loader-utils": "^1.2.3",
     "madge": "3.4.4",
     "marge": "^1.0.1",
+    "mini-css-extract-plugin": "0.8.0",
     "mocha": "^7.1.1",
     "mocha-junit-reporter": "^1.23.1",
     "mochawesome": "^4.1.0",
@@ -168,6 +171,9 @@
     "node-fetch": "^2.6.0",
     "null-loader": "^3.0.0",
     "pixelmatch": "^5.1.0",
+    "postcss": "^7.0.32",
+    "postcss-loader": "^3.0.0",
+    "postcss-prefix-selector": "^1.7.2",
     "proxyquire": "1.8.0",
     "react-docgen-typescript-loader": "^3.1.1",
     "react-is": "^16.8.0",
@@ -308,7 +314,6 @@
     "pluralize": "3.1.0",
     "pngjs": "3.4.0",
     "polished": "^1.9.2",
-    "postcss-prefix-selector": "^1.7.2",
     "prop-types": "^15.6.0",
     "proper-lockfile": "^3.2.0",
     "puid": "1.0.7",
diff --git a/x-pack/plugins/canvas/shareable_runtime/postcss.config.js b/x-pack/plugins/canvas/shareable_runtime/postcss.config.js
index 10baaddfc9b053..e1db6e4a64f710 100644
--- a/x-pack/plugins/canvas/shareable_runtime/postcss.config.js
+++ b/x-pack/plugins/canvas/shareable_runtime/postcss.config.js
@@ -4,7 +4,6 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-// eslint-disable-next-line
 const autoprefixer = require('autoprefixer');
 const prefixer = require('postcss-prefix-selector');
 
diff --git a/x-pack/plugins/canvas/shareable_runtime/webpack.config.js b/x-pack/plugins/canvas/shareable_runtime/webpack.config.js
index 93dc3dbccd549e..43e422a1615696 100644
--- a/x-pack/plugins/canvas/shareable_runtime/webpack.config.js
+++ b/x-pack/plugins/canvas/shareable_runtime/webpack.config.js
@@ -111,7 +111,7 @@ module.exports = {
             loader: 'postcss-loader',
             options: {
               config: {
-                path: path.resolve(KIBANA_ROOT, 'src/optimize/postcss.config.js'),
+                path: require.resolve('@kbn/optimizer/postcss.config.js'),
               },
             },
           },
diff --git a/x-pack/plugins/canvas/storybook/webpack.config.js b/x-pack/plugins/canvas/storybook/webpack.config.js
index 927f71b832ba05..982185a731b149 100644
--- a/x-pack/plugins/canvas/storybook/webpack.config.js
+++ b/x-pack/plugins/canvas/storybook/webpack.config.js
@@ -77,7 +77,9 @@ module.exports = async ({ config }) => {
       {
         loader: 'postcss-loader',
         options: {
-          path: path.resolve(KIBANA_ROOT, 'src/optimize/postcss.config.js'),
+          config: {
+            path: require.resolve('@kbn/optimizer/postcss.config.js'),
+          },
         },
       },
       {
@@ -114,7 +116,9 @@ module.exports = async ({ config }) => {
       {
         loader: 'postcss-loader',
         options: {
-          path: path.resolve(KIBANA_ROOT, 'src/optimize/postcss.config.js'),
+          config: {
+            path: require.resolve('@kbn/optimizer/postcss.config.js'),
+          },
         },
       },
       {
diff --git a/x-pack/plugins/canvas/storybook/webpack.dll.config.js b/x-pack/plugins/canvas/storybook/webpack.dll.config.js
index 0e9371e4cb5e45..81d19c035075f7 100644
--- a/x-pack/plugins/canvas/storybook/webpack.dll.config.js
+++ b/x-pack/plugins/canvas/storybook/webpack.dll.config.js
@@ -114,7 +114,7 @@ module.exports = {
             loader: 'postcss-loader',
             options: {
               config: {
-                path: path.resolve(KIBANA_ROOT, 'src/optimize/postcss.config.js'),
+                path: require.resolve('@kbn/optimizer/postcss.config.js'),
               },
             },
           },

From 70d4eac30c381802d87a5112825699ae6cd8089f Mon Sep 17 00:00:00 2001
From: Jonathan Buttner <56361221+jonathan-buttner@users.noreply.github.com>
Date: Thu, 30 Jul 2020 14:43:33 -0400
Subject: [PATCH 10/11] [Security Solution] Adding tests for endpoint package
 pipelines (#73703)

* Adding tests for endpoint package pipelines

* Removing content type check on types that can change based on docker image version

* Skipping ingest tests instead of remove expect

* Switching ingest tests over to use application/json

* Removing country names

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 .../apis/epm/file.ts                          |   6 +-
 .../ingest_manager_api_integration/config.ts  |   4 +-
 .../apis/fixtures/package_registry_config.yml |   2 +
 .../apis/index.ts                             |   1 +
 .../apis/package.ts                           | 140 ++++++++++++++++++
 .../apis/resolver/entity_id.ts                |  20 +--
 .../services/resolver.ts                      |  25 +++-
 7 files changed, 168 insertions(+), 30 deletions(-)
 create mode 100644 x-pack/test/security_solution_endpoint_api_int/apis/package.ts

diff --git a/x-pack/test/ingest_manager_api_integration/apis/epm/file.ts b/x-pack/test/ingest_manager_api_integration/apis/epm/file.ts
index 733b8d4fd9bd65..3f99f91394d2c5 100644
--- a/x-pack/test/ingest_manager_api_integration/apis/epm/file.ts
+++ b/x-pack/test/ingest_manager_api_integration/apis/epm/file.ts
@@ -47,7 +47,7 @@ export default function ({ getService }: FtrProviderContext) {
             '/api/ingest_manager/epm/packages/filetest/0.1.0/kibana/visualization/sample_visualization.json'
           )
           .set('kbn-xsrf', 'xxx')
-          .expect('Content-Type', 'text/plain; charset=utf-8')
+          .expect('Content-Type', 'application/json; charset=utf-8')
           .expect(200);
       } else {
         warnAndSkipTest(this, log);
@@ -61,7 +61,7 @@ export default function ({ getService }: FtrProviderContext) {
             '/api/ingest_manager/epm/packages/filetest/0.1.0/kibana/dashboard/sample_dashboard.json'
           )
           .set('kbn-xsrf', 'xxx')
-          .expect('Content-Type', 'text/plain; charset=utf-8')
+          .expect('Content-Type', 'application/json; charset=utf-8')
           .expect(200);
       } else {
         warnAndSkipTest(this, log);
@@ -73,7 +73,7 @@ export default function ({ getService }: FtrProviderContext) {
         await supertest
           .get('/api/ingest_manager/epm/packages/filetest/0.1.0/kibana/search/sample_search.json')
           .set('kbn-xsrf', 'xxx')
-          .expect('Content-Type', 'text/plain; charset=utf-8')
+          .expect('Content-Type', 'application/json; charset=utf-8')
           .expect(200);
       } else {
         warnAndSkipTest(this, log);
diff --git a/x-pack/test/ingest_manager_api_integration/config.ts b/x-pack/test/ingest_manager_api_integration/config.ts
index ddb49a09a7afa8..85d1c20c7f1554 100644
--- a/x-pack/test/ingest_manager_api_integration/config.ts
+++ b/x-pack/test/ingest_manager_api_integration/config.ts
@@ -10,9 +10,9 @@ import { FtrConfigProviderContext } from '@kbn/test/types/ftr';
 import { defineDockerServersConfig } from '@kbn/test';
 
 // Docker image to use for Ingest Manager API integration tests.
-// This hash comes from the commit hash here: https://github.com/elastic/package-storage/commit/48f3935a72b0c5aacc6fec8ef36d559b089a238b
+// This hash comes from the commit hash here: https://github.com/elastic/package-storage/commit
 export const dockerImage =
-  'docker.elastic.co/package-registry/distribution:48f3935a72b0c5aacc6fec8ef36d559b089a238b';
+  'docker.elastic.co/package-registry/distribution:80e93ade87f65e18d487b1c407406825915daba8';
 
 export default async function ({ readConfigFile }: FtrConfigProviderContext) {
   const xPackAPITestsConfig = await readConfigFile(require.resolve('../api_integration/config.ts'));
diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/fixtures/package_registry_config.yml b/x-pack/test/security_solution_endpoint_api_int/apis/fixtures/package_registry_config.yml
index 4d93386b4d4e14..00e01fe9ea0fc5 100644
--- a/x-pack/test/security_solution_endpoint_api_int/apis/fixtures/package_registry_config.yml
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/fixtures/package_registry_config.yml
@@ -1,2 +1,4 @@
 package_paths:
   - /packages/production
+  - /packages/staging
+  - /packages/snapshot
diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/index.ts b/x-pack/test/security_solution_endpoint_api_int/apis/index.ts
index 56adc2382e2340..b1317c2d9f1c14 100644
--- a/x-pack/test/security_solution_endpoint_api_int/apis/index.ts
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/index.ts
@@ -31,5 +31,6 @@ export default function endpointAPIIntegrationTests(providerContext: FtrProvider
     loadTestFile(require.resolve('./metadata'));
     loadTestFile(require.resolve('./policy'));
     loadTestFile(require.resolve('./artifacts'));
+    loadTestFile(require.resolve('./package'));
   });
 }
diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/package.ts b/x-pack/test/security_solution_endpoint_api_int/apis/package.ts
new file mode 100644
index 00000000000000..3b5873d1fe0cd6
--- /dev/null
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/package.ts
@@ -0,0 +1,140 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import expect from '@kbn/expect';
+import { SearchResponse } from 'elasticsearch';
+import { eventsIndexPattern } from '../../../plugins/security_solution/common/endpoint/constants';
+import {
+  EndpointDocGenerator,
+  Event,
+} from '../../../plugins/security_solution/common/endpoint/generate_data';
+import { FtrProviderContext } from '../ftr_provider_context';
+import { InsertedEvents, processEventsIndex } from '../services/resolver';
+
+interface EventIngested {
+  event: {
+    ingested: number;
+  };
+}
+
+interface NetworkEvent {
+  source: {
+    geo?: {
+      country_name: string;
+    };
+  };
+  destination: {
+    geo?: {
+      country_name: string;
+    };
+  };
+}
+
+const networkIndex = 'logs-endpoint.events.network-default';
+
+export default function ({ getService }: FtrProviderContext) {
+  const resolver = getService('resolverGenerator');
+  const es = getService('es');
+  const generator = new EndpointDocGenerator('data');
+
+  const searchForID = async <T>(id: string) => {
+    return es.search<SearchResponse<T>>({
+      index: eventsIndexPattern,
+      body: {
+        query: {
+          bool: {
+            filter: [
+              {
+                ids: {
+                  values: id,
+                },
+              },
+            ],
+          },
+        },
+      },
+    });
+  };
+
+  describe('Endpoint package', () => {
+    describe('ingested processor', () => {
+      let event: Event;
+      let genData: InsertedEvents;
+
+      before(async () => {
+        event = generator.generateEvent();
+        genData = await resolver.insertEvents([event]);
+      });
+
+      after(async () => {
+        await resolver.deleteData(genData);
+      });
+
+      it('sets the event.ingested field', async () => {
+        const resp = await searchForID<EventIngested>(genData.eventsInfo[0]._id);
+        expect(resp.body.hits.hits[0]._source.event.ingested).to.not.be(undefined);
+      });
+    });
+
+    describe('geoip processor', () => {
+      let processIndexData: InsertedEvents;
+      let networkIndexData: InsertedEvents;
+
+      before(async () => {
+        // 46.239.193.5 should be in Iceland
+        // 8.8.8.8 should be in the US
+        const eventWithBothIPs = generator.generateEvent({
+          extensions: { source: { ip: '8.8.8.8' }, destination: { ip: '46.239.193.5' } },
+        });
+
+        const eventWithSourceOnly = generator.generateEvent({
+          extensions: { source: { ip: '8.8.8.8' } },
+        });
+        networkIndexData = await resolver.insertEvents(
+          [eventWithBothIPs, eventWithSourceOnly],
+          networkIndex
+        );
+
+        processIndexData = await resolver.insertEvents([eventWithBothIPs], processEventsIndex);
+      });
+
+      after(async () => {
+        await resolver.deleteData(networkIndexData);
+        await resolver.deleteData(processIndexData);
+      });
+
+      it('sets the geoip fields', async () => {
+        const eventWithBothIPs = await searchForID<NetworkEvent>(
+          networkIndexData.eventsInfo[0]._id
+        );
+        // Should be 'United States'
+        expect(eventWithBothIPs.body.hits.hits[0]._source.source.geo?.country_name).to.not.be(
+          undefined
+        );
+        // should be 'Iceland'
+        expect(eventWithBothIPs.body.hits.hits[0]._source.destination.geo?.country_name).to.not.be(
+          undefined
+        );
+
+        const eventWithSourceOnly = await searchForID<NetworkEvent>(
+          networkIndexData.eventsInfo[1]._id
+        );
+        // Should be 'United States'
+        expect(eventWithBothIPs.body.hits.hits[0]._source.source.geo?.country_name).to.not.be(
+          undefined
+        );
+        expect(eventWithSourceOnly.body.hits.hits[0]._source.destination?.geo).to.be(undefined);
+      });
+
+      it('does not set geoip fields for events in indices other than the network index', async () => {
+        const eventWithBothIPs = await searchForID<NetworkEvent>(
+          processIndexData.eventsInfo[0]._id
+        );
+        expect(eventWithBothIPs.body.hits.hits[0]._source.source.geo).to.be(undefined);
+        expect(eventWithBothIPs.body.hits.hits[0]._source.destination.geo).to.be(undefined);
+      });
+    });
+  });
+}
diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
index 4f2a8013772043..231871fae3d39a 100644
--- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
@@ -4,7 +4,6 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 import expect from '@kbn/expect';
-import { SearchResponse } from 'elasticsearch';
 import { eventsIndexPattern } from '../../../../plugins/security_solution/common/endpoint/constants';
 import {
   ResolverTree,
@@ -20,7 +19,6 @@ import { InsertedEvents } from '../../services/resolver';
 export default function resolverAPIIntegrationTests({ getService }: FtrProviderContext) {
   const supertest = getService('supertest');
   const resolver = getService('resolverGenerator');
-  const es = getService('es');
   const generator = new EndpointDocGenerator('resolver');
 
   describe('Resolver handling of entity ids', () => {
@@ -38,26 +36,10 @@ export default function resolverAPIIntegrationTests({ getService }: FtrProviderC
       });
 
       it('excludes events that have an empty entity_id field', async () => {
-        // first lets get the _id of the document using the parent.process.entity_id
-        // then we'll use the API to search for that specific document
-        const res = await es.search<SearchResponse<Event>>({
-          index: genData.indices[0],
-          body: {
-            query: {
-              bool: {
-                filter: [
-                  {
-                    term: { 'process.parent.entity_id': origin.process.parent!.entity_id },
-                  },
-                ],
-              },
-            },
-          },
-        });
         const { body }: { body: ResolverEntityIndex } = await supertest.get(
           // using the same indices value here twice to force the query parameter to be an array
           // for some reason using supertest's query() function doesn't construct a parsable array
-          `/api/endpoint/resolver/entity?_id=${res.body.hits.hits[0]._id}&indices=${eventsIndexPattern}&indices=${eventsIndexPattern}`
+          `/api/endpoint/resolver/entity?_id=${genData.eventsInfo[0]._id}&indices=${eventsIndexPattern}&indices=${eventsIndexPattern}`
         );
         expect(body).to.be.empty();
       });
diff --git a/x-pack/test/security_solution_endpoint_api_int/services/resolver.ts b/x-pack/test/security_solution_endpoint_api_int/services/resolver.ts
index 335689b804d5ba..7e4d4177affac2 100644
--- a/x-pack/test/security_solution_endpoint_api_int/services/resolver.ts
+++ b/x-pack/test/security_solution_endpoint_api_int/services/resolver.ts
@@ -11,7 +11,7 @@ import {
 } from '../../../plugins/security_solution/common/endpoint/generate_data';
 import { FtrProviderContext } from '../ftr_provider_context';
 
-const processIndex = 'logs-endpoint.events.process-default';
+export const processEventsIndex = 'logs-endpoint.events.process-default';
 
 /**
  * Options for build a resolver tree
@@ -36,7 +36,7 @@ export interface GeneratedTrees {
  * Structure containing the events inserted into ES and the index they live in
  */
 export interface InsertedEvents {
-  events: Event[];
+  eventsInfo: Array<{ _id: string; event: Event }>;
   indices: string[];
 }
 
@@ -46,24 +46,37 @@ interface BulkCreateHeader {
   };
 }
 
+interface BulkResponse {
+  items: Array<{
+    create: {
+      _id: string;
+    };
+  }>;
+}
+
 export function ResolverGeneratorProvider({ getService }: FtrProviderContext) {
   const client = getService('es');
 
   return {
     async insertEvents(
       events: Event[],
-      eventsIndex: string = processIndex
+      eventsIndex: string = processEventsIndex
     ): Promise<InsertedEvents> {
       const body = events.reduce((array: Array<BulkCreateHeader | Event>, doc) => {
         array.push({ create: { _index: eventsIndex } }, doc);
         return array;
       }, []);
-      await client.bulk({ body, refresh: true });
-      return { events, indices: [eventsIndex] };
+      const bulkResp = await client.bulk<BulkResponse>({ body, refresh: true });
+
+      const eventsInfo = events.map((event: Event, i: number) => {
+        return { event, _id: bulkResp.body.items[i].create._id };
+      });
+
+      return { eventsInfo, indices: [eventsIndex] };
     },
     async createTrees(
       options: Options,
-      eventsIndex: string = processIndex,
+      eventsIndex: string = processEventsIndex,
       alertsIndex: string = 'logs-endpoint.alerts-default'
     ): Promise<GeneratedTrees> {
       const seed = options.seed || 'resolver-seed';

From c21474b4ce029b820072b53f3908075404bccbde Mon Sep 17 00:00:00 2001
From: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
Date: Thu, 30 Jul 2020 14:51:35 -0400
Subject: [PATCH 11/11] [Security Solution][Detections] Change from sha1 to
 sha256 (#73741)

---
 .../exceptions/add_exception_modal/index.tsx  |  3 +-
 .../exceptions/edit_exception_modal/index.tsx |  3 +-
 .../exceptions/exceptionable_fields.json      | 26 +++--------
 .../components/exceptions/helpers.test.tsx    | 45 +++++++++++++++++++
 .../common/components/exceptions/helpers.tsx  | 36 +++++++++++++--
 .../alerts_table/default_config.tsx           |  2 +-
 6 files changed, 88 insertions(+), 27 deletions(-)

diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx
index bb547f05090b7e..e6eaa4947e4040 100644
--- a/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/exceptions/add_exception_modal/index.tsx
@@ -40,6 +40,7 @@ import { AddExceptionComments } from '../add_exception_comments';
 import {
   enrichNewExceptionItemsWithComments,
   enrichExceptionItemsWithOS,
+  lowercaseHashValues,
   defaultEndpointExceptionItems,
   entryHasListType,
   entryHasNonEcsType,
@@ -256,7 +257,7 @@ export const AddExceptionModal = memo(function AddExceptionModal({
         : exceptionItemsToAdd;
     if (exceptionListType === 'endpoint') {
       const osTypes = retrieveAlertOsTypes();
-      enriched = enrichExceptionItemsWithOS(enriched, osTypes);
+      enriched = lowercaseHashValues(enrichExceptionItemsWithOS(enriched, osTypes));
     }
     return enriched;
   }, [comment, exceptionItemsToAdd, exceptionListType, retrieveAlertOsTypes]);
diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/edit_exception_modal/index.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/edit_exception_modal/index.tsx
index 341d2f2bab37a5..6109b85f2da5a8 100644
--- a/x-pack/plugins/security_solution/public/common/components/exceptions/edit_exception_modal/index.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/exceptions/edit_exception_modal/index.tsx
@@ -40,6 +40,7 @@ import {
   getOperatingSystems,
   entryHasListType,
   entryHasNonEcsType,
+  lowercaseHashValues,
 } from '../helpers';
 import { Loader } from '../../loader';
 
@@ -195,7 +196,7 @@ export const EditExceptionModal = memo(function EditExceptionModal({
     ];
     if (exceptionListType === 'endpoint') {
       const osTypes = exceptionItem._tags ? getOperatingSystems(exceptionItem._tags) : [];
-      enriched = enrichExceptionItemsWithOS(enriched, osTypes);
+      enriched = lowercaseHashValues(enrichExceptionItemsWithOS(enriched, osTypes));
     }
     return enriched;
   }, [exceptionItemsToAdd, exceptionItem, comment, exceptionListType]);
diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.json b/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.json
index fdf0ea60ecf6a8..037e340ee7fa2c 100644
--- a/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.json
+++ b/x-pack/plugins/security_solution/public/common/components/exceptions/exceptionable_fields.json
@@ -6,32 +6,25 @@
   "Target.process.Ext.code_signature.valid",
   "Target.process.Ext.services",
   "Target.process.Ext.user",
-  "Target.process.command_line",
   "Target.process.command_line.text",
-  "Target.process.executable",
   "Target.process.executable.text",
   "Target.process.hash.md5",
   "Target.process.hash.sha1",
   "Target.process.hash.sha256",
   "Target.process.hash.sha512",
-  "Target.process.name",
   "Target.process.name.text",
   "Target.process.parent.Ext.code_signature.status",
   "Target.process.parent.Ext.code_signature.subject_name",
   "Target.process.parent.Ext.code_signature.trusted",
   "Target.process.parent.Ext.code_signature.valid",
-  "Target.process.parent.command_line",
   "Target.process.parent.command_line.text",
-  "Target.process.parent.executable",
   "Target.process.parent.executable.text",
   "Target.process.parent.hash.md5",
   "Target.process.parent.hash.sha1",
   "Target.process.parent.hash.sha256",
   "Target.process.parent.hash.sha512",
-  "Target.process.parent.name",
   "Target.process.parent.name.text",
   "Target.process.parent.pgid",
-  "Target.process.parent.working_directory",
   "Target.process.parent.working_directory.text",
   "Target.process.pe.company",
   "Target.process.pe.description",
@@ -39,7 +32,6 @@
   "Target.process.pe.original_file_name",
   "Target.process.pe.product",
   "Target.process.pgid",
-  "Target.process.working_directory",
   "Target.process.working_directory.text",
   "agent.id",
   "agent.type",
@@ -74,7 +66,6 @@
   "file.mode",
   "file.name",
   "file.owner",
-  "file.path",
   "file.path.text",
   "file.pe.company",
   "file.pe.description",
@@ -82,7 +73,6 @@
   "file.pe.original_file_name",
   "file.pe.product",
   "file.size",
-  "file.target_path",
   "file.target_path.text",
   "file.type",
   "file.uid",
@@ -94,10 +84,8 @@
   "host.id",
   "host.os.Ext.variant",
   "host.os.family",
-  "host.os.full",
   "host.os.full.text",
   "host.os.kernel",
-  "host.os.name",
   "host.os.name.text",
   "host.os.platform",
   "host.os.version",
@@ -108,32 +96,25 @@
   "process.Ext.code_signature.valid",
   "process.Ext.services",
   "process.Ext.user",
-  "process.command_line",
   "process.command_line.text",
-  "process.executable",
   "process.executable.text",
   "process.hash.md5",
   "process.hash.sha1",
   "process.hash.sha256",
   "process.hash.sha512",
-  "process.name",
   "process.name.text",
   "process.parent.Ext.code_signature.status",
   "process.parent.Ext.code_signature.subject_name",
   "process.parent.Ext.code_signature.trusted",
   "process.parent.Ext.code_signature.valid",
-  "process.parent.command_line",
   "process.parent.command_line.text",
-  "process.parent.executable",
   "process.parent.executable.text",
   "process.parent.hash.md5",
   "process.parent.hash.sha1",
   "process.parent.hash.sha256",
   "process.parent.hash.sha512",
-  "process.parent.name",
   "process.parent.name.text",
   "process.parent.pgid",
-  "process.parent.working_directory",
   "process.parent.working_directory.text",
   "process.pe.company",
   "process.pe.description",
@@ -141,7 +122,10 @@
   "process.pe.original_file_name",
   "process.pe.product",
   "process.pgid",
-  "process.working_directory",
   "process.working_directory.text",
-  "rule.uuid"
+  "rule.uuid",
+  "user.domain",
+  "user.email",
+  "user.hash",
+  "user.id"
 ]
\ No newline at end of file
diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx
index 5cb65ee6db8ffc..18b509d16b352c 100644
--- a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.test.tsx
@@ -24,6 +24,7 @@ import {
   entryHasListType,
   entryHasNonEcsType,
   prepareExceptionItemsForBulkClose,
+  lowercaseHashValues,
 } from './helpers';
 import { EmptyEntry } from './types';
 import {
@@ -663,4 +664,48 @@ describe('Exception helpers', () => {
       expect(result).toEqual(expected);
     });
   });
+
+  describe('#lowercaseHashValues', () => {
+    test('it should return an empty array with an empty array', () => {
+      const payload: ExceptionListItemSchema[] = [];
+      const result = lowercaseHashValues(payload);
+      expect(result).toEqual([]);
+    });
+
+    test('it should return all list items with entry hashes lowercased', () => {
+      const payload = [
+        {
+          ...getExceptionListItemSchemaMock(),
+          entries: [{ field: 'user.hash', type: 'match', value: 'DDDFFF' }] as EntriesArray,
+        },
+        {
+          ...getExceptionListItemSchemaMock(),
+          entries: [{ field: 'user.hash', type: 'match', value: 'aaabbb' }] as EntriesArray,
+        },
+        {
+          ...getExceptionListItemSchemaMock(),
+          entries: [
+            { field: 'user.hash', type: 'match_any', value: ['aaabbb', 'DDDFFF'] },
+          ] as EntriesArray,
+        },
+      ];
+      const result = lowercaseHashValues(payload);
+      expect(result).toEqual([
+        {
+          ...getExceptionListItemSchemaMock(),
+          entries: [{ field: 'user.hash', type: 'match', value: 'dddfff' }] as EntriesArray,
+        },
+        {
+          ...getExceptionListItemSchemaMock(),
+          entries: [{ field: 'user.hash', type: 'match', value: 'aaabbb' }] as EntriesArray,
+        },
+        {
+          ...getExceptionListItemSchemaMock(),
+          entries: [
+            { field: 'user.hash', type: 'match_any', value: ['aaabbb', 'dddfff'] },
+          ] as EntriesArray,
+        },
+      ]);
+    });
+  });
 });
diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx
index 3abb788312ff43..2b526ede12acfd 100644
--- a/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/exceptions/helpers.tsx
@@ -335,6 +335,36 @@ export const enrichExceptionItemsWithOS = (
   });
 };
 
+/**
+ * Returns given exceptionItems with all hash-related entries lowercased
+ */
+export const lowercaseHashValues = (
+  exceptionItems: Array<ExceptionListItemSchema | CreateExceptionListItemSchema>
+): Array<ExceptionListItemSchema | CreateExceptionListItemSchema> => {
+  return exceptionItems.map((item) => {
+    const newEntries = item.entries.map((itemEntry) => {
+      if (itemEntry.field.includes('.hash')) {
+        if (itemEntry.type === 'match') {
+          return {
+            ...itemEntry,
+            value: itemEntry.value.toLowerCase(),
+          };
+        } else if (itemEntry.type === 'match_any') {
+          return {
+            ...itemEntry,
+            value: itemEntry.value.map((val) => val.toLowerCase()),
+          };
+        }
+      }
+      return itemEntry;
+    });
+    return {
+      ...item,
+      entries: newEntries,
+    };
+  });
+};
+
 /**
  * Returns the value for the given fieldname within TimelineNonEcsData if it exists
  */
@@ -413,7 +443,7 @@ export const defaultEndpointExceptionItems = (
     data: alertData,
     fieldName: 'file.Ext.code_signature.trusted',
   });
-  const [sha1Hash] = getMappedNonEcsValue({ data: alertData, fieldName: 'file.hash.sha1' });
+  const [sha256Hash] = getMappedNonEcsValue({ data: alertData, fieldName: 'file.hash.sha256' });
   const [eventCode] = getMappedNonEcsValue({ data: alertData, fieldName: 'event.code' });
   const namespaceType = 'agnostic';
 
@@ -446,10 +476,10 @@ export const defaultEndpointExceptionItems = (
           value: filePath ?? '',
         },
         {
-          field: 'file.hash.sha1',
+          field: 'file.hash.sha256',
           operator: 'included',
           type: 'match',
-          value: sha1Hash ?? '',
+          value: sha256Hash ?? '',
         },
         {
           field: 'event.code',
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
index 010129d2d45933..f38a9107afca98 100644
--- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/default_config.tsx
@@ -202,7 +202,7 @@ export const requiredFieldsForActions = [
   'file.path',
   'file.Ext.code_signature.subject_name',
   'file.Ext.code_signature.trusted',
-  'file.hash.sha1',
+  'file.hash.sha256',
   'host.os.family',
   'event.code',
 ];